k8s 升级（k8s 升级策略）

大家好，我是讯享网，很高兴认识大家。

讯享网

作者：liugp

来源：https://u.kubeinfo.cn/9Da2ym

一、前言

二、基础环境部署

1）前期准备（所有节点）
2）安装容器 docker（所有节点）
3）配置 k8s yum 源（所有节点）
4）将 sandbox_image 镜像源设置为阿里云 google_containers 镜像源（所有节点）
5）配置 containerd cgroup 驱动程序 systemd（所有节点）
6）开始安装 kubeadm，kubelet 和 kubectl（master 节点）
7）使用 kubeadm 初始化集群（master 节点）
8）安装 Pod 网络插件（CNI：Container Network Interface）(master)
9）node 节点加入 k8s 集群
10）配置 IPVS
11）集群高可用配置
12）部署 Nginx+Keepalived 高可用负载均衡器

三、k8s 管理平台 dashboard 环境部署

1）dashboard 部署
2）创建登录用户
3）配置 hosts 登录 dashboard web

四、k8s 镜像仓库 harbor 环境部署

1）安装 helm
2）配置 hosts
3）创建 stl 证书
4）安装 ingress
5）安装 nfs
6）创建 nfs provisioner 和持久化存储 SC
7）部署 Harbor（Https 方式）

1）前期准备（所有节点）

1、修改主机名和配置 hosts

先部署 1master 和 2node 节点，后面再加一个 master 节点

#&nbsp;在192.168.0.113执行
hostnamectl&nbsp;set-hostname&nbsp;&nbsp;k8s-master-168-0-113
#&nbsp;在192.168.0.114执行
hostnamectl&nbsp;set-hostname&nbsp;k8s-node1-168-0-114
#&nbsp;在192.168.0.115执行
hostnamectl&nbsp;set-hostname&nbsp;k8s-node2-168-0-115

讯享网

配置 hosts

讯享网cat&nbsp;&gt;&gt;&nbsp;/etc/hosts&lt;&lt;EOF
192.168.0.113&nbsp;k8s-master-168-0-113
192.168.0.114&nbsp;k8s-node1-168-0-114
192.168.0.115&nbsp;k8s-node2-168-0-115
EOF

2、配置 ssh 互信

#&nbsp;直接一直回车就行
ssh-keygen

ssh-copy-id&nbsp;-i&nbsp;/.ssh/id_rsa.pub&nbsp;root@k8s-master-168-0-113
ssh-copy-id&nbsp;-i&nbsp;/.ssh/id_rsa.pub&nbsp;root@k8s-node1-168-0-114
ssh-copy-id&nbsp;-i&nbsp;/.ssh/id_rsa.pub&nbsp;root@k8s-node2-168-0-115

3、时间同步

讯享网yum&nbsp;install&nbsp;chrony&nbsp;-y
systemctl&nbsp;start&nbsp;chronyd
systemctl&nbsp;enable&nbsp;chronyd
chronyc&nbsp;sources

4、关闭防火墙

systemctl&nbsp;stop&nbsp;firewalld
systemctl&nbsp;disable&nbsp;firewalld

5、关闭 swap

讯享网#&nbsp;临时关闭；关闭swap主要是为了性能考虑
swapoff&nbsp;-a
#&nbsp;可以通过这个命令查看swap是否关闭了
free
#&nbsp;永久关闭
sed&nbsp;-ri&nbsp;’s/.swap./#&/’&nbsp;/etc/fstab

6、禁用 SELinux

#&nbsp;临时关闭
setenforce&nbsp;0
#&nbsp;永久禁用
sed&nbsp;-i&nbsp;’s/^SELINUX=enforcing$/SELINUX=disabled/’&nbsp;/etc/selinux/config

7、允许 iptables 检查桥接流量（可选，所有节点）

若要显式加载此模块，请运行 sudo modprobe br_netfilter，通过运行 lsmod | grep br_netfilter 来验证 br_netfilter 模块是否已加载。

讯享网sudo&nbsp;modprobe&nbsp;br_netfilter
lsmod&nbsp;|&nbsp;grep&nbsp;br_netfilter

为了让 Linux 节点的 iptables 能够正确查看桥接流量，请确认 sysctl 配置中的 net.bridge.bridge-nf-call-iptables 设置为 1。例如：

cat&nbsp;&lt;&lt;EOF&nbsp;|&nbsp;sudo&nbsp;tee&nbsp;/etc/modules-load.d/k8s.conf
overlay
br_netfilter
EOF

sudo&nbsp;modprobe&nbsp;overlay
sudo&nbsp;modprobe&nbsp;br_netfilter

#&nbsp;设置所需的&nbsp;sysctl&nbsp;参数，参数在重新启动后保持不变
cat&nbsp;&lt;&lt;EOF&nbsp;|&nbsp;sudo&nbsp;tee&nbsp;/etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables&nbsp;&nbsp;=&nbsp;1
net.bridge.bridge-nf-call-ip6tables&nbsp;=&nbsp;1
net.ipv4.ip_forward&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=&nbsp;1
EOF

#&nbsp;应用&nbsp;sysctl&nbsp;参数而不重新启动
sudo&nbsp;sysctl&nbsp;–system

2）安装容器 docker（所有节点）

提示：v1.24 之前的 Kubernetes 版本包括与 Docker Engine 的直接集成，使用名为 dockershim 的组件。这种特殊的直接整合不再是 Kubernetes 的一部分（这次删除被作为 v1.20 发行版本的一部分宣布）。你可以阅读检查 Dockershim 弃用是否会影响你以了解此删除可能会如何影响你。要了解如何使用 dockershim 进行迁移，请参阅从 dockershim 迁移。

讯享网#&nbsp;配置yum源
cd&nbsp;/etc/yum.repos.d&nbsp;;&nbsp;mkdir&nbsp;bak;&nbsp;mv&nbsp;CentOS-Linux-*&nbsp;bak/
#&nbsp;centos7
wget&nbsp;-O&nbsp;/etc/yum.repos.d/CentOS-Base.repo&nbsp;http://mirrors.aliyun.com/repo/Centos-7.repo
#&nbsp;centos8
wget&nbsp;-O&nbsp;/etc/yum.repos.d/CentOS-Base.repo&nbsp;http://mirrors.aliyun.com/repo/Centos-8.repo

#&nbsp;安装yum-config-manager配置工具
yum&nbsp;-y&nbsp;install&nbsp;yum-utils
#&nbsp;设置yum源
yum-config-manager&nbsp;–add-repo&nbsp;http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
#&nbsp;安装docker-ce版本
yum&nbsp;install&nbsp;-y&nbsp;docker-ce
#&nbsp;启动
systemctl&nbsp;start&nbsp;docker
#&nbsp;开机自启
systemctl&nbsp;enable&nbsp;docker
#&nbsp;查看版本号
docker&nbsp;–version
#&nbsp;查看版本具体信息
docker&nbsp;version

#&nbsp;Docker镜像源设置
#&nbsp;修改文件&nbsp;/etc/docker/daemon.json，没有这个文件就创建
#&nbsp;添加以下内容后，重启docker服务：
cat&nbsp;&gt;/etc/docker/daemon.json&lt;&lt;EOF
{
&nbsp;&nbsp;&nbsp;“registry-mirrors”:&nbsp;[“http://hub-mirror.c.163.com”]
}
EOF
#&nbsp;加载
systemctl&nbsp;reload&nbsp;docker

#&nbsp;查看
systemctl&nbsp;status&nbsp;docker&nbsp;containerd

【温馨提示】dockerd 实际真实调用的还是 containerd 的 api 接口，containerd 是 dockerd 和 runC 之间的一个中间交流组件。所以启动 docker 服务的时候，也会启动 containerd 服务的。

3）配置 k8s yum 源（所有节点）

cat&nbsp;&gt;&nbsp;/etc/yum.repos.d/kubernetes.repo&nbsp;&lt;&lt;&nbsp;EOF
[k8s]
name=k8s
enabled=1
gpgcheck=0
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
EOF

4）将 sandbox_image 镜像源设置为阿里云 google_containers 镜像源（所有节点）

讯享网#&nbsp;导出默认配置，config.toml这个文件默认是不存在的
containerd&nbsp;config&nbsp;default&nbsp;&gt;&nbsp;/etc/containerd/config.toml
grep&nbsp;sandbox_image&nbsp;&nbsp;/etc/containerd/config.toml
sed&nbsp;-i&nbsp;“s#k8s.gcr.io/pause#registry.aliyuncs.com/google_containers/pause#g”&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;/etc/containerd/config.toml
grep&nbsp;sandbox_image&nbsp;&nbsp;/etc/containerd/config.toml

5）配置 containerd cgroup 驱动程序 systemd（所有节点）

kubernets 自ｖ 1.24.0 后，就不再使用 docker.shim，替换采用 containerd 作为容器运行时端点。因此需要安装 containerd（在 docker 的基础下安装），上面安装 docker 的时候就自动安装了 containerd 了。这里的 docker 只是作为客户端而已。容器引擎还是 containerd。

sed&nbsp;-i&nbsp;’s#SystemdCgroup&nbsp;=&nbsp;false#SystemdCgroup&nbsp;=&nbsp;true#g’&nbsp;/etc/containerd/config.toml
#&nbsp;应用所有更改后,重新启动containerd
systemctl&nbsp;restart&nbsp;containerd

6）开始安装 kubeadm，kubelet 和 kubectl（master 节点）

讯享网#&nbsp;不指定版本就是最新版本，当前最新版就是1.24.1
yum&nbsp;install&nbsp;-y&nbsp;kubelet-1.24.1&nbsp;&nbsp;kubeadm-1.24.1&nbsp;&nbsp;kubectl-1.24.1&nbsp;–disableexcludes=kubernetes
# disableexcludes=kubernetes：禁掉除了这个kubernetes之外的别的仓库
#&nbsp;设置为开机自启并现在立刻启动服务&nbsp;–now：立刻启动服务
systemctl&nbsp;enable&nbsp;–now&nbsp;kubelet

#&nbsp;查看状态，这里需要等待一段时间再查看服务状态，启动会有点慢
systemctl&nbsp;status&nbsp;kubelet

查看日志，发现有报错，报错如下：

kubelet.service: Main process exited, code=exited, status=1/FAILURE kubelet.service: Failed with result ‘exit-code’.

【解释】重新安装（或第一次安装）k8s，未经过 kubeadm init 或者 kubeadm join 后，kubelet 会不断重启，这个是正常现象……，执行 init 或 join 后问题会自动解决，对此官网有如下描述，也就是此时不用理会 kubelet.service。

查看版本

kubectl&nbsp;version
yum&nbsp;info&nbsp;kubeadm

7）使用 kubeadm 初始化集群（master 节点）

最好提前把镜像下载好，这样安装快

讯享网docker&nbsp;pull&nbsp;registry.aliyuncs.com/google_containers/kube-apiserver:v1.24.1
docker&nbsp;pull&nbsp;registry.aliyuncs.com/google_containers/kube-controller-manager:v1.24.1
docker&nbsp;pull&nbsp;registry.aliyuncs.com/google_containers/kube-scheduler:v1.24.1
docker&nbsp;pull&nbsp;registry.aliyuncs.com/google_containers/kube-proxy:v1.24.1
docker&nbsp;pull&nbsp;registry.aliyuncs.com/google_containers/pause:3.7
docker&nbsp;pull&nbsp;registry.aliyuncs.com/google_containers/etcd:3.5.3-0
docker&nbsp;pull&nbsp;registry.aliyuncs.com/google_containers/coredns:v1.8.6

集群初始化

kubeadm&nbsp;init&nbsp;<br />&nbsp;&nbsp;–apiserver-advertise-address=192.168.0.113&nbsp;</span>
&nbsp;&nbsp;–image-repository&nbsp;registry.aliyuncs.com/google_containers&nbsp;</span>
&nbsp;&nbsp;–control-plane-endpoint=cluster-endpoint&nbsp;</span>
&nbsp;&nbsp;–kubernetes-version&nbsp;v1.24.1&nbsp;</span>
&nbsp;&nbsp;–service-cidr=10.1.0.0/16&nbsp;</span>
&nbsp;&nbsp;–pod-network-cidr=10.244.0.0/16&nbsp;</span>
&nbsp;&nbsp;–v=5
#&nbsp;–image-repository string：&nbsp;&nbsp;&nbsp;&nbsp;这个用于指定从什么位置来拉取镜像（1.13版本才有的），默认值是k8s.gcr.io，我们将其指定为国内镜像地址：registry.aliyuncs.com/google_containers
#&nbsp;–kubernetes-version string：&nbsp;&nbsp;指定kubenets版本号，默认值是stable-1，会导致从https://dl.k8s.io/release/stable-1.txt下载最新的版本号，我们可以将其指定为固定版本（v1.22.1）来跳过网络请求。
#&nbsp;–apiserver-advertise-address &nbsp;指明用 Master 的哪个 interface 与 Cluster 的其他节点通信。如果 Master 有多个 interface，建议明确指定，如果不指定，kubeadm 会自动选择有默认网关的 interface。这里的ip为master节点ip，记得更换。
#&nbsp;–pod-network-cidr &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;指定 Pod 网络的范围。Kubernetes 支持多种网络方案，而且不同网络方案对&nbsp;&nbsp;–pod-network-cidr有自己的要求，这里设置为10.244.0.0/16 是因为我们将使用 flannel 网络方案，必须设置成这个 CIDR。
#&nbsp;–control-plane-endpoint &nbsp;&nbsp;&nbsp; cluster-endpoint 是映射到该 IP 的自定义 DNS 名称，这里配置hosts映射：192.168.0.113 &nbsp; cluster-endpoint。&nbsp;这将允许你将&nbsp;–control-plane-endpoint=cluster-endpoint 传递给 kubeadm init，并将相同的 DNS 名称传递给 kubeadm join。&nbsp;稍后你可以修改 cluster-endpoint 以指向高可用性方案中的负载均衡器的地址。

【温馨提示】kubeadm 不支持将没有 –control-plane-endpoint 参数的单个控制平面集群转换为高可用性集群。

重置再初始化

讯享网kubeadm&nbsp;reset
rm&nbsp;-fr&nbsp;/.kube/&nbsp;&nbsp;/etc/kubernetes/&nbsp;var/lib/etcd/
kubeadm&nbsp;init&nbsp;<br />&nbsp;&nbsp;–apiserver-advertise-address=192.168.0.113&nbsp;&nbsp;</span>
&nbsp;&nbsp;–image-repository&nbsp;registry.aliyuncs.com/google_containers&nbsp;</span>
&nbsp;&nbsp;–control-plane-endpoint=cluster-endpoint&nbsp;</span>
&nbsp;&nbsp;–kubernetes-version&nbsp;v1.24.1&nbsp;</span>
&nbsp;&nbsp;–service-cidr=10.1.0.0/16&nbsp;</span>
&nbsp;&nbsp;–pod-network-cidr=10.244.0.0/16&nbsp;</span>
&nbsp;&nbsp;–v=5
#&nbsp;–image-repository&nbsp;string：&nbsp;&nbsp;&nbsp;&nbsp;这个用于指定从什么位置来拉取镜像（1.13版本才有的），默认值是k8s.gcr.io，我们将其指定为国内镜像地址：registry.aliyuncs.com/google_containers
#&nbsp;–kubernetes-version&nbsp;string：&nbsp;&nbsp;指定kubenets版本号，默认值是stable-1，会导致从https://dl.k8s.io/release/stable-1.txt下载最新的版本号，我们可以将其指定为固定版本（v1.22.1）来跳过网络请求。
#&nbsp;–apiserver-advertise-address &nbsp;指明用 Master 的哪个 interface 与 Cluster 的其他节点通信。如果 Master 有多个 interface，建议明确指定，如果不指定，kubeadm 会自动选择有默认网关的 interface。这里的ip为master节点ip，记得更换。
#&nbsp;–pod-network-cidr &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;指定 Pod 网络的范围。Kubernetes 支持多种网络方案，而且不同网络方案对&nbsp;&nbsp;–pod-network-cidr有自己的要求，这里设置为10.244.0.0/16&nbsp;是因为我们将使用 flannel 网络方案，必须设置成这个 CIDR。
#&nbsp;–control-plane-endpoint &nbsp;&nbsp;&nbsp; cluster-endpoint 是映射到该 IP 的自定义 DNS 名称，这里配置hosts映射：192.168.0.113 &nbsp; cluster-endpoint。&nbsp;这将允许你将&nbsp;–control-plane-endpoint=cluster-endpoint 传递给 kubeadm init，并将相同的 DNS 名称传递给 kubeadm join。&nbsp;稍后你可以修改 cluster-endpoint 以指向高可用性方案中的负载均衡器的地址。

配置环境变量

mkdir&nbsp;-p&nbsp;\(HOME</span>/.kube<br />sudo&nbsp;cp&nbsp;-i&nbsp;/etc/kubernetes/admin.conf&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(204, 102, 102);overflow-wrap: inherit !important;word-break: inherit !important;">\)HOME/.kube/config
sudo&nbsp;chown&nbsp;\((id&nbsp;-u):\)(id&nbsp;-g)&nbsp;\(HOME</span>/.kube/config<br /><br /><span style="font-size: inherit;line-height: inherit;color: rgb(150, 152, 150);overflow-wrap: inherit !important;word-break: inherit !important;">#&nbsp;临时生效（退出当前窗口重连环境变量失效）</span><br /><span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">export</span>&nbsp;KUBECONFIG=/etc/kubernetes/admin.conf<br /><span style="font-size: inherit;line-height: inherit;color: rgb(150, 152, 150);overflow-wrap: inherit !important;word-break: inherit !important;">#&nbsp;永久生效（推荐）</span><br /><span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">echo</span>&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(181, 189, 104);overflow-wrap: inherit !important;word-break: inherit !important;">"export&nbsp;KUBECONFIG=/etc/kubernetes/admin.conf"</span>&nbsp;&gt;&gt;&nbsp;~/.bash_profile<br /><span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">source</span>&nbsp;&nbsp;~/.bash_profile</code></pre></section><p><img src="https://mmbiz.qpic.cn/mmbiz_png/fEsWkVrSk548VEHHslAONpOdL84WRUIIgdDwUgQEw7kbqejV8WNiaic4tEa8w9ZHRDMDialNQtPxejiatNwrg65MRA/640?wx_fmt=png" class="rich_pages wxw-img" data-ratio="0.07022" data-src="https://mmbiz.qpic.cn/mmbiz_png/fEsWkVrSk548VEHHslAONpOdL84WRUIIgdDwUgQEw7kbqejV8WNiaic4tEa8w9ZHRDMDialNQtPxejiatNwrg65MRA/640?wx_fmt=png" data-type="png" data-w="1239" style="margin-right: auto;margin-bottom: 15px;margin-left: auto;outline: 0px;color: rgb(58, 58, 58);font-family: Optima-Regular, Optima, PingFangSC-light, PingFangTC-light, &#39;PingFang SC&#39;, Cambria, Cochin, Georgia, Times, &#39;Times New Roman&#39;, serif;font-size: 16px;text-align: left;white-space: normal;background-color: rgb(255, 255, 255);width: 656.992px;border-radius: 5px;display: block;box-sizing: border-box !important;visibility: visible !important;" /></p><section style="font-size: 16px;color: rgb(62, 62, 62);line-height: 1.6;letter-spacing: 0px;font-family: &#39;Helvetica Neue&#39;, Helvetica, &#39;Hiragino Sans GB&#39;, &#39;Microsoft YaHei&#39;, Arial, sans-serif;"><p style="font-size: inherit;color: inherit;line-height: inherit;margin-top: 1.5em;margin-bottom: 1.5em;">发现节点还是有问题，查看日志 /var/log/messages</p><blockquote style="line-height: inherit;padding: 15px 15px 15px 1rem;font-size: 0.9em;color: rgb(129, 145, 152);border-left-width: 6px;border-left-color: rgb(220, 230, 240);background: rgb(242, 247, 251);overflow: auto;overflow-wrap: normal;word-break: normal;"><p style="font-size: inherit;color: inherit;line-height: inherit;">"Container runtime network not ready" networkReady="NetworkReady=false reason:NetworkPluginNotReady message:Network plugin returns error: cni plugin not initialized"</p></blockquote></section><p><img src="https://mmbiz.qpic.cn/mmbiz_png/fEsWkVrSk548VEHHslAONpOdL84WRUIIjdeqMOvbnwt8ZPnG8l5icpWCkVjbO3OktLuI6ul7XhSFel1fW41Dqng/640?wx_fmt=png" class="rich_pages wxw-img" data-ratio="0.54578" data-src="https://mmbiz.qpic.cn/mmbiz_png/fEsWkVrSk548VEHHslAONpOdL84WRUIIjdeqMOvbnwt8ZPnG8l5icpWCkVjbO3OktLuI6ul7XhSFel1fW41Dqng/640?wx_fmt=png" data-type="png" data-w="1671" style="margin-right: auto;margin-bottom: 15px;margin-left: auto;outline: 0px;color: rgb(58, 58, 58);font-family: Optima-Regular, Optima, PingFangSC-light, PingFangTC-light, &#39;PingFang SC&#39;, Cambria, Cochin, Georgia, Times, &#39;Times New Roman&#39;, serif;font-size: 16px;text-align: left;white-space: normal;background-color: rgb(255, 255, 255);width: 656.992px;border-radius: 5px;display: block;box-sizing: border-box !important;visibility: visible !important;" /></p><section style="font-size: 16px;color: rgb(62, 62, 62);line-height: 1.6;letter-spacing: 0px;font-family: &#39;Helvetica Neue&#39;, Helvetica, &#39;Hiragino Sans GB&#39;, &#39;Microsoft YaHei&#39;, Arial, sans-serif;"><p style="font-size: inherit;color: inherit;line-height: inherit;margin-top: 1.5em;margin-bottom: 1.5em;">接下来就是安装 Pod 网络插件</p><h4 style="color: inherit;line-height: inherit;margin-top: 1.5em;margin-bottom: 1.5em;font-weight: bold;font-size: 1.2em;"><span style="font-size: inherit;color: inherit;line-height: inherit;">8）安装 Pod 网络插件（CNI：Container Network Interface）(master)</span></h4><p style="font-size: inherit;color: inherit;line-height: inherit;margin-top: 1.5em;margin-bottom: 1.5em;">你必须部署一个基于 Pod 网络插件的 容器网络接口 (CNI)，以便你的 Pod 可以相互通信。</p><pre style="font-size: inherit;color: inherit;line-height: inherit;"><code style="margin-right: 2px;margin-left: 2px;line-height: 18px;font-size: 14px;letter-spacing: 0px;font-family: Consolas, Inconsolata, Courier, monospace;border-radius: 0px;background: rgb(29, 31, 33);color: rgb(197, 200, 198);padding: 0.5em;overflow-wrap: normal !important;word-break: normal !important;overflow: auto !important;display: -webkit-box !important;"><span style="font-size: inherit;line-height: inherit;color: rgb(150, 152, 150);overflow-wrap: inherit !important;word-break: inherit !important;">#&nbsp;最好提前下载镜像（所有节点）</span><br />docker&nbsp;pull&nbsp;quay.io/coreos/<span style="font-size: inherit;line-height: inherit;color: rgb(181, 189, 104);overflow-wrap: inherit !important;word-break: inherit !important;">flannel:</span>v<span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">0</span>.<span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">14.0</span><br />kubectl&nbsp;apply&nbsp;-f&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(181, 189, 104);overflow-wrap: inherit !important;word-break: inherit !important;">https:</span>/<span style="font-size: inherit;line-height: inherit;color: rgb(204, 102, 102);overflow-wrap: inherit !important;word-break: inherit !important;">/raw.githubusercontent.com/coreos</span><span style="font-size: inherit;line-height: inherit;color: rgb(204, 102, 102);overflow-wrap: inherit !important;word-break: inherit !important;">/flannel/master</span><span style="font-size: inherit;line-height: inherit;color: rgb(204, 102, 102);overflow-wrap: inherit !important;word-break: inherit !important;">/Documentation/kube</span>-flannel.yml<br /></code></pre><p style="font-size: inherit;color: inherit;line-height: inherit;margin-top: 1.5em;margin-bottom: 1.5em;">如果上面安装失败，则下载我百度里的，离线安装</p><blockquote style="line-height: inherit;padding: 15px 15px 15px 1rem;font-size: 0.9em;color: rgb(129, 145, 152);border-left-width: 6px;border-left-color: rgb(220, 230, 240);background: rgb(242, 247, 251);overflow: auto;overflow-wrap: normal;word-break: normal;"><p style="font-size: inherit;color: inherit;line-height: inherit;">链接：https://pan.baidu.com/s/1HB9xuO3bssAW7v5HzpXkeQ<br />提取码：8888</p></blockquote><p style="font-size: inherit;color: inherit;line-height: inherit;margin-top: 1.5em;margin-bottom: 1.5em;">再查看 node 节点，就已经正常了</p></section><p><img src="https://mmbiz.qpic.cn/mmbiz_png/fEsWkVrSk548VEHHslAONpOdL84WRUIIwVoAccOK71cSBicePavwV0l9vDzickCvSvYEEzicOUMpNNKLiaIq3iaebQA/640?wx_fmt=png" class="rich_pages wxw-img" data-ratio="0." data-src="https://mmbiz.qpic.cn/mmbiz_png/fEsWkVrSk548VEHHslAONpOdL84WRUIIwVoAccOK71cSBicePavwV0l9vDzickCvSvYEEzicOUMpNNKLiaIq3iaebQA/640?wx_fmt=png" data-type="png" data-w="1080" /></p><section style="font-size: 16px;color: rgb(62, 62, 62);line-height: 1.6;letter-spacing: 0px;font-family: &#39;Helvetica Neue&#39;, Helvetica, &#39;Hiragino Sans GB&#39;, &#39;Microsoft YaHei&#39;, Arial, sans-serif;"><h4 style="color: inherit;line-height: inherit;margin-top: 1.5em;margin-bottom: 1.5em;font-weight: bold;font-size: 1.2em;"><span style="font-size: inherit;color: inherit;line-height: inherit;">9）node 节点加入 k8s 集群</span></h4><p style="font-size: inherit;color: inherit;line-height: inherit;margin-top: 1.5em;margin-bottom: 1.5em;">先安装 kubelet</p><pre style="font-size: inherit;color: inherit;line-height: inherit;"><code style="margin-right: 2px;margin-left: 2px;line-height: 18px;font-size: 14px;letter-spacing: 0px;font-family: Consolas, Inconsolata, Courier, monospace;border-radius: 0px;background: rgb(29, 31, 33);color: rgb(197, 200, 198);padding: 0.5em;overflow-wrap: normal !important;word-break: normal !important;overflow: auto !important;display: -webkit-box !important;">yum&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">install</span>&nbsp;-y&nbsp;kubelet&nbsp;kubeadm&nbsp;kubectl&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(150, 152, 150);overflow-wrap: inherit !important;word-break: inherit !important;">--disableexcludes=kubernetes</span><br /><span style="font-size: inherit;line-height: inherit;color: rgb(150, 152, 150);overflow-wrap: inherit !important;word-break: inherit !important;">#&nbsp;设置为开机自启并现在立刻启动服务&nbsp;--now：立刻启动服务</span><br />systemctl&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">enable</span>&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(150, 152, 150);overflow-wrap: inherit !important;word-break: inherit !important;">--now&nbsp;kubelet</span><br />systemctl&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">status</span>&nbsp;kubelet<br /></code></pre><p style="font-size: inherit;color: inherit;line-height: inherit;margin-top: 1.5em;margin-bottom: 1.5em;">如果没有令牌，可以通过在控制平面节点上运行以下命令来获取令牌：</p><pre style="font-size: inherit;color: inherit;line-height: inherit;"><code style="margin-right: 2px;margin-left: 2px;line-height: 18px;font-size: 14px;letter-spacing: 0px;font-family: Consolas, Inconsolata, Courier, monospace;border-radius: 0px;background: rgb(29, 31, 33);color: rgb(197, 200, 198);padding: 0.5em;overflow-wrap: normal !important;word-break: normal !important;overflow: auto !important;display: -webkit-box !important;">kubeadm&nbsp;token&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">list</span><br /></code></pre><p style="font-size: inherit;color: inherit;line-height: inherit;margin-top: 1.5em;margin-bottom: 1.5em;">默认情况下，令牌会在24小时后过期。如果要在当前令牌过期后将节点加入集群， 则可以通过在控制平面节点上运行以下命令来创建新令牌：</p><pre style="font-size: inherit;color: inherit;line-height: inherit;"><code style="margin-right: 2px;margin-left: 2px;line-height: 18px;font-size: 14px;letter-spacing: 0px;font-family: Consolas, Inconsolata, Courier, monospace;border-radius: 0px;background: rgb(29, 31, 33);color: rgb(197, 200, 198);padding: 0.5em;overflow-wrap: normal !important;word-break: normal !important;overflow: auto !important;display: -webkit-box !important;">kubeadm&nbsp;token&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">create</span><br /><span style="font-size: inherit;line-height: inherit;color: rgb(150, 152, 150);overflow-wrap: inherit !important;word-break: inherit !important;">#&nbsp;再查看</span><br />kubeadm&nbsp;token&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">list</span><br /></code></pre><p style="font-size: inherit;color: inherit;line-height: inherit;margin-top: 1.5em;margin-bottom: 1.5em;">如果你没有 –discovery-token-ca-cert-hash 的值，则可以通过在控制平面节点上执行以下命令链来获取它：</p><pre style="font-size: inherit;color: inherit;line-height: inherit;"><code style="margin-right: 2px;margin-left: 2px;line-height: 18px;font-size: 14px;letter-spacing: 0px;font-family: Consolas, Inconsolata, Courier, monospace;border-radius: 0px;background: rgb(29, 31, 33);color: rgb(197, 200, 198);padding: 0.5em;overflow-wrap: normal !important;word-break: normal !important;overflow: auto !important;display: -webkit-box !important;">openssl&nbsp;x509&nbsp;-pubkey&nbsp;-<span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">in</span>&nbsp;/etc/kubernetes/pki/ca.crt&nbsp;|&nbsp;openssl&nbsp;rsa&nbsp;-pubin&nbsp;-outform&nbsp;der&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">2</span>&gt;<span style="font-size: inherit;line-height: inherit;color: rgb(204, 102, 102);overflow-wrap: inherit !important;word-break: inherit !important;">/dev/</span><span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">null</span>&nbsp;|&nbsp;openssl&nbsp;dgst&nbsp;-sha256&nbsp;-hex&nbsp;|&nbsp;sed&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(181, 189, 104);overflow-wrap: inherit !important;word-break: inherit !important;">'s/^.*&nbsp;//'</span><br /></code></pre><p style="font-size: inherit;color: inherit;line-height: inherit;margin-top: 1.5em;margin-bottom: 1.5em;">如果执行 kubeadm init 时没有记录下加入集群的命令，可以通过以下命令重新创建（推荐）一般不用上面的分别获取 token 和 ca-cert-hash 方式，执行以下命令一气呵成：</p><pre style="font-size: inherit;color: inherit;line-height: inherit;"><code style="margin-right: 2px;margin-left: 2px;line-height: 18px;font-size: 14px;letter-spacing: 0px;font-family: Consolas, Inconsolata, Courier, monospace;border-radius: 0px;background: rgb(29, 31, 33);color: rgb(197, 200, 198);padding: 0.5em;overflow-wrap: normal !important;word-break: normal !important;overflow: auto !important;display: -webkit-box !important;">kubeadm&nbsp;token&nbsp;create&nbsp;--<span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">print</span>-<span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">join</span>-command<br /></code></pre><p style="font-size: inherit;color: inherit;line-height: inherit;margin-top: 1.5em;margin-bottom: 1.5em;">这里需要等待一段时间，再查看节点节点状态，因为需要安装 kube-proxy 和 flannel。</p><pre style="font-size: inherit;color: inherit;line-height: inherit;"><code style="margin-right: 2px;margin-left: 2px;line-height: 18px;font-size: 14px;letter-spacing: 0px;font-family: Consolas, Inconsolata, Courier, monospace;border-radius: 0px;background: rgb(29, 31, 33);color: rgb(197, 200, 198);padding: 0.5em;overflow-wrap: normal !important;word-break: normal !important;overflow: auto !important;display: -webkit-box !important;">kubectl&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">get</span>&nbsp;pods&nbsp;-A<br />kubectl&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">get</span>&nbsp;nodes<br /></code></pre></section><p><img src="https://mmbiz.qpic.cn/mmbiz_png/fEsWkVrSk548VEHHslAONpOdL84WRUIIWdNgPccicUv0VH9P2iat4LicQkgQzJd5aaGvCZcALmPLnh5HTZkGdZRNA/640?wx_fmt=png" class="rich_pages wxw-img" data-ratio="0.037035" data-src="https://mmbiz.qpic.cn/mmbiz_png/fEsWkVrSk548VEHHslAONpOdL84WRUIIWdNgPccicUv0VH9P2iat4LicQkgQzJd5aaGvCZcALmPLnh5HTZkGdZRNA/640?wx_fmt=png" data-type="png" data-w="1080"></p><section style="font-size: 16px;color: rgb(62, 62, 62);line-height: 1.6;letter-spacing: 0px;font-family: &#39;Helvetica Neue&#39;, Helvetica, &#39;Hiragino Sans GB&#39;, &#39;Microsoft YaHei&#39;, Arial, sans-serif;"><h4 style="color: inherit;line-height: inherit;margin-top: 1.5em;margin-bottom: 1.5em;font-weight: bold;font-size: 1.2em;"><span style="font-size: inherit;color: inherit;line-height: inherit;">10）配置 IPVS</span></h4><p style="font-size: inherit;color: inherit;line-height: inherit;margin-top: 1.5em;margin-bottom: 1.5em;">【问题】集群内无法 ping 通 ClusterIP（或 ServiceName）</p><p style="font-size: inherit;color: inherit;line-height: inherit;margin-top: 1.5em;margin-bottom: 1.5em;">1、加载 ip_vs 相关内核模块</p><pre style="font-size: inherit;color: inherit;line-height: inherit;"><code style="margin-right: 2px;margin-left: 2px;line-height: 18px;font-size: 14px;letter-spacing: 0px;font-family: Consolas, Inconsolata, Courier, monospace;border-radius: 0px;background: rgb(29, 31, 33);color: rgb(197, 200, 198);padding: 0.5em;overflow-wrap: normal !important;word-break: normal !important;overflow: auto !important;display: -webkit-box !important;">modprobe&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(150, 152, 150);overflow-wrap: inherit !important;word-break: inherit !important;">--&nbsp;ip_vs</span><br />modprobe&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(150, 152, 150);overflow-wrap: inherit !important;word-break: inherit !important;">--&nbsp;ip_vs_sh</span><br />modprobe&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(150, 152, 150);overflow-wrap: inherit !important;word-break: inherit !important;">--&nbsp;ip_vs_rr</span><br />modprobe&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(150, 152, 150);overflow-wrap: inherit !important;word-break: inherit !important;">--&nbsp;ip_vs_wrr</span><br /></code></pre><p style="font-size: inherit;color: inherit;line-height: inherit;margin-top: 1.5em;margin-bottom: 1.5em;">所有节点验证开启了 ipvs：</p><pre style="font-size: inherit;color: inherit;line-height: inherit;"><code style="margin-right: 2px;margin-left: 2px;line-height: 18px;font-size: 14px;letter-spacing: 0px;font-family: Consolas, Inconsolata, Courier, monospace;border-radius: 0px;background: rgb(29, 31, 33);color: rgb(197, 200, 198);padding: 0.5em;overflow-wrap: normal !important;word-break: normal !important;overflow: auto !important;display: -webkit-box !important;"><span style="font-size: inherit;line-height: inherit;color: rgb(240, 198, 116);overflow-wrap: inherit !important;word-break: inherit !important;">lsmod</span>&nbsp;|grep&nbsp;ip_vs<br /></code></pre><p style="font-size: inherit;color: inherit;line-height: inherit;margin-top: 1.5em;margin-bottom: 1.5em;">2、安装 ipvsadm 工具</p><pre style="font-size: inherit;color: inherit;line-height: inherit;"><code style="margin-right: 2px;margin-left: 2px;line-height: 18px;font-size: 14px;letter-spacing: 0px;font-family: Consolas, Inconsolata, Courier, monospace;border-radius: 0px;background: rgb(29, 31, 33);color: rgb(197, 200, 198);padding: 0.5em;overflow-wrap: normal !important;word-break: normal !important;overflow: auto !important;display: -webkit-box !important;"><span style="font-size: inherit;line-height: inherit;color: rgb(240, 198, 116);overflow-wrap: inherit !important;word-break: inherit !important;">yum</span>&nbsp;install&nbsp;ipset&nbsp;ipvsadm&nbsp;-y<br /></code></pre><p style="font-size: inherit;color: inherit;line-height: inherit;margin-top: 1.5em;margin-bottom: 1.5em;">3、编辑 kube-proxy 配置文件，mode 修改成 ipvs</p><pre style="font-size: inherit;color: inherit;line-height: inherit;"><code style="margin-right: 2px;margin-left: 2px;line-height: 18px;font-size: 14px;letter-spacing: 0px;font-family: Consolas, Inconsolata, Courier, monospace;border-radius: 0px;background: rgb(29, 31, 33);color: rgb(197, 200, 198);padding: 0.5em;overflow-wrap: normal !important;word-break: normal !important;overflow: auto !important;display: -webkit-box !important;"><span style="font-size: inherit;line-height: inherit;color: rgb(240, 198, 116);overflow-wrap: inherit !important;word-break: inherit !important;">kubectl</span>&nbsp;edit&nbsp;&nbsp;configmap&nbsp;-n&nbsp;kube-system&nbsp;&nbsp;kube-proxy</code></pre></section><p><img src="https://mmbiz.qpic.cn/mmbiz_png/fEsWkVrSk548VEHHslAONpOdL84WRUIIcmZjHYP05sgZRyed3rcdvkyYN7IyTanKguq0GOdxSAGKbXHDe5THLA/640?wx_fmt=png" class="rich_pages wxw-img" data-ratio="0.93877" data-src="https://mmbiz.qpic.cn/mmbiz_png/fEsWkVrSk548VEHHslAONpOdL84WRUIIcmZjHYP05sgZRyed3rcdvkyYN7IyTanKguq0GOdxSAGKbXHDe5THLA/640?wx_fmt=png" data-type="png" data-w="784" style="margin-right: auto;margin-bottom: 15px;margin-left: auto;outline: 0px;color: rgb(0, 0, 0);font-family: Optima-Regular, Optima, PingFangSC-light, PingFangTC-light, &#39;PingFang SC&#39;, Cambria, Cochin, Georgia, Times, &#39;Times New Roman&#39;, serif;font-size: 16px;text-align: left;white-space: normal;background-color: rgb(255, 255, 255);width: 656.992px;border-radius: 5px;display: block;box-sizing: border-box !important;visibility: visible !important;" /></p><section style="font-size: 16px;color: rgb(62, 62, 62);line-height: 1.6;letter-spacing: 0px;font-family: &#39;Helvetica Neue&#39;, Helvetica, &#39;Hiragino Sans GB&#39;, &#39;Microsoft YaHei&#39;, Arial, sans-serif;"><p style="font-size: inherit;color: inherit;line-height: inherit;margin-top: 1.5em;margin-bottom: 1.5em;">4、重启 kube-proxy</p><pre style="font-size: inherit;color: inherit;line-height: inherit;"><code style="margin-right: 2px;margin-left: 2px;line-height: 18px;font-size: 14px;letter-spacing: 0px;font-family: Consolas, Inconsolata, Courier, monospace;border-radius: 0px;background: rgb(29, 31, 33);color: rgb(197, 200, 198);padding: 0.5em;overflow-wrap: normal !important;word-break: normal !important;overflow: auto !important;display: -webkit-box !important;"><span style="font-size: inherit;line-height: inherit;color: rgb(150, 152, 150);overflow-wrap: inherit !important;word-break: inherit !important;">#&nbsp;先查看</span><br />kubectl&nbsp;get&nbsp;pod&nbsp;-n&nbsp;kube-<span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">system</span>&nbsp;|&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">grep</span>&nbsp;kube-proxy<br /><span style="font-size: inherit;line-height: inherit;color: rgb(150, 152, 150);overflow-wrap: inherit !important;word-break: inherit !important;">#&nbsp;再delete让它自拉起</span><br />kubectl&nbsp;get&nbsp;pod&nbsp;-n&nbsp;kube-<span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">system</span>&nbsp;|&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">grep</span>&nbsp;kube-proxy&nbsp;|awk&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(181, 189, 104);overflow-wrap: inherit !important;word-break: inherit !important;">'{system("kubectl&nbsp;delete&nbsp;pod&nbsp;"\)1”&nbsp;-n&nbsp;kube-system”)}’
#&nbsp;再查看
kubectl&nbsp;get&nbsp;pod&nbsp;-n&nbsp;kube-system&nbsp;|&nbsp;grep&nbsp;kube-proxy

5、查看 ipvs 转发规则

讯享网ipvsadm&nbsp;-Ln

11）集群高可用配置

配置高可用（HA）Kubernetes 集群实现的两种方案：

使用堆叠（stacked）控制平面节点，其中 etcd 节点与控制平面节点共存（本章使用），架构图如下：

使用外部 etcd 节点，其中 etcd 在与控制平面不同的节点上运行，架构图如下：

这里新增一台机器作为另外一个 master 节点：192.168.0.116 配置跟上面 master 节点一样。只是不需要最后一步初始化了。

1、修改主机名和配置 hosts

所有节点都统一如下配置：

#&nbsp;在192.168.0.113执行
hostnamectl&nbsp;set-hostname&nbsp;&nbsp;k8s-master-168-0-113
#&nbsp;在192.168.0.114执行
hostnamectl&nbsp;set-hostname&nbsp;k8s-node1-168-0-114
#&nbsp;在192.168.0.115执行
hostnamectl&nbsp;set-hostname&nbsp;k8s-node2-168-0-115
#&nbsp;在192.168.0.116执行
hostnamectl&nbsp;set-hostname&nbsp;k8s-master2-168-0-116

配置 hosts

讯享网cat&nbsp;&gt;&gt;&nbsp;/etc/hosts&lt;&lt;EOF
192.168.0.113&nbsp;k8s-master-168-0-113&nbsp;cluster-endpoint
192.168.0.114&nbsp;k8s-node1-168-0-114
192.168.0.115&nbsp;k8s-node2-168-0-115
192.168.0.116&nbsp;k8s-master2-168-0-116
EOF

2、配置 ssh 互信

#&nbsp;直接一直回车就行
ssh-keygen

ssh-copy-id&nbsp;-i&nbsp;/.ssh/id_rsa.pub&nbsp;root@k8s-master-168-0-113
ssh-copy-id&nbsp;-i&nbsp;/.ssh/id_rsa.pub&nbsp;root@k8s-node1-168-0-114
ssh-copy-id&nbsp;-i&nbsp;/.ssh/id_rsa.pub&nbsp;root@k8s-node2-168-0-115
ssh-copy-id&nbsp;-i&nbsp;/.ssh/id_rsa.pub&nbsp;root@k8s-master2-168-0-116

3、时间同步

讯享网yum&nbsp;install&nbsp;chrony&nbsp;-y
systemctl&nbsp;start&nbsp;chronyd
systemctl&nbsp;enable&nbsp;chronyd
chronyc&nbsp;sources

关闭防火墙

systemctl&nbsp;stop&nbsp;firewalld
systemctl&nbsp;disable&nbsp;firewalld

4、关闭 swap

讯享网#&nbsp;临时关闭；关闭swap主要是为了性能考虑
swapoff&nbsp;-a
#&nbsp;可以通过这个命令查看swap是否关闭了
free
#&nbsp;永久关闭
sed&nbsp;-ri&nbsp;’s/.swap./#&/’&nbsp;/etc/fstab

5、禁用 SELinux

#&nbsp;临时关闭
setenforce&nbsp;0
#&nbsp;永久禁用
sed&nbsp;-i&nbsp;’s/^SELINUX=enforcing\(/SELINUX=disabled/'</span>&nbsp;/etc/selinux/config<br /></code></pre><p style="font-size: inherit;color: inherit;line-height: inherit;margin-top: 1.5em;margin-bottom: 1.5em;">6、允许 iptables 检查桥接流量（可选，所有节点）</p><p style="font-size: inherit;color: inherit;line-height: inherit;margin-top: 1.5em;margin-bottom: 1.5em;">若要显式加载此模块，请运行 sudo modprobe br_netfilter，通过运行 lsmod | grep br_netfilter 来验证 br_netfilter 模块是否已加载，</p><pre style="font-size: inherit;color: inherit;line-height: inherit;"><code style="margin-right: 2px;margin-left: 2px;line-height: 18px;font-size: 14px;letter-spacing: 0px;font-family: Consolas, Inconsolata, Courier, monospace;border-radius: 0px;background: rgb(29, 31, 33);color: rgb(197, 200, 198);padding: 0.5em;overflow-wrap: normal !important;word-break: normal !important;overflow: auto !important;display: -webkit-box !important;"><span style="font-size: inherit;line-height: inherit;color: rgb(240, 198, 116);overflow-wrap: inherit !important;word-break: inherit !important;">sudo</span>&nbsp;modprobe&nbsp;br_netfilter<br />lsmod&nbsp;|&nbsp;grep&nbsp;br_netfilter<br /></code></pre><p style="font-size: inherit;color: inherit;line-height: inherit;margin-top: 1.5em;margin-bottom: 1.5em;">为了让 Linux 节点的 iptables 能够正确查看桥接流量，请确认 sysctl 配置中的 net.bridge.bridge-nf-call-iptables 设置为 1。例如：</p><pre style="font-size: inherit;color: inherit;line-height: inherit;"><code style="margin-right: 2px;margin-left: 2px;line-height: 18px;font-size: 14px;letter-spacing: 0px;font-family: Consolas, Inconsolata, Courier, monospace;border-radius: 0px;background: rgb(29, 31, 33);color: rgb(197, 200, 198);padding: 0.5em;overflow-wrap: normal !important;word-break: normal !important;overflow: auto !important;display: -webkit-box !important;">cat&nbsp;&lt;&lt;EOF&nbsp;|&nbsp;sudo&nbsp;tee&nbsp;/etc/modules-load.d/k8s.conf<br />overlay<br />br_netfilter<br />EOF<br /><br />sudo&nbsp;modprobe&nbsp;overlay<br />sudo&nbsp;modprobe&nbsp;br_netfilter<br /><br /><span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">#&nbsp;设置所需的&nbsp;sysctl&nbsp;参数，参数在重新启动后保持不变</span><br />cat&nbsp;&lt;&lt;EOF&nbsp;|&nbsp;sudo&nbsp;tee&nbsp;/etc/sysctl.d/k8s.conf<br />net.bridge.bridge-nf-<span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">call</span>-iptables&nbsp;&nbsp;=&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">1</span><br />net.bridge.bridge-nf-<span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">call</span>-ip6tables&nbsp;=&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">1</span><br />net.ipv4.ip_forward&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">1</span><br />EOF<br /><br /><span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">#&nbsp;应用&nbsp;sysctl&nbsp;参数而不重新启动</span><br />sudo&nbsp;sysctl&nbsp;--system<br /></code></pre><p style="font-size: inherit;color: inherit;line-height: inherit;margin-top: 1.5em;margin-bottom: 1.5em;">7、安装容器 docker（所有节点）</p><blockquote style="line-height: inherit;padding: 15px 15px 15px 1rem;font-size: 0.9em;color: rgb(129, 145, 152);border-left-width: 6px;border-left-color: rgb(220, 230, 240);background: rgb(242, 247, 251);overflow: auto;overflow-wrap: normal;word-break: normal;"><p style="font-size: inherit;color: inherit;line-height: inherit;">提示：v1.24 之前的 Kubernetes 版本包括与 Docker Engine 的直接集成，使用名为 dockershim 的组件。这种特殊的直接整合不再是 Kubernetes 的一部分 （这次删除被作为 v1.20 发行版本的一部分宣布）。你可以阅读检查 Dockershim 弃用是否会影响你 以了解此删除可能会如何影响你。要了解如何使用 dockershim 进行迁移，请参阅从 dockershim 迁移。</p></blockquote><pre style="font-size: inherit;color: inherit;line-height: inherit;"><code style="margin-right: 2px;margin-left: 2px;line-height: 18px;font-size: 14px;letter-spacing: 0px;font-family: Consolas, Inconsolata, Courier, monospace;border-radius: 0px;background: rgb(29, 31, 33);color: rgb(197, 200, 198);padding: 0.5em;overflow-wrap: normal !important;word-break: normal !important;overflow: auto !important;display: -webkit-box !important;"><span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">#&nbsp;配置yum源</span><br />cd&nbsp;/etc/yum.repos.d&nbsp;;&nbsp;mkdir&nbsp;bak;&nbsp;mv&nbsp;CentOS-Linux-*&nbsp;bak/<br /><span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">#&nbsp;centos7</span><br />wget&nbsp;-O&nbsp;/etc/yum.repos.d/CentOS-Base.repo&nbsp;http:<span style="font-size: inherit;line-height: inherit;color: rgb(150, 152, 150);overflow-wrap: inherit !important;word-break: inherit !important;">//mirrors.aliyun.com/repo/Centos-7.repo</span><br /><span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">#&nbsp;centos8</span><br />wget&nbsp;-O&nbsp;/etc/yum.repos.d/CentOS-Base.repo&nbsp;http:<span style="font-size: inherit;line-height: inherit;color: rgb(150, 152, 150);overflow-wrap: inherit !important;word-break: inherit !important;">//mirrors.aliyun.com/repo/Centos-8.repo</span><br /><br /><span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">#&nbsp;安装yum-config-manager配置工具</span><br />yum&nbsp;-y&nbsp;install&nbsp;yum-utils<br /><span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">#&nbsp;设置yum源</span><br />yum-config-manager&nbsp;--<span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">add</span>-repo&nbsp;http:<span style="font-size: inherit;line-height: inherit;color: rgb(150, 152, 150);overflow-wrap: inherit !important;word-break: inherit !important;">//mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo</span><br /><span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">#&nbsp;安装docker-ce版本</span><br />yum&nbsp;install&nbsp;-y&nbsp;docker-ce<br /><span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">#&nbsp;启动</span><br />systemctl&nbsp;start&nbsp;docker<br /><span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">#&nbsp;开机自启</span><br />systemctl&nbsp;enable&nbsp;docker<br /><span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">#&nbsp;查看版本号</span><br />docker&nbsp;--version<br /><span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">#&nbsp;查看版本具体信息</span><br />docker&nbsp;version<br /><br /><span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">#&nbsp;Docker镜像源设置</span><br /><span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">#&nbsp;修改文件&nbsp;/etc/docker/daemon.json，没有这个文件就创建</span><br /><span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">#&nbsp;添加以下内容后，重启docker服务：</span><br />cat&nbsp;&gt;/etc/docker/daemon.json&lt;&lt;EOF<br />{<br />&nbsp;&nbsp;&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(181, 189, 104);overflow-wrap: inherit !important;word-break: inherit !important;">"registry-mirrors"</span>:&nbsp;[<span style="font-size: inherit;line-height: inherit;color: rgb(181, 189, 104);overflow-wrap: inherit !important;word-break: inherit !important;">"http://hub-mirror.c.163.com"</span>]<br />}<br />EOF<br /><span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">#&nbsp;加载</span><br />systemctl&nbsp;reload&nbsp;docker<br /><br /><span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">#&nbsp;查看</span><br />systemctl&nbsp;status&nbsp;docker&nbsp;containerd<br /></code></pre><blockquote style="line-height: inherit;padding: 15px 15px 15px 1rem;font-size: 0.9em;color: rgb(129, 145, 152);border-left-width: 6px;border-left-color: rgb(220, 230, 240);background: rgb(242, 247, 251);overflow: auto;overflow-wrap: normal;word-break: normal;"><p style="font-size: inherit;color: inherit;line-height: inherit;">【温馨提示】dockerd 实际真实调用的还是 containerd 的 api 接口，containerd 是 dockerd 和 runC 之间的一个中间交流组件。所以启动 docker 服务的时候，也会启动 containerd 服务的。</p></blockquote><h4 style="color: inherit;line-height: inherit;margin-top: 1.5em;margin-bottom: 1.5em;font-weight: bold;font-size: 1.2em;"><span style="font-size: inherit;color: inherit;line-height: inherit;">8、配置 k8s yum 源（所有节点）</span></h4><pre style="font-size: inherit;color: inherit;line-height: inherit;"><code style="margin-right: 2px;margin-left: 2px;line-height: 18px;font-size: 14px;letter-spacing: 0px;font-family: Consolas, Inconsolata, Courier, monospace;border-radius: 0px;background: rgb(29, 31, 33);color: rgb(197, 200, 198);padding: 0.5em;overflow-wrap: normal !important;word-break: normal !important;overflow: auto !important;display: -webkit-box !important;">cat&nbsp;&gt;&nbsp;/etc/yum.repos.d/kubernetes.repo&nbsp;&lt;&lt;&nbsp;EOF<br />[k8s]<br />name=k8s<br />enabled=1<br />gpgcheck=0<br />baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/<br />EOF<br /></code></pre><h4 style="color: inherit;line-height: inherit;margin-top: 1.5em;margin-bottom: 1.5em;font-weight: bold;font-size: 1.2em;"><span style="font-size: inherit;color: inherit;line-height: inherit;">9、将 sandbox_image 镜像源设置为阿里云 google_containers 镜像源（所有节点）</span></h4><pre style="font-size: inherit;color: inherit;line-height: inherit;"><code style="margin-right: 2px;margin-left: 2px;line-height: 18px;font-size: 14px;letter-spacing: 0px;font-family: Consolas, Inconsolata, Courier, monospace;border-radius: 0px;background: rgb(29, 31, 33);color: rgb(197, 200, 198);padding: 0.5em;overflow-wrap: normal !important;word-break: normal !important;overflow: auto !important;display: -webkit-box !important;">#&nbsp;导出默认配置，<span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">config</span>.toml这个文件默认是不存在的<br />containerd&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">config</span>&nbsp;default&nbsp;&gt;&nbsp;/etc/containerd/<span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">config</span>.toml<br />grep&nbsp;sandbox_image&nbsp;&nbsp;/etc/containerd/<span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">config</span>.toml<br />sed&nbsp;-i&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(181, 189, 104);overflow-wrap: inherit !important;word-break: inherit !important;">"s#k8s.gcr.io/pause#registry.aliyuncs.com/google_containers/pause#g"</span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;/etc/containerd/<span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">config</span>.toml<br />grep&nbsp;sandbox_image&nbsp;&nbsp;/etc/containerd/<span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">config</span>.toml<br /></code></pre></section><p style="font-size: inherit;color: inherit;line-height: inherit;margin-top: 1.5em;margin-bottom: 1.5em;"><img src="https://mmbiz.qpic.cn/mmbiz_png/fEsWkVrSk548VEHHslAONpOdL84WRUIIEfR6pMVkqBCwNebbX1ic3ScxYnxNiapkhIIniaUnedvShicQ2HEj7LybOg/640?wx_fmt=png" class="rich_pages wxw-img" data-ratio="0." data-src="https://mmbiz.qpic.cn/mmbiz_png/fEsWkVrSk548VEHHslAONpOdL84WRUIIEfR6pMVkqBCwNebbX1ic3ScxYnxNiapkhIIniaUnedvShicQ2HEj7LybOg/640?wx_fmt=png" data-type="png" data-w="1080" /></p></section><section style="font-size: 16px;color: rgb(62, 62, 62);line-height: 1.6;letter-spacing: 0px;font-family: &#39;Helvetica Neue&#39;, Helvetica, &#39;Hiragino Sans GB&#39;, &#39;Microsoft YaHei&#39;, Arial, sans-serif;"><h4 style="color: inherit;line-height: inherit;margin-top: 1.5em;margin-bottom: 1.5em;font-weight: bold;font-size: 1.2em;"><span style="font-size: inherit;color: inherit;line-height: inherit;">10、配置 containerd cgroup 驱动程序 systemd</span></h4><blockquote style="line-height: inherit;padding: 15px 15px 15px 1rem;font-size: 0.9em;color: rgb(129, 145, 152);border-left-width: 6px;border-left-color: rgb(220, 230, 240);background: rgb(242, 247, 251);overflow: auto;overflow-wrap: normal;word-break: normal;"><p style="font-size: inherit;color: inherit;line-height: inherit;">kubernets 自ｖ 1.24.0 后，就不再使用 docker.shim，替换采用 containerd 作为容器运行时端点。因此需要安装 containerd（在 docker 的基础下安装），上面安装 docker 的时候就自动安装了 containerd 了。这里的 docker 只是作为客户端而已。容器引擎还是 containerd。</p></blockquote><pre style="font-size: inherit;color: inherit;line-height: inherit;"><code style="margin-right: 2px;margin-left: 2px;line-height: 18px;font-size: 14px;letter-spacing: 0px;font-family: Consolas, Inconsolata, Courier, monospace;border-radius: 0px;background: rgb(29, 31, 33);color: rgb(197, 200, 198);padding: 0.5em;overflow-wrap: normal !important;word-break: normal !important;overflow: auto !important;display: -webkit-box !important;"><span style="font-size: inherit;line-height: inherit;color: rgb(240, 198, 116);overflow-wrap: inherit !important;word-break: inherit !important;">sed</span>&nbsp;-i&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(181, 189, 104);overflow-wrap: inherit !important;word-break: inherit !important;">'s#SystemdCgroup&nbsp;=&nbsp;false#SystemdCgroup&nbsp;=&nbsp;true#g'</span>&nbsp;/etc/containerd/config.toml<br /><span style="font-size: inherit;line-height: inherit;color: rgb(150, 152, 150);overflow-wrap: inherit !important;word-break: inherit !important;">#&nbsp;应用所有更改后,重新启动containerd</span><br />systemctl&nbsp;restart&nbsp;containerd<br /></code></pre><h4 style="color: inherit;line-height: inherit;margin-top: 1.5em;margin-bottom: 1.5em;font-weight: bold;font-size: 1.2em;"><span style="font-size: inherit;color: inherit;line-height: inherit;">11、开始安装 kubeadm，kubelet 和 kubectl（master 节点）</span></h4><pre style="font-size: inherit;color: inherit;line-height: inherit;"><code style="margin-right: 2px;margin-left: 2px;line-height: 18px;font-size: 14px;letter-spacing: 0px;font-family: Consolas, Inconsolata, Courier, monospace;border-radius: 0px;background: rgb(29, 31, 33);color: rgb(197, 200, 198);padding: 0.5em;overflow-wrap: normal !important;word-break: normal !important;overflow: auto !important;display: -webkit-box !important;"><span style="font-size: inherit;line-height: inherit;color: rgb(150, 152, 150);overflow-wrap: inherit !important;word-break: inherit !important;">#&nbsp;不指定版本就是最新版本，当前最新版就是1.24.1</span><br />yum&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">install</span>&nbsp;-y&nbsp;kubelet<span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">-1.24</span><span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">.1</span>&nbsp;&nbsp;kubeadm<span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">-1.24</span><span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">.1</span>&nbsp;&nbsp;kubectl<span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">-1.24</span><span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">.1</span>&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(150, 152, 150);overflow-wrap: inherit !important;word-break: inherit !important;">--disableexcludes=kubernetes</span><br /><span style="font-size: inherit;line-height: inherit;color: rgb(150, 152, 150);overflow-wrap: inherit !important;word-break: inherit !important;"># disableexcludes=kubernetes：禁掉除了这个kubernetes之外的别的仓库</span><br /><span style="font-size: inherit;line-height: inherit;color: rgb(150, 152, 150);overflow-wrap: inherit !important;word-break: inherit !important;">#&nbsp;设置为开机自启并现在立刻启动服务&nbsp;--now：立刻启动服务</span><br />systemctl&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">enable</span>&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(150, 152, 150);overflow-wrap: inherit !important;word-break: inherit !important;">--now&nbsp;kubelet</span><br /><br /><span style="font-size: inherit;line-height: inherit;color: rgb(150, 152, 150);overflow-wrap: inherit !important;word-break: inherit !important;">#&nbsp;查看状态，这里需要等待一段时间再查看服务状态，启动会有点慢</span><br />systemctl&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">status</span>&nbsp;kubelet<br /><br /><span style="font-size: inherit;line-height: inherit;color: rgb(150, 152, 150);overflow-wrap: inherit !important;word-break: inherit !important;">#&nbsp;查看版本</span><br /><br />kubectl&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">version</span><br />yum&nbsp;info&nbsp;kubeadm<br /></code></pre><h4 style="color: inherit;line-height: inherit;margin-top: 1.5em;margin-bottom: 1.5em;font-weight: bold;font-size: 1.2em;"><span style="font-size: inherit;color: inherit;line-height: inherit;">12、加入 k8s 集群</span></h4><pre style="font-size: inherit;color: inherit;line-height: inherit;"><code style="margin-right: 2px;margin-left: 2px;line-height: 18px;font-size: 14px;letter-spacing: 0px;font-family: Consolas, Inconsolata, Courier, monospace;border-radius: 0px;background: rgb(29, 31, 33);color: rgb(197, 200, 198);padding: 0.5em;overflow-wrap: normal !important;word-break: normal !important;overflow: auto !important;display: -webkit-box !important;"><span style="font-size: inherit;line-height: inherit;color: rgb(150, 152, 150);overflow-wrap: inherit !important;word-break: inherit !important;">#&nbsp;证如果过期了，可以使用下面命令生成新证书上传，这里会打印出certificate&nbsp;key，后面会用到</span><br />kubeadm&nbsp;init&nbsp;phase&nbsp;upload-certs&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(150, 152, 150);overflow-wrap: inherit !important;word-break: inherit !important;">--upload-certs</span><br /><span style="font-size: inherit;line-height: inherit;color: rgb(150, 152, 150);overflow-wrap: inherit !important;word-break: inherit !important;">#&nbsp;你还可以在&nbsp;【init】期间指定自定义的&nbsp;--certificate-key，以后可以由 join 使用。&nbsp;要生成这样的密钥，可以使用以下命令（这里不执行，就用上面那个自命令就可以了）：</span><br />kubeadm&nbsp;certs&nbsp;certificate-key<br /><br />kubeadm&nbsp;token&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">create</span>&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(150, 152, 150);overflow-wrap: inherit !important;word-break: inherit !important;">--print-join-command</span><br /><br />kubeadm&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">join</span>&nbsp;cluster-endpoint:<span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">6443</span>&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(150, 152, 150);overflow-wrap: inherit !important;word-break: inherit !important;">--token&nbsp;wswrfw.fc81au4yvy6ovmhh&nbsp;--discovery-token-ca-cert-hash&nbsp;sha256:43a3924c25104d39f6a02b8ceef9f9c30eed8e0abc0f&nbsp;--control-plane&nbsp;--certificate-key&nbsp;8db74e35d05a420bd2c19fd8c11914eb45f2ff22937b245bed5b68</span><br /><br /><span style="font-size: inherit;line-height: inherit;color: rgb(150, 152, 150);overflow-wrap: inherit !important;word-break: inherit !important;">#&nbsp;--control-plane 标志通知 kubeadm join 创建一个新的控制平面。加入master必须加这个标记</span><br /><span style="font-size: inherit;line-height: inherit;color: rgb(150, 152, 150);overflow-wrap: inherit !important;word-break: inherit !important;">#&nbsp;--certificate-key ... 将导致从集群中的 kubeadm-certs Secret 下载控制平面证书并使用给定的密钥进行解密。这里的值</span><br /></code></pre></section><p style="font-size: inherit;color: inherit;line-height: inherit;margin-top: 1.5em;margin-bottom: 1.5em;"><img src="https://mmbiz.qpic.cn/mmbiz_png/fEsWkVrSk548VEHHslAONpOdL84WRUII9nib9icxESZ7GzrDPHL3BLB1CKTMia0LkzIBvBjU9R11Rpw480BAJ2r3A/640?wx_fmt=png" class="rich_pages wxw-img" data-ratio="0." data-src="https://mmbiz.qpic.cn/mmbiz_png/fEsWkVrSk548VEHHslAONpOdL84WRUII9nib9icxESZ7GzrDPHL3BLB1CKTMia0LkzIBvBjU9R11Rpw480BAJ2r3A/640?wx_fmt=png" data-type="png" data-w="1080" /></p></section><section style="font-size: 16px;color: rgb(62, 62, 62);line-height: 1.6;letter-spacing: 0px;font-family: &#39;Helvetica Neue&#39;, Helvetica, &#39;Hiragino Sans GB&#39;, &#39;Microsoft YaHei&#39;, Arial, sans-serif;"><p style="font-size: inherit;color: inherit;line-height: inherit;margin-top: 1.5em;margin-bottom: 1.5em;">根据提示执行如下命令：</p><pre style="font-size: inherit;color: inherit;line-height: inherit;"><code style="margin-right: 2px;margin-left: 2px;line-height: 18px;font-size: 14px;letter-spacing: 0px;font-family: Consolas, Inconsolata, Courier, monospace;border-radius: 0px;background: rgb(29, 31, 33);color: rgb(197, 200, 198);padding: 0.5em;overflow-wrap: normal !important;word-break: normal !important;overflow: auto !important;display: -webkit-box !important;"><span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">mkdir</span>&nbsp;-p&nbsp;\)HOME/.kube
sudo&nbsp;cp&nbsp;-i&nbsp;/etc/kubernetes/admin.conf&nbsp;\(HOME/.kube/config<br />sudo&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">chown</span>&nbsp;\)(id&nbsp;-u):\((id&nbsp;-g)&nbsp;\)HOME/.kube/config

查看

讯享网kubectl&nbsp;get&nbsp;nodes
kubectl&nbsp;get&nbsp;pods&nbsp;-A&nbsp;-owide

虽然现在已经有两个 master 了，但是对外还是只能有一个入口的，所以还得要一个负载均衡器，如果一个 master 挂了，会自动切到另外一个 master 节点。

12）部署 Nginx+Keepalived 高可用负载均衡器

1、安装 Nginx 和 Keepalived

#&nbsp;在两个master节点上执行
yum&nbsp;install&nbsp;nginx&nbsp;keepalived&nbsp;-y

2、Nginx 配置

在两个 master 节点配置

讯享网cat&nbsp;&gt;&nbsp;/etc/nginx/nginx.conf&nbsp;&lt;&lt;&nbsp;“EOF”
user&nbsp;nginx;
worker_processes&nbsp;auto;
error_log&nbsp;/var/log/nginx/error.log;
pid&nbsp;/run/nginx.pid;
include&nbsp;/usr/share/nginx/modules/.conf;
events&nbsp;{
&nbsp;&nbsp;&nbsp;&nbsp;worker_connections&nbsp;1024;
}
#&nbsp;四层负载均衡，为两台Master&nbsp;apiserver组件提供负载均衡
stream&nbsp;{
&nbsp;&nbsp;&nbsp;&nbsp;log_format&nbsp;&nbsp;main&nbsp;&nbsp;‘\(remote_addr</span>&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(204, 102, 102);overflow-wrap: inherit !important;word-break: inherit !important;">\)upstream_addr&nbsp;-&nbsp;[\(time_local</span>]&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(204, 102, 102);overflow-wrap: inherit !important;word-break: inherit !important;">\)status&nbsp;\(upstream_bytes_sent</span>'</span>;<br />&nbsp;&nbsp;&nbsp;&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(240, 198, 116);overflow-wrap: inherit !important;word-break: inherit !important;">access_log</span>&nbsp;&nbsp;/var/log/nginx/k8s-access.log&nbsp;&nbsp;main;<br />&nbsp;&nbsp;&nbsp;&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(240, 198, 116);overflow-wrap: inherit !important;word-break: inherit !important;">upstream</span>&nbsp;k8s-apiserver&nbsp;{<br />&nbsp;&nbsp;&nbsp;&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(150, 152, 150);overflow-wrap: inherit !important;word-break: inherit !important;">#&nbsp;Master&nbsp;APISERVER&nbsp;IP:PORT</span><br />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(240, 198, 116);overflow-wrap: inherit !important;word-break: inherit !important;">server</span>&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">192.168.0.113:6443</span>;<br />&nbsp;&nbsp;&nbsp;&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(150, 152, 150);overflow-wrap: inherit !important;word-break: inherit !important;">#&nbsp;Master2&nbsp;APISERVER&nbsp;IP:PORT</span><br />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(240, 198, 116);overflow-wrap: inherit !important;word-break: inherit !important;">server</span>&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">192.168.0.116:6443</span>;<br />&nbsp;&nbsp;&nbsp;&nbsp;}<br />&nbsp;&nbsp;&nbsp;&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(129, 162, 190);overflow-wrap: inherit !important;word-break: inherit !important;">server</span>&nbsp;{<br />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(240, 198, 116);overflow-wrap: inherit !important;word-break: inherit !important;">listen</span>&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">16443</span>;<br />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(240, 198, 116);overflow-wrap: inherit !important;word-break: inherit !important;">proxy_pass</span>&nbsp;k8s-apiserver;<br />&nbsp;&nbsp;&nbsp;&nbsp;}<br />}<br /><br /><span style="font-size: inherit;line-height: inherit;color: rgb(129, 162, 190);overflow-wrap: inherit !important;word-break: inherit !important;">http</span>&nbsp;{<br />&nbsp;&nbsp;&nbsp;&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(240, 198, 116);overflow-wrap: inherit !important;word-break: inherit !important;">log_format</span>&nbsp;&nbsp;main&nbsp;&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(181, 189, 104);overflow-wrap: inherit !important;word-break: inherit !important;">'<span style="font-size: inherit;line-height: inherit;color: rgb(204, 102, 102);overflow-wrap: inherit !important;word-break: inherit !important;">\)remote_addr&nbsp;-&nbsp;\(remote_user</span>&nbsp;[<span style="font-size: inherit;line-height: inherit;color: rgb(204, 102, 102);overflow-wrap: inherit !important;word-break: inherit !important;">\)time_local]&nbsp;“\(request</span>"&nbsp;'</span><br />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(181, 189, 104);overflow-wrap: inherit !important;word-break: inherit !important;">'<span style="font-size: inherit;line-height: inherit;color: rgb(204, 102, 102);overflow-wrap: inherit !important;word-break: inherit !important;">\)status&nbsp;\(body_bytes_sent</span>&nbsp;"<span style="font-size: inherit;line-height: inherit;color: rgb(204, 102, 102);overflow-wrap: inherit !important;word-break: inherit !important;">\)http_referer”&nbsp;’
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;’”\(http_user_agent</span>"&nbsp;"<span style="font-size: inherit;line-height: inherit;color: rgb(204, 102, 102);overflow-wrap: inherit !important;word-break: inherit !important;">\)http_x_forwarded_for”’;
&nbsp;&nbsp;&nbsp;&nbsp;access_log&nbsp;&nbsp;/var/log/nginx/access.log&nbsp;&nbsp;main;
&nbsp;&nbsp;&nbsp;&nbsp;sendfile&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;on;
&nbsp;&nbsp;&nbsp;&nbsp;tcp_nopush&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;on;
&nbsp;&nbsp;&nbsp;&nbsp;tcp_nodelay&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;on;
&nbsp;&nbsp;&nbsp;&nbsp;keepalive_timeout&nbsp;&nbsp;&nbsp;65;
&nbsp;&nbsp;&nbsp;&nbsp;types_hash_max_size&nbsp;2048;
&nbsp;&nbsp;&nbsp;&nbsp;include&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;/etc/nginx/mime.types;
&nbsp;&nbsp;&nbsp;&nbsp;default_type&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;application/octet-stream;
&nbsp;&nbsp;&nbsp;&nbsp;server&nbsp;{
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;listen&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;80&nbsp;default_server;
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;servername&nbsp;&nbsp;;

&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;location&nbsp;/&nbsp;{
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;}
&nbsp;&nbsp;&nbsp;&nbsp;}
}
EOF

【温馨提示】如果只保证高可用，不配置 k8s-apiserver 负载均衡的话，可以不装 nginx，但是最好还是配置一下 k8s-apiserver 负载均衡。

3、Keepalived 配置（master）

cat&nbsp;&gt;&nbsp;/etc/keepalived/keepalived.conf&nbsp;&lt;&lt;&nbsp;EOF
global_defs&nbsp;{
&nbsp;&nbsp;&nbsp;notification_email&nbsp;{
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp;}
&nbsp;&nbsp;&nbsp;notification_email_from&nbsp;
&nbsp;&nbsp;&nbsp;smtp_server&nbsp;127.0.0.1
&nbsp;&nbsp;&nbsp;smtp_connect_timeout&nbsp;30
&nbsp;&nbsp;&nbsp;router_id&nbsp;NGINX_MASTER
}
vrrp_script&nbsp;check_nginx&nbsp;{
&nbsp;&nbsp;&nbsp;&nbsp;script&nbsp;”/etc/keepalived/check_nginx.sh”
}
vrrp_instance&nbsp;VI_1&nbsp;{
&nbsp;&nbsp;&nbsp;&nbsp;state&nbsp;MASTER
&nbsp;&nbsp;&nbsp;&nbsp;interface&nbsp;ens33
&nbsp;&nbsp;&nbsp;&nbsp;virtual_router_id&nbsp;51&nbsp;#&nbsp;VRRP&nbsp;路由&nbsp;ID实例，每个实例是唯一的
&nbsp;&nbsp;&nbsp;&nbsp;priority&nbsp;100&nbsp;&nbsp;&nbsp;&nbsp;#&nbsp;优先级，备服务器设置&nbsp;90
&nbsp;&nbsp;&nbsp;&nbsp;advert_int&nbsp;1&nbsp;&nbsp;&nbsp;&nbsp;#&nbsp;指定VRRP&nbsp;心跳包通告间隔时间，默认1秒
&nbsp;&nbsp;&nbsp;&nbsp;authentication&nbsp;{
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;auth_type&nbsp;PASS
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;auth_pass&nbsp;1111
&nbsp;&nbsp;&nbsp;&nbsp;}
&nbsp;&nbsp;&nbsp;&nbsp;#&nbsp;虚拟IP
&nbsp;&nbsp;&nbsp;&nbsp;virtual_ipaddress&nbsp;{
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;192.168.0.120/24
&nbsp;&nbsp;&nbsp;&nbsp;}
&nbsp;&nbsp;&nbsp;&nbsp;track_script&nbsp;{
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;check_nginx
&nbsp;&nbsp;&nbsp;&nbsp;}
}
EOF

vrrp_script：指定检查 nginx 工作状态脚本（根据 nginx 状态判断是否故障转移）
virtual_ipaddress：虚拟 IP（VIP）

检查 nginx 状态脚本：

讯享网cat&nbsp;&gt;&nbsp;/etc/keepalived/check_nginx.sh&nbsp;&nbsp;&lt;&lt;&nbsp;“EOF”
#!/bin/bash
count=\((ps&nbsp;-ef&nbsp;|grep&nbsp;nginx&nbsp;|egrep&nbsp;-cv&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(181, 189, 104);overflow-wrap: inherit !important;word-break: inherit !important;">"grep|\)\("</span>)<br /><br /><span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">if</span>&nbsp;[&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(181, 189, 104);overflow-wrap: inherit !important;word-break: inherit !important;">"<span style="font-size: inherit;line-height: inherit;color: rgb(204, 102, 102);overflow-wrap: inherit !important;word-break: inherit !important;">\)count“&nbsp;-eq&nbsp;0&nbsp;];then
&nbsp;&nbsp;&nbsp;&nbsp;exit&nbsp;1
else
&nbsp;&nbsp;&nbsp;&nbsp;exit&nbsp;0
fi
EOF
chmod&nbsp;+x&nbsp;/etc/keepalived/check_nginx.sh

4、Keepalived 配置（backup）

cat&nbsp;&gt;&nbsp;/etc/keepalived/keepalived.conf&nbsp;&lt;&lt;&nbsp;EOF
global_defs&nbsp;{
&nbsp;&nbsp;&nbsp;notification_email&nbsp;{
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;acassen@firewall.loc
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;failover@firewall.loc
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;sysadmin@firewall.loc
&nbsp;&nbsp;&nbsp;}
&nbsp;&nbsp;&nbsp;notification_email_from&nbsp;fage@.com
&nbsp;&nbsp;&nbsp;smtp_server&nbsp;127.0.0.1
&nbsp;&nbsp;&nbsp;smtp_connect_timeout&nbsp;30
&nbsp;&nbsp;&nbsp;router_id&nbsp;NGINX_BACKUP
}
vrrp_script&nbsp;check_nginx&nbsp;{
&nbsp;&nbsp;&nbsp;&nbsp;script&nbsp;”/etc/keepalived/check_nginx.sh”
}
vrrp_instance&nbsp;VI_1&nbsp;{
&nbsp;&nbsp;&nbsp;&nbsp;state&nbsp;BACKUP
&nbsp;&nbsp;&nbsp;&nbsp;interface&nbsp;ens33
&nbsp;&nbsp;&nbsp;&nbsp;virtual_router_id&nbsp;51&nbsp;#&nbsp;VRRP&nbsp;路由&nbsp;ID实例，每个实例是唯一的
&nbsp;&nbsp;&nbsp;&nbsp;priority&nbsp;90
&nbsp;&nbsp;&nbsp;&nbsp;advert_int&nbsp;1
&nbsp;&nbsp;&nbsp;&nbsp;authentication&nbsp;{
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;auth_type&nbsp;PASS
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;auth_pass&nbsp;1111
&nbsp;&nbsp;&nbsp;&nbsp;}
&nbsp;&nbsp;&nbsp;&nbsp;virtual_ipaddress&nbsp;{
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;192.168.0.120/24
&nbsp;&nbsp;&nbsp;&nbsp;}
&nbsp;&nbsp;&nbsp;&nbsp;track_script&nbsp;{
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;check_nginx
&nbsp;&nbsp;&nbsp;&nbsp;}
}
EOF

检查 nginx 状态脚本：

讯享网cat&nbsp;&gt;&nbsp;/etc/keepalived/check_nginx.sh&nbsp;&nbsp;&lt;&lt;&nbsp;“EOF”
#!/bin/bash
count=\((ps&nbsp;-ef&nbsp;|grep&nbsp;nginx&nbsp;|egrep&nbsp;-cv&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(181, 189, 104);overflow-wrap: inherit !important;word-break: inherit !important;">"grep|\)\("</span>)<br /><br /><span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">if</span>&nbsp;[&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(181, 189, 104);overflow-wrap: inherit !important;word-break: inherit !important;">"<span style="font-size: inherit;line-height: inherit;color: rgb(204, 102, 102);overflow-wrap: inherit !important;word-break: inherit !important;">\)count“&nbsp;-eq&nbsp;0&nbsp;];then
&nbsp;&nbsp;&nbsp;&nbsp;exit&nbsp;1
else
&nbsp;&nbsp;&nbsp;&nbsp;exit&nbsp;0
fi
EOF
chmod&nbsp;+x&nbsp;/etc/keepalived/check_nginx.sh

5、启动并设置开机启动

systemctl&nbsp;daemon-reload
systemctl&nbsp;restart&nbsp;nginx&nbsp;&&&nbsp;systemctl&nbsp;enable&nbsp;nginx&nbsp;&&&nbsp;systemctl&nbsp;status&nbsp;nginx
systemctl&nbsp;restart&nbsp;keepalived&nbsp;&&&nbsp;systemctl&nbsp;enable&nbsp;keepalived&nbsp;&&&nbsp;systemctl&nbsp;status&nbsp;keepalived

查看 VIP

讯享网ip&nbsp;a

6、修改 hosts（所有节点）

将 cluster-endpoint 之前执行的 ip 修改执行现在的 VIP

192.168.0.113&nbsp;k8s-master-168-0-113
192.168.0.114&nbsp;k8s-node1-168-0-114
192.168.0.115&nbsp;k8s-node2-168-0-115
192.168.0.116&nbsp;k8s-master2-168-0-116
192.168.0.120&nbsp;cluster-endpoint

7、测试验证

查看版本（负载均衡测试验证）

讯享网curl&nbsp;-k&nbsp;https://cluster-endpoint:16443/version

高可用测试验证，将 k8s-master-168-0-113 节点关机

shutdown&nbsp;-h&nbsp;now
curl&nbsp;-k&nbsp;https://cluster-endpoint:16443/version
kubectl&nbsp;get&nbsp;nodes&nbsp;-A
kubectl&nbsp;get&nbsp;pods&nbsp;-A

【温馨提示】堆叠集群存在耦合失败的风险。如果一个节点发生故障，则 etcd 成员和控制平面实例都将丢失，并且冗余会受到影响。你可以通过添加更多控制平面节点来降低此风险。

1）dashboard 部署

GitHub 地址：https://github.com/kubernetes/dashboard

讯享网kubectl&nbsp;apply&nbsp;-f&nbsp;https://raw.githubusercontent.com/kubernetes/dashboard/v2.6.0/aio/deploy/recommended.yaml
kubectl&nbsp;get&nbsp;pods&nbsp;-n&nbsp;kubernetes-dashboard

但是这个只能内部访问，所以要外部访问，要么部署 ingress，要么就是设置 service NodePort 类型。这里选择 service 暴露端口。

wget&nbsp;https://raw.githubusercontent.com/kubernetes/dashboard/v2.6.0/aio/deploy/recommended.yaml

修改后的内容如下：

讯享网#&nbsp;Copyright&nbsp;2017&nbsp;The&nbsp;Kubernetes&nbsp;Authors.
#
#&nbsp;Licensed&nbsp;under&nbsp;the&nbsp;Apache&nbsp;License,&nbsp;Version&nbsp;2.0&nbsp;(the&nbsp;“License”);
#&nbsp;you&nbsp;may&nbsp;not&nbsp;use&nbsp;this&nbsp;file&nbsp;except&nbsp;in&nbsp;compliance&nbsp;with&nbsp;the&nbsp;License.
#&nbsp;You&nbsp;may&nbsp;obtain&nbsp;a&nbsp;copy&nbsp;of&nbsp;the&nbsp;License&nbsp;at
#
#&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;http://www.apache.org/licenses/LICENSE-2.0
#
#&nbsp;Unless&nbsp;required&nbsp;by&nbsp;applicable&nbsp;law&nbsp;or&nbsp;agreed&nbsp;to&nbsp;in&nbsp;writing,&nbsp;software
#&nbsp;distributed&nbsp;under&nbsp;the&nbsp;License&nbsp;is&nbsp;distributed&nbsp;on&nbsp;an&nbsp;“AS&nbsp;IS”&nbsp;BASIS,
#&nbsp;WITHOUT&nbsp;WARRANTIES&nbsp;OR&nbsp;CONDITIONS&nbsp;OF&nbsp;ANY&nbsp;KIND,&nbsp;either&nbsp;express&nbsp;or&nbsp;implied.
#&nbsp;See&nbsp;the&nbsp;License&nbsp;for&nbsp;the&nbsp;specific&nbsp;language&nbsp;governing&nbsp;permissions&nbsp;and
#&nbsp;limitations&nbsp;under&nbsp;the&nbsp;License.

apiVersion:&nbsp;v1
kind:&nbsp;Namespace
metadata:
&nbsp;&nbsp;name:&nbsp;kubernetes-dashboard

—

apiVersion:&nbsp;v1
kind:&nbsp;ServiceAccount
metadata:
&nbsp;&nbsp;labels:
&nbsp;&nbsp;&nbsp;&nbsp;k8s-app:&nbsp;kubernetes-dashboard
&nbsp;&nbsp;name:&nbsp;kubernetes-dashboard
&nbsp;&nbsp;namespace:&nbsp;kubernetes-dashboard

—

kind:&nbsp;Service
apiVersion:&nbsp;v1
metadata:
&nbsp;&nbsp;labels:
&nbsp;&nbsp;&nbsp;&nbsp;k8s-app:&nbsp;kubernetes-dashboard
&nbsp;&nbsp;name:&nbsp;kubernetes-dashboard
&nbsp;&nbsp;namespace:&nbsp;kubernetes-dashboard
spec:
&nbsp;&nbsp;type:&nbsp;NodePort
&nbsp;&nbsp;ports:
&nbsp;&nbsp;&nbsp;&nbsp;-&nbsp;port:&nbsp;443
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;targetPort:&nbsp;8443
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;nodePort:&nbsp;31443
&nbsp;&nbsp;selector:
&nbsp;&nbsp;&nbsp;&nbsp;k8s-app:&nbsp;kubernetes-dashboard

—

apiVersion:&nbsp;v1
kind:&nbsp;Secret
metadata:
&nbsp;&nbsp;labels:
&nbsp;&nbsp;&nbsp;&nbsp;k8s-app:&nbsp;kubernetes-dashboard
&nbsp;&nbsp;name:&nbsp;kubernetes-dashboard-certs
&nbsp;&nbsp;namespace:&nbsp;kubernetes-dashboard
type:&nbsp;Opaque

—

apiVersion:&nbsp;v1
kind:&nbsp;Secret
metadata:
&nbsp;&nbsp;labels:
&nbsp;&nbsp;&nbsp;&nbsp;k8s-app:&nbsp;kubernetes-dashboard
&nbsp;&nbsp;name:&nbsp;kubernetes-dashboard-csrf
&nbsp;&nbsp;namespace:&nbsp;kubernetes-dashboard
type:&nbsp;Opaque
data:
&nbsp;&nbsp;csrf:&nbsp;””

—

apiVersion:&nbsp;v1
kind:&nbsp;Secret
metadata:
&nbsp;&nbsp;labels:
&nbsp;&nbsp;&nbsp;&nbsp;k8s-app:&nbsp;kubernetes-dashboard
&nbsp;&nbsp;name:&nbsp;kubernetes-dashboard-key-holder
&nbsp;&nbsp;namespace:&nbsp;kubernetes-dashboard
type:&nbsp;Opaque

—

kind:&nbsp;ConfigMap
apiVersion:&nbsp;v1
metadata:
&nbsp;&nbsp;labels:
&nbsp;&nbsp;&nbsp;&nbsp;k8s-app:&nbsp;kubernetes-dashboard
&nbsp;&nbsp;name:&nbsp;kubernetes-dashboard-settings
&nbsp;&nbsp;namespace:&nbsp;kubernetes-dashboard

—

kind:&nbsp;Role
apiVersion:&nbsp;rbac.authorization.k8s.io/v1
metadata:
&nbsp;&nbsp;labels:
&nbsp;&nbsp;&nbsp;&nbsp;k8s-app:&nbsp;kubernetes-dashboard
&nbsp;&nbsp;name:&nbsp;kubernetes-dashboard
&nbsp;&nbsp;namespace:&nbsp;kubernetes-dashboard
rules:
&nbsp;&nbsp;#&nbsp;Allow&nbsp;Dashboard&nbsp;to&nbsp;get,&nbsp;update&nbsp;and&nbsp;delete&nbsp;Dashboard&nbsp;exclusive&nbsp;secrets.
&nbsp;&nbsp;-&nbsp;apiGroups:&nbsp;[””]
&nbsp;&nbsp;&nbsp;&nbsp;resources:&nbsp;[“secrets”]
&nbsp;&nbsp;&nbsp;&nbsp;resourceNames:&nbsp;[“kubernetes-dashboard-key-holder”,&nbsp;“kubernetes-dashboard-certs”,&nbsp;“kubernetes-dashboard-csrf”]
&nbsp;&nbsp;&nbsp;&nbsp;verbs:&nbsp;[“get”,&nbsp;“update”,&nbsp;“delete”]
&nbsp;&nbsp;&nbsp;&nbsp;#&nbsp;Allow&nbsp;Dashboard&nbsp;to&nbsp;get&nbsp;and&nbsp;update&nbsp;‘kubernetes-dashboard-settings’&nbsp;config&nbsp;map.
&nbsp;&nbsp;-&nbsp;apiGroups:&nbsp;[””]
&nbsp;&nbsp;&nbsp;&nbsp;resources:&nbsp;[“configmaps”]
&nbsp;&nbsp;&nbsp;&nbsp;resourceNames:&nbsp;[“kubernetes-dashboard-settings”]
&nbsp;&nbsp;&nbsp;&nbsp;verbs:&nbsp;[“get”,&nbsp;“update”]
&nbsp;&nbsp;&nbsp;&nbsp;#&nbsp;Allow&nbsp;Dashboard&nbsp;to&nbsp;get&nbsp;metrics.
&nbsp;&nbsp;-&nbsp;apiGroups:&nbsp;[””]
&nbsp;&nbsp;&nbsp;&nbsp;resources:&nbsp;[“services”]
&nbsp;&nbsp;&nbsp;&nbsp;resourceNames:&nbsp;[“heapster”,&nbsp;“dashboard-metrics-scraper”]
&nbsp;&nbsp;&nbsp;&nbsp;verbs:&nbsp;[“proxy”]
&nbsp;&nbsp;-&nbsp;apiGroups:&nbsp;[””]
&nbsp;&nbsp;&nbsp;&nbsp;resources:&nbsp;[“services/proxy”]
&nbsp;&nbsp;&nbsp;&nbsp;resourceNames:&nbsp;[“heapster”,&nbsp;“http:heapster:”,&nbsp;“https:heapster:”,&nbsp;“dashboard-metrics-scraper”,&nbsp;“http:dashboard-metrics-scraper”]
&nbsp;&nbsp;&nbsp;&nbsp;verbs:&nbsp;[“get”]

—

kind:&nbsp;ClusterRole
apiVersion:&nbsp;rbac.authorization.k8s.io/v1
metadata:
&nbsp;&nbsp;labels:
&nbsp;&nbsp;&nbsp;&nbsp;k8s-app:&nbsp;kubernetes-dashboard
&nbsp;&nbsp;name:&nbsp;kubernetes-dashboard
rules:
&nbsp;&nbsp;#&nbsp;Allow&nbsp;Metrics&nbsp;Scraper&nbsp;to&nbsp;get&nbsp;metrics&nbsp;from&nbsp;the&nbsp;Metrics&nbsp;server
&nbsp;&nbsp;-&nbsp;apiGroups:&nbsp;[“metrics.k8s.io”]
&nbsp;&nbsp;&nbsp;&nbsp;resources:&nbsp;[“pods”,&nbsp;“nodes”]
&nbsp;&nbsp;&nbsp;&nbsp;verbs:&nbsp;[“get”,&nbsp;“list”,&nbsp;“watch”]

—

apiVersion:&nbsp;rbac.authorization.k8s.io/v1
kind:&nbsp;RoleBinding
metadata:
&nbsp;&nbsp;labels:
&nbsp;&nbsp;&nbsp;&nbsp;k8s-app:&nbsp;kubernetes-dashboard
&nbsp;&nbsp;name:&nbsp;kubernetes-dashboard
&nbsp;&nbsp;namespace:&nbsp;kubernetes-dashboard
roleRef:
&nbsp;&nbsp;apiGroup:&nbsp;rbac.authorization.k8s.io
&nbsp;&nbsp;kind:&nbsp;Role
&nbsp;&nbsp;name:&nbsp;kubernetes-dashboard
subjects:
&nbsp;&nbsp;-&nbsp;kind:&nbsp;ServiceAccount
&nbsp;&nbsp;&nbsp;&nbsp;name:&nbsp;kubernetes-dashboard
&nbsp;&nbsp;&nbsp;&nbsp;namespace:&nbsp;kubernetes-dashboard

—

apiVersion:&nbsp;rbac.authorization.k8s.io/v1
kind:&nbsp;ClusterRoleBinding
metadata:
&nbsp;&nbsp;name:&nbsp;kubernetes-dashboard
roleRef:
&nbsp;&nbsp;apiGroup:&nbsp;rbac.authorization.k8s.io
&nbsp;&nbsp;kind:&nbsp;ClusterRole
&nbsp;&nbsp;name:&nbsp;kubernetes-dashboard
subjects:
&nbsp;&nbsp;-&nbsp;kind:&nbsp;ServiceAccount
&nbsp;&nbsp;&nbsp;&nbsp;name:&nbsp;kubernetes-dashboard
&nbsp;&nbsp;&nbsp;&nbsp;namespace:&nbsp;kubernetes-dashboard

—

kind:&nbsp;Deployment
apiVersion:&nbsp;apps/v1
metadata:
&nbsp;&nbsp;labels:
&nbsp;&nbsp;&nbsp;&nbsp;k8s-app:&nbsp;kubernetes-dashboard
&nbsp;&nbsp;name:&nbsp;kubernetes-dashboard
&nbsp;&nbsp;namespace:&nbsp;kubernetes-dashboard
spec:
&nbsp;&nbsp;replicas:&nbsp;1
&nbsp;&nbsp;revisionHistoryLimit:&nbsp;10
&nbsp;&nbsp;selector:
&nbsp;&nbsp;&nbsp;&nbsp;matchLabels:
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;k8s-app:&nbsp;kubernetes-dashboard
&nbsp;&nbsp;template:
&nbsp;&nbsp;&nbsp;&nbsp;metadata:
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;labels:
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;k8s-app:&nbsp;kubernetes-dashboard
&nbsp;&nbsp;&nbsp;&nbsp;spec:
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;securityContext:
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;seccompProfile:
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;type:&nbsp;RuntimeDefault
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;containers:
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;-&nbsp;name:&nbsp;kubernetes-dashboard
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;image:&nbsp;kubernetesui/dashboard:v2.6.0
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;imagePullPolicy:&nbsp;Always
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;ports:
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;-&nbsp;containerPort:&nbsp;8443
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;protocol:&nbsp;TCP
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;args:
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;-&nbsp;–auto-generate-certificates
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;-&nbsp;–namespace=kubernetes-dashboard
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;#&nbsp;Uncomment&nbsp;the&nbsp;following&nbsp;line&nbsp;to&nbsp;manually&nbsp;specify&nbsp;Kubernetes&nbsp;API&nbsp;server&nbsp;Host
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;#&nbsp;If&nbsp;not&nbsp;specified,&nbsp;Dashboard&nbsp;will&nbsp;attempt&nbsp;to&nbsp;auto&nbsp;discover&nbsp;the&nbsp;API&nbsp;server&nbsp;and&nbsp;connect
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;#&nbsp;to&nbsp;it.&nbsp;Uncomment&nbsp;only&nbsp;if&nbsp;the&nbsp;default&nbsp;does&nbsp;not&nbsp;work.
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;#&nbsp;-&nbsp;–apiserver-host=http://my-address:port
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;volumeMounts:
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;-&nbsp;name:&nbsp;kubernetes-dashboard-certs
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;mountPath:&nbsp;/certs
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;#&nbsp;Create&nbsp;on-disk&nbsp;volume&nbsp;to&nbsp;store&nbsp;exec&nbsp;logs
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;-&nbsp;mountPath:&nbsp;/tmp
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;name:&nbsp;tmp-volume
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;livenessProbe:
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;httpGet:
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;scheme:&nbsp;HTTPS
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;path:&nbsp;/
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;port:&nbsp;8443
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;initialDelaySeconds:&nbsp;30
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;timeoutSeconds:&nbsp;30
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;securityContext:
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;allowPrivilegeEscalation:&nbsp;false
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;readOnlyRootFilesystem:&nbsp;true
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;runAsUser:&nbsp;1001
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;runAsGroup:&nbsp;2001
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;volumes:
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;-&nbsp;name:&nbsp;kubernetes-dashboard-certs
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;secret:
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;secretName:&nbsp;kubernetes-dashboard-certs
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;-&nbsp;name:&nbsp;tmp-volume
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;emptyDir:&nbsp;{}
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;serviceAccountName:&nbsp;kubernetes-dashboard
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;nodeSelector:
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;“kubernetes.io/os”:&nbsp;linux
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;#&nbsp;Comment&nbsp;the&nbsp;following&nbsp;tolerations&nbsp;if&nbsp;Dashboard&nbsp;must&nbsp;not&nbsp;be&nbsp;deployed&nbsp;on&nbsp;master
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;tolerations:
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;-&nbsp;key:&nbsp;node-role.kubernetes.io/master
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;effect:&nbsp;NoSchedule

—

kind:&nbsp;Service
apiVersion:&nbsp;v1
metadata:
&nbsp;&nbsp;labels:
&nbsp;&nbsp;&nbsp;&nbsp;k8s-app:&nbsp;dashboard-metrics-scraper
&nbsp;&nbsp;name:&nbsp;dashboard-metrics-scraper
&nbsp;&nbsp;namespace:&nbsp;kubernetes-dashboard
spec:
&nbsp;&nbsp;ports:
&nbsp;&nbsp;&nbsp;&nbsp;-&nbsp;port:&nbsp;8000
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;targetPort:&nbsp;8000
&nbsp;&nbsp;selector:
&nbsp;&nbsp;&nbsp;&nbsp;k8s-app:&nbsp;dashboard-metrics-scraper

—

kind:&nbsp;Deployment
apiVersion:&nbsp;apps/v1
metadata:
&nbsp;&nbsp;labels:
&nbsp;&nbsp;&nbsp;&nbsp;k8s-app:&nbsp;dashboard-metrics-scraper
&nbsp;&nbsp;name:&nbsp;dashboard-metrics-scraper
&nbsp;&nbsp;namespace:&nbsp;kubernetes-dashboard
spec:
&nbsp;&nbsp;replicas:&nbsp;1
&nbsp;&nbsp;revisionHistoryLimit:&nbsp;10
&nbsp;&nbsp;selector:
&nbsp;&nbsp;&nbsp;&nbsp;matchLabels:
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;k8s-app:&nbsp;dashboard-metrics-scraper
&nbsp;&nbsp;template:
&nbsp;&nbsp;&nbsp;&nbsp;metadata:
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;labels:
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;k8s-app:&nbsp;dashboard-metrics-scraper
&nbsp;&nbsp;&nbsp;&nbsp;spec:
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;securityContext:
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;seccompProfile:
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;type:&nbsp;RuntimeDefault
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;containers:
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;-&nbsp;name:&nbsp;dashboard-metrics-scraper
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;image:&nbsp;kubernetesui/metrics-scraper:v1.0.8
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;ports:
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;-&nbsp;containerPort:&nbsp;8000
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;protocol:&nbsp;TCP
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;livenessProbe:
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;httpGet:
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;scheme:&nbsp;HTTP
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;path:&nbsp;/
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;port:&nbsp;8000
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;initialDelaySeconds:&nbsp;30
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;timeoutSeconds:&nbsp;30
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;volumeMounts:
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;-&nbsp;mountPath:&nbsp;/tmp
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;name:&nbsp;tmp-volume
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;securityContext:
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;allowPrivilegeEscalation:&nbsp;false
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;readOnlyRootFilesystem:&nbsp;true
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;runAsUser:&nbsp;1001
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;runAsGroup:&nbsp;2001
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;serviceAccountName:&nbsp;kubernetes-dashboard
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;nodeSelector:
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;“kubernetes.io/os”:&nbsp;linux
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;#&nbsp;Comment&nbsp;the&nbsp;following&nbsp;tolerations&nbsp;if&nbsp;Dashboard&nbsp;must&nbsp;not&nbsp;be&nbsp;deployed&nbsp;on&nbsp;master
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;tolerations:
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;-&nbsp;key:&nbsp;node-role.kubernetes.io/master
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;effect:&nbsp;NoSchedule
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;volumes:
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;-&nbsp;name:&nbsp;tmp-volume
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;emptyDir:&nbsp;{}

重新部署

kubectl&nbsp;delete&nbsp;-f&nbsp;recommended.yaml
kubectl&nbsp;apply&nbsp;-f&nbsp;recommended.yaml
kubectl&nbsp;get&nbsp;svc,pods&nbsp;-n&nbsp;kubernetes-dashboard

2）创建登录用户

讯享网cat&nbsp;&gt;ServiceAccount.yaml&lt;&lt;EOF
apiVersion:&nbsp;v1
kind:&nbsp;ServiceAccount
metadata:
&nbsp;&nbsp;name:&nbsp;admin-user
&nbsp;&nbsp;namespace:&nbsp;kubernetes-dashboard
—
apiVersion:&nbsp;rbac.authorization.k8s.io/v1
kind:&nbsp;ClusterRoleBinding
metadata:
&nbsp;&nbsp;name:&nbsp;admin-user
roleRef:
&nbsp;&nbsp;apiGroup:&nbsp;rbac.authorization.k8s.io
&nbsp;&nbsp;kind:&nbsp;ClusterRole
&nbsp;&nbsp;name:&nbsp;cluster-admin
subjects:
-&nbsp;kind:&nbsp;ServiceAccount
&nbsp;&nbsp;name:&nbsp;admin-user
&nbsp;&nbsp;namespace:&nbsp;kubernetes-dashboard
EOF
kubectl&nbsp;apply&nbsp;-f&nbsp;ServiceAccount.yaml

创建并获取登录 token

kubectl&nbsp;-n&nbsp;kubernetes-dashboard&nbsp;create&nbsp;token&nbsp;admin-user

3）配置 hosts 登录 dashboard web

讯享网192.168.0.120&nbsp;cluster-endpoint

登录：https://cluster-endpoint:31443

输入上面创建的 token 登录

GitHub 地址：https://github.com/helm/helm/releases
这使用 helm 安装，所以得先安装 helm

1）安装 helm

mkdir&nbsp;-p&nbsp;/opt/k8s/helm&nbsp;&&&nbsp;cd&nbsp;/opt/k8s/helm
wget&nbsp;https://get.helm.sh/helm-v3.9.0-rc.1-linux-amd64.tar.gz
tar&nbsp;-xf&nbsp;helm-v3.9.0-rc.1-linux-amd64.tar.gz
ln&nbsp;-s&nbsp;/opt/k8s/helm/linux-amd64/helm&nbsp;/usr/bin/helm
helm&nbsp;version
helm&nbsp;help

2）配置 hosts

讯享网192.168.0.120&nbsp;myharbor.com

3）创建 stl 证书

mkdir&nbsp;/opt/k8s/helm/stl&nbsp;&&&nbsp;cd&nbsp;/opt/k8s/helm/stl
#&nbsp;生成&nbsp;CA&nbsp;证书私钥
openssl&nbsp;genrsa&nbsp;-out&nbsp;ca.key&nbsp;4096
#&nbsp;生成&nbsp;CA&nbsp;证书
openssl&nbsp;req&nbsp;-x509&nbsp;-new&nbsp;-nodes&nbsp;-sha512&nbsp;-days&nbsp;3650&nbsp;<br />&nbsp;-subj&nbsp;”/C=CN/ST=Guangdong/L=Shenzhen/O=harbor/OU=harbor/CN=myharbor.com”&nbsp;<br />&nbsp;-key&nbsp;ca.key&nbsp;<br />&nbsp;-out&nbsp;ca.crt
#&nbsp;创建域名证书，生成私钥
openssl&nbsp;genrsa&nbsp;-out&nbsp;myharbor.com.key&nbsp;4096
#&nbsp;生成证书签名请求&nbsp;CSR
openssl&nbsp;req&nbsp;-sha512&nbsp;-new&nbsp;<br />&nbsp;&nbsp;&nbsp;&nbsp;-subj&nbsp;”/C=CN/ST=Guangdong/L=Shenzhen/O=harbor/OU=harbor/CN=myharbor.com”&nbsp;<br />&nbsp;&nbsp;&nbsp;&nbsp;-key&nbsp;myharbor.com.key&nbsp;<br />&nbsp;&nbsp;&nbsp;&nbsp;-out&nbsp;myharbor.com.csr
#&nbsp;生成&nbsp;x509&nbsp;v3&nbsp;扩展
cat&nbsp;&gt;&nbsp;v3.ext&nbsp;&lt;&lt;-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage&nbsp;=&nbsp;digitalSignature,&nbsp;nonRepudiation,&nbsp;keyEncipherment,&nbsp;dataEncipherment
extendedKeyUsage&nbsp;=&nbsp;serverAuth
subjectAltName&nbsp;=&nbsp;@alt_names

[alt_names]
DNS.1=myharbor.com
DNS.2=.myharbor.com
DNS.3=hostname
EOF
#创建&nbsp;Harbor&nbsp;访问证书
openssl&nbsp;x509&nbsp;-req&nbsp;-sha512&nbsp;-days&nbsp;3650&nbsp;<br />&nbsp;&nbsp;&nbsp;&nbsp;-extfile&nbsp;v3.ext&nbsp;<br />&nbsp;&nbsp;&nbsp;&nbsp;-CA&nbsp;ca.crt&nbsp;-CAkey&nbsp;ca.key&nbsp;-CAcreateserial&nbsp;<br />&nbsp;&nbsp;&nbsp;&nbsp;-in&nbsp;myharbor.com.csr&nbsp;<br />&nbsp;&nbsp;&nbsp;&nbsp;-out&nbsp;myharbor.com.crt

ingress 官方网站：https://kubernetes.github.io/ingress-nginx/
ingress 仓库地址：https://github.com/kubernetes/ingress-nginx
部署文档：https://kubernetes.github.io/ingress-nginx/deploy/

1、通过 helm 部署

讯享网helm&nbsp;upgrade&nbsp;–install&nbsp;ingress-nginx&nbsp;ingress-nginx&nbsp;<br />&nbsp;&nbsp;–repo&nbsp;https://kubernetes.github.io/ingress-nginx&nbsp;</span>
&nbsp;&nbsp;–namespace&nbsp;ingress-nginx&nbsp;–create-namespace

2、通过 YAML 文件安装（本章使用这个方式安装 ingress）

kubectl&nbsp;apply&nbsp;-f&nbsp;https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.2.0/deploy/static/provider/cloud/deploy.yaml

如果下载镜像失败，可以用以下方式修改镜像地址再安装

讯享网#&nbsp;可以先把镜像下载，再安装
docker&nbsp;pull&nbsp;registry.cn-hangzhou.aliyuncs.com/google_containers/nginx-ingress-controller:v1.2.0
docker&nbsp;pull&nbsp;registry.cn-hangzhou.aliyuncs.com/google_containers/kube-webhook-certgen:v1.1.1

wget&nbsp;https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.2.0/deploy/static/provider/cloud/deploy.yaml
#&nbsp;修改镜像地址
sed&nbsp;-i&nbsp;’s@k8s.gcr.io/ingress-nginx/controller:v1.2.0(.)@registry.cn-hangzhou.aliyuncs.com/google_containers/nginx-ingress-controller:v1.2.0@’&nbsp;deploy.yaml
sed&nbsp;-i&nbsp;’s@k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.1.1(.)\(<span style="font-size: inherit;line-height: inherit;color: rgb(204, 102, 102);overflow-wrap: inherit !important;word-break: inherit !important;">@registry</span>.cn-hangzhou.aliyuncs.com/google_containers/kube-webhook-certgen:v1.1.1@'</span>&nbsp;deploy.yaml<br /><br /><span style="font-size: inherit;line-height: inherit;color: rgb(150, 152, 150);overflow-wrap: inherit !important;word-break: inherit !important;">还需要修改两地方</span><br /><span style="font-size: inherit;line-height: inherit;color: rgb(150, 152, 150);overflow-wrap: inherit !important;word-break: inherit !important;">#1、kind:&nbsp;类型修改成DaemonSet，replicas:&nbsp;注销掉，因为DaemonSet模式会每个节点运行一个pod</span><br /><span style="font-size: inherit;line-height: inherit;color: rgb(150, 152, 150);overflow-wrap: inherit !important;word-break: inherit !important;">#2、在添加一条：hostnetwork：true</span><br /><span style="font-size: inherit;line-height: inherit;color: rgb(150, 152, 150);overflow-wrap: inherit !important;word-break: inherit !important;">#3、把LoadBalancer修改成NodePort</span><br /><span style="font-size: inherit;line-height: inherit;color: rgb(150, 152, 150);overflow-wrap: inherit !important;word-break: inherit !important;">#4、在--validating-webhook-key下面添加-&nbsp;--watch-ingress-without-class=true</span><br /><span style="font-size: inherit;line-height: inherit;color: rgb(150, 152, 150);overflow-wrap: inherit !important;word-break: inherit !important;">#5、设置master节点可调度</span><br />kubectl&nbsp;taint&nbsp;nodes&nbsp;k8s-master-<span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">168</span>-<span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">0</span>-<span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">113</span>&nbsp;node-role.kubernetes.io/control-plane:NoSchedule-<br />kubectl&nbsp;taint&nbsp;nodes&nbsp;k8s-master2-<span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">168</span>-<span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">0</span>-<span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">116</span>&nbsp;node-role.kubernetes.io/control-plane:NoSchedule-<br /><br />kubectl&nbsp;apply&nbsp;-f&nbsp;deploy.yaml<br /></code></pre></section><p style="font-size: inherit;color: inherit;line-height: inherit;margin-top: 1.5em;margin-bottom: 1.5em;"><img src="https://mmbiz.qpic.cn/mmbiz_png/fEsWkVrSk548VEHHslAONpOdL84WRUII2wm3sNm8uibdHiale81lVLkTsQ4xARicxZu30Im5zWmmONaJHCB8AzX9A/640?wx_fmt=png" class="rich_pages wxw-img" data-ratio="0.85185" data-src="https://mmbiz.qpic.cn/mmbiz_png/fEsWkVrSk548VEHHslAONpOdL84WRUII2wm3sNm8uibdHiale81lVLkTsQ4xARicxZu30Im5zWmmONaJHCB8AzX9A/640?wx_fmt=png" data-type="png" data-w="1080" /></p></section><section style="font-size: 16px;color: rgb(62, 62, 62);line-height: 1.6;letter-spacing: 0px;font-family: &#39;Helvetica Neue&#39;, Helvetica, &#39;Hiragino Sans GB&#39;, &#39;Microsoft YaHei&#39;, Arial, sans-serif;"><h4 style="color: inherit;line-height: inherit;margin-top: 1.5em;margin-bottom: 1.5em;font-weight: bold;font-size: 1.2em;"><span style="font-size: inherit;color: inherit;line-height: inherit;">5）安装 nfs</span></h4><p style="font-size: inherit;color: inherit;line-height: inherit;margin-top: 1.5em;margin-bottom: 1.5em;">1、所有节点安装 nfs</p><pre style="font-size: inherit;color: inherit;line-height: inherit;"><code style="margin-right: 2px;margin-left: 2px;line-height: 18px;font-size: 14px;letter-spacing: 0px;font-family: Consolas, Inconsolata, Courier, monospace;border-radius: 0px;background: rgb(29, 31, 33);color: rgb(197, 200, 198);padding: 0.5em;overflow-wrap: normal !important;word-break: normal !important;overflow: auto !important;display: -webkit-box !important;"><span style="font-size: inherit;line-height: inherit;color: rgb(240, 198, 116);overflow-wrap: inherit !important;word-break: inherit !important;">yum</span>&nbsp;-y&nbsp;install&nbsp;&nbsp;nfs-utils&nbsp;rpcbind<br /></code></pre><p style="font-size: inherit;color: inherit;line-height: inherit;margin-top: 1.5em;margin-bottom: 1.5em;">2、在 master 节点创建共享目录并授权</p><pre style="font-size: inherit;color: inherit;line-height: inherit;"><code style="margin-right: 2px;margin-left: 2px;line-height: 18px;font-size: 14px;letter-spacing: 0px;font-family: Consolas, Inconsolata, Courier, monospace;border-radius: 0px;background: rgb(29, 31, 33);color: rgb(197, 200, 198);padding: 0.5em;overflow-wrap: normal !important;word-break: normal !important;overflow: auto !important;display: -webkit-box !important;"><span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">mkdir</span>&nbsp;/opt/nfsdata<br /><span style="font-size: inherit;line-height: inherit;color: rgb(150, 152, 150);overflow-wrap: inherit !important;word-break: inherit !important;">#&nbsp;授权共享目录</span><br /><span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">chmod</span>&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">666</span>&nbsp;/opt/nfsdata<br /></code></pre><p style="font-size: inherit;color: inherit;line-height: inherit;margin-top: 1.5em;margin-bottom: 1.5em;">3、配置 exports 文件</p><pre style="font-size: inherit;color: inherit;line-height: inherit;"><code style="margin-right: 2px;margin-left: 2px;line-height: 18px;font-size: 14px;letter-spacing: 0px;font-family: Consolas, Inconsolata, Courier, monospace;border-radius: 0px;background: rgb(29, 31, 33);color: rgb(197, 200, 198);padding: 0.5em;overflow-wrap: normal !important;word-break: normal !important;overflow: auto !important;display: -webkit-box !important;">cat&nbsp;&gt;&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(204, 102, 102);overflow-wrap: inherit !important;word-break: inherit !important;">/etc/exports</span><span style="font-size: inherit;line-height: inherit;color: rgb(181, 189, 104);overflow-wrap: inherit !important;word-break: inherit !important;">&lt;&lt;EOF<br />/opt/nfsdata&nbsp;*(rw,no_root_squash,no_all_squash,sync)<br />EOF</span><br /><span style="font-size: inherit;line-height: inherit;color: rgb(150, 152, 150);overflow-wrap: inherit !important;word-break: inherit !important;">#&nbsp;配置生效</span><br />exportfs&nbsp;-r<br /></code></pre><p style="font-size: inherit;color: inherit;line-height: inherit;margin-top: 1.5em;margin-bottom: 1.5em;">exportfs 命令</p><blockquote style="line-height: inherit;padding: 15px 15px 15px 1rem;font-size: 0.9em;color: rgb(129, 145, 152);border-left-width: 6px;border-left-color: rgb(220, 230, 240);background: rgb(242, 247, 251);overflow: auto;overflow-wrap: normal;word-break: normal;"><p style="font-size: inherit;color: inherit;line-height: inherit;">常用选项<br />-a 全部挂载或者全部卸载<br />-r 重新挂载<br />-u 卸载某一个目录<br />-v 显示共享目录 以下操作在服务端上</p></blockquote><p style="font-size: inherit;color: inherit;line-height: inherit;margin-top: 1.5em;margin-bottom: 1.5em;">4、启动 rpc 和 nfs（客户端只需要启动 rpc 服务）（注意顺序）</p><pre style="font-size: inherit;color: inherit;line-height: inherit;"><code style="margin-right: 2px;margin-left: 2px;line-height: 18px;font-size: 14px;letter-spacing: 0px;font-family: Consolas, Inconsolata, Courier, monospace;border-radius: 0px;background: rgb(29, 31, 33);color: rgb(197, 200, 198);padding: 0.5em;overflow-wrap: normal !important;word-break: normal !important;overflow: auto !important;display: -webkit-box !important;">systemctl&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">start</span>&nbsp;rpcbind<br />systemctl&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">start</span>&nbsp;nfs-<span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">server</span><br />systemctl&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">enable</span>&nbsp;rpcbind<br />systemctl&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">enable</span>&nbsp;nfs-<span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">server</span><br /></code></pre><p style="font-size: inherit;color: inherit;line-height: inherit;margin-top: 1.5em;margin-bottom: 1.5em;">查看</p><pre style="font-size: inherit;color: inherit;line-height: inherit;"><code style="margin-right: 2px;margin-left: 2px;line-height: 18px;font-size: 14px;letter-spacing: 0px;font-family: Consolas, Inconsolata, Courier, monospace;border-radius: 0px;background: rgb(29, 31, 33);color: rgb(197, 200, 198);padding: 0.5em;overflow-wrap: normal !important;word-break: normal !important;overflow: auto !important;display: -webkit-box !important;"><span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">showmount</span>&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">-e</span><br />#&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">VIP</span><br /><span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">showmount</span>&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">-e</span>&nbsp;192<span style="font-size: inherit;line-height: inherit;color: rgb(204, 102, 102);overflow-wrap: inherit !important;word-break: inherit !important;">.168</span><span style="font-size: inherit;line-height: inherit;color: rgb(204, 102, 102);overflow-wrap: inherit !important;word-break: inherit !important;">.0</span><span style="font-size: inherit;line-height: inherit;color: rgb(204, 102, 102);overflow-wrap: inherit !important;word-break: inherit !important;">.120</span><br /></code></pre><blockquote style="line-height: inherit;padding: 15px 15px 15px 1rem;font-size: 0.9em;color: rgb(129, 145, 152);border-left-width: 6px;border-left-color: rgb(220, 230, 240);background: rgb(242, 247, 251);overflow: auto;overflow-wrap: normal;word-break: normal;"><p style="font-size: inherit;color: inherit;line-height: inherit;">-e 显示 NFS 服务器的共享列表<br />-a 显示本机挂载的文件资源的情况 NFS 资源的情况<br />-v 显示版本号</p></blockquote><p style="font-size: inherit;color: inherit;line-height: inherit;margin-top: 1.5em;margin-bottom: 1.5em;">5、客户端</p><pre style="font-size: inherit;color: inherit;line-height: inherit;"><code style="margin-right: 2px;margin-left: 2px;line-height: 18px;font-size: 14px;letter-spacing: 0px;font-family: Consolas, Inconsolata, Courier, monospace;border-radius: 0px;background: rgb(29, 31, 33);color: rgb(197, 200, 198);padding: 0.5em;overflow-wrap: normal !important;word-break: normal !important;overflow: auto !important;display: -webkit-box !important;"><span style="font-size: inherit;line-height: inherit;color: rgb(150, 152, 150);overflow-wrap: inherit !important;word-break: inherit !important;">#&nbsp;安装</span><br />yum&nbsp;-y&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">install</span>&nbsp;&nbsp;nfs-utils&nbsp;rpcbind<br /><span style="font-size: inherit;line-height: inherit;color: rgb(150, 152, 150);overflow-wrap: inherit !important;word-break: inherit !important;">#&nbsp;启动rpc服务</span><br />systemctl&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">start</span>&nbsp;rpcbind<br />systemctl&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">enable</span>&nbsp;rpcbind<br /><span style="font-size: inherit;line-height: inherit;color: rgb(150, 152, 150);overflow-wrap: inherit !important;word-break: inherit !important;">#&nbsp;创建挂载目录</span><br />mkdir&nbsp;/mnt/nfsdata<br /><span style="font-size: inherit;line-height: inherit;color: rgb(150, 152, 150);overflow-wrap: inherit !important;word-break: inherit !important;">#&nbsp;挂载</span><br />echo&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(181, 189, 104);overflow-wrap: inherit !important;word-break: inherit !important;">"192.168.0.120:/opt/nfsdata&nbsp;/mnt/nfsdata&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;nfs&nbsp;&nbsp;&nbsp;&nbsp;defaults&nbsp;&nbsp;0&nbsp;1"</span>&gt;&gt;&nbsp;/etc/fstab<br /><span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">mount</span>&nbsp;-a<br /></code></pre><p style="font-size: inherit;color: inherit;line-height: inherit;margin-top: 1.5em;margin-bottom: 1.5em;">6、rsync 数据同步</p><p style="font-size: inherit;color: inherit;line-height: inherit;margin-top: 1.5em;margin-bottom: 1.5em;">【1】rsync 安装</p><pre style="font-size: inherit;color: inherit;line-height: inherit;"><code style="margin-right: 2px;margin-left: 2px;line-height: 18px;font-size: 14px;letter-spacing: 0px;font-family: Consolas, Inconsolata, Courier, monospace;border-radius: 0px;background: rgb(29, 31, 33);color: rgb(197, 200, 198);padding: 0.5em;overflow-wrap: normal !important;word-break: normal !important;overflow: auto !important;display: -webkit-box !important;"><span style="font-size: inherit;line-height: inherit;color: rgb(150, 152, 150);overflow-wrap: inherit !important;word-break: inherit !important;">#&nbsp;两端都得安装</span><br /><span style="font-size: inherit;line-height: inherit;color: rgb(240, 198, 116);overflow-wrap: inherit !important;word-break: inherit !important;">yum</span>&nbsp;-y&nbsp;install&nbsp;rsync<br /></code></pre><p style="font-size: inherit;color: inherit;line-height: inherit;margin-top: 1.5em;margin-bottom: 1.5em;">【2】配置<br />在/etc/rsyncd.conf 中添加</p><pre style="font-size: inherit;color: inherit;line-height: inherit;"><code style="margin-right: 2px;margin-left: 2px;line-height: 18px;font-size: 14px;letter-spacing: 0px;font-family: Consolas, Inconsolata, Courier, monospace;border-radius: 0px;background: rgb(29, 31, 33);color: rgb(197, 200, 198);padding: 0.5em;overflow-wrap: normal !important;word-break: normal !important;overflow: auto !important;display: -webkit-box !important;">cat&nbsp;&gt;/etc/rsyncd.conf&lt;&lt;EOF<br />uid&nbsp;=&nbsp;root<br />gid&nbsp;=&nbsp;root<br /><span style="font-size: inherit;line-height: inherit;color: rgb(150, 152, 150);overflow-wrap: inherit !important;word-break: inherit !important;">#禁锢在源目录</span><br />use&nbsp;chroot&nbsp;=&nbsp;yes<br /><span style="font-size: inherit;line-height: inherit;color: rgb(150, 152, 150);overflow-wrap: inherit !important;word-break: inherit !important;">#监听地址</span><br />address&nbsp;=&nbsp;192.168.0.113<br /><span style="font-size: inherit;line-height: inherit;color: rgb(150, 152, 150);overflow-wrap: inherit !important;word-break: inherit !important;">#监听地址tcp/udp&nbsp;873，可通过cat&nbsp;/etc/services&nbsp;|&nbsp;grep&nbsp;rsync查看</span><br />port&nbsp;873<br /><span style="font-size: inherit;line-height: inherit;color: rgb(150, 152, 150);overflow-wrap: inherit !important;word-break: inherit !important;">#日志文件位置</span><br />log&nbsp;file&nbsp;=&nbsp;/var/log/rsyncd.log<br /><span style="font-size: inherit;line-height: inherit;color: rgb(150, 152, 150);overflow-wrap: inherit !important;word-break: inherit !important;">#存放进程&nbsp;ID&nbsp;的文件位置</span><br />pid&nbsp;file&nbsp;=&nbsp;/var/run/rsyncd.pid<br /><span style="font-size: inherit;line-height: inherit;color: rgb(150, 152, 150);overflow-wrap: inherit !important;word-break: inherit !important;">#允许访问的客户机地址</span><br />hosts&nbsp;allow&nbsp;=&nbsp;192.168.0.0/16<br /><span style="font-size: inherit;line-height: inherit;color: rgb(150, 152, 150);overflow-wrap: inherit !important;word-break: inherit !important;">#共享模块名称</span><br />[nfsdata]<br /><span style="font-size: inherit;line-height: inherit;color: rgb(150, 152, 150);overflow-wrap: inherit !important;word-break: inherit !important;">#源目录的实际路径</span><br />path&nbsp;=&nbsp;/opt/nfsdata<br />comment&nbsp;=&nbsp;Document&nbsp;Root&nbsp;of&nbsp;www.kgc.com<br /><span style="font-size: inherit;line-height: inherit;color: rgb(150, 152, 150);overflow-wrap: inherit !important;word-break: inherit !important;">#指定客户端是否可以上传文件，默认对所有模块为&nbsp;true</span><br />read&nbsp;only&nbsp;=&nbsp;yes<br /><span style="font-size: inherit;line-height: inherit;color: rgb(150, 152, 150);overflow-wrap: inherit !important;word-break: inherit !important;">#同步时不再压缩的文件类型</span><br />dont&nbsp;compress&nbsp;=&nbsp;*.gz&nbsp;*.bz2&nbsp;*.tgz&nbsp;*.zip&nbsp;*.rar&nbsp;*.z<br /><span style="font-size: inherit;line-height: inherit;color: rgb(150, 152, 150);overflow-wrap: inherit !important;word-break: inherit !important;">#授权账户，多个账号以空格分隔，不加则为匿名，不依赖系统账号</span><br />auth&nbsp;users&nbsp;=&nbsp;backuper<br /><span style="font-size: inherit;line-height: inherit;color: rgb(150, 152, 150);overflow-wrap: inherit !important;word-break: inherit !important;">#存放账户信息的数据文件</span><br />secrets&nbsp;file&nbsp;=&nbsp;/etc/rsyncd_users.db<br />EOF<br />配置&nbsp;rsyncd_users.db<br /><br />cat&nbsp;&gt;/etc/rsyncd_users.db&lt;&lt;EOF<br /><span style="font-size: inherit;line-height: inherit;color: rgb(129, 162, 190);overflow-wrap: inherit !important;word-break: inherit !important;">backuper:</span><br />EOF<br /><span style="font-size: inherit;line-height: inherit;color: rgb(150, 152, 150);overflow-wrap: inherit !important;word-break: inherit !important;">#官方要求，最好只是赋权600！</span><br />chmod&nbsp;600&nbsp;/etc/rsyncd_users.db<br /></code></pre><p style="font-size: inherit;color: inherit;line-height: inherit;margin-top: 1.5em;margin-bottom: 1.5em;">【3】rsyncd.conf 常用参数详解</p><p style="font-size: inherit;color: inherit;line-height: inherit;margin-top: 1.5em;margin-bottom: 1.5em;">rsyncd.conf 参数</p><section style="font-size: 16px;color: rgb(62, 62, 62);line-height: 1.6;letter-spacing: 0px;font-family: &#39;Helvetica Neue&#39;, Helvetica, &#39;Hiragino Sans GB&#39;, &#39;Microsoft YaHei&#39;, Arial, sans-serif;"><table><thead style="font-size: inherit;color: inherit;line-height: inherit;"><tr style="font-size: inherit;color: inherit;line-height: inherit;border-width: 1px 0px 0px;border-right-style: initial;border-bottom-style: initial;border-left-style: initial;border-right-color: initial;border-bottom-color: initial;border-left-color: initial;border-top-style: solid;border-top-color: rgb(204, 204, 204);background-color: white;"><th style="color: inherit;line-height: inherit;font-size: 1em;border-top-width: 1px;border-color: rgb(204, 204, 204);padding: 0.5em 1em;background-color: rgb(240, 240, 240);text-align: left;" width="144">rsyncd.conf 参数</th><th style="color: inherit;line-height: inherit;font-size: 1em;border-top-width: 1px;border-color: rgb(204, 204, 204);padding: 0.5em 1em;background-color: rgb(240, 240, 240);text-align: left;" width="405">参数说明</th></tr></thead><tbody style="font-size: inherit;color: inherit;line-height: inherit;border-width: 0px;border-style: initial;border-color: initial;"><tr style="font-size: inherit;color: inherit;line-height: inherit;border-width: 1px 0px 0px;border-right-style: initial;border-bottom-style: initial;border-left-style: initial;border-right-color: initial;border-bottom-color: initial;border-left-color: initial;border-top-style: solid;border-top-color: rgb(204, 204, 204);background-color: white;"><td style="color: inherit;line-height: inherit;font-size: 1em;border-color: rgb(204, 204, 204);padding: 0.5em 1em;" width="145">uid=root</td><td style="color: inherit;line-height: inherit;font-size: 1em;border-color: rgb(204, 204, 204);padding: 0.5em 1em;" width="353">rsync 使用的用户。</td></tr><tr style="font-size: inherit;color: inherit;line-height: inherit;border-width: 1px 0px 0px;border-right-style: initial;border-bottom-style: initial;border-left-style: initial;border-right-color: initial;border-bottom-color: initial;border-left-color: initial;border-top-style: solid;border-top-color: rgb(204, 204, 204);background-color: white;"><td style="color: inherit;line-height: inherit;font-size: 1em;border-color: rgb(204, 204, 204);padding: 0.5em 1em;" width="146">gid=root</td><td style="color: inherit;line-height: inherit;font-size: 1em;border-color: rgb(204, 204, 204);padding: 0.5em 1em;" width="365">rsync 使用的用户组（用户所在的组）</td></tr><tr style="font-size: inherit;color: inherit;line-height: inherit;border-width: 1px 0px 0px;border-right-style: initial;border-bottom-style: initial;border-left-style: initial;border-right-color: initial;border-bottom-color: initial;border-left-color: initial;border-top-style: solid;border-top-color: rgb(204, 204, 204);background-color: white;"><td style="color: inherit;line-height: inherit;font-size: 1em;border-color: rgb(204, 204, 204);padding: 0.5em 1em;" width="146">use chroot=no</td><td style="color: inherit;line-height: inherit;font-size: 1em;border-color: rgb(204, 204, 204);padding: 0.5em 1em;" width="377">如果为 true，daemon 会在客户端传输文件前“chroot to the path”。这是一种安全配置，因为我们大多数都在内网，所以不配也没关系</td></tr><tr style="font-size: inherit;color: inherit;line-height: inherit;border-width: 1px 0px 0px;border-right-style: initial;border-bottom-style: initial;border-left-style: initial;border-right-color: initial;border-bottom-color: initial;border-left-color: initial;border-top-style: solid;border-top-color: rgb(204, 204, 204);background-color: white;"><td style="color: inherit;line-height: inherit;font-size: 1em;border-color: rgb(204, 204, 204);padding: 0.5em 1em;" width="146">max connections=200</td><td style="color: inherit;line-height: inherit;font-size: 1em;border-color: rgb(204, 204, 204);padding: 0.5em 1em;" width="389">设置最大连接数，默认 0，意思无限制，负值为关闭这个模块</td></tr><tr style="font-size: inherit;color: inherit;line-height: inherit;border-width: 1px 0px 0px;border-right-style: initial;border-bottom-style: initial;border-left-style: initial;border-right-color: initial;border-bottom-color: initial;border-left-color: initial;border-top-style: solid;border-top-color: rgb(204, 204, 204);background-color: white;"><td style="color: inherit;line-height: inherit;font-size: 1em;border-color: rgb(204, 204, 204);padding: 0.5em 1em;" width="146">timeout=400</td><td style="color: inherit;line-height: inherit;font-size: 1em;border-color: rgb(204, 204, 204);padding: 0.5em 1em;" width="393">默认为 0，表示 no timeout，建议 300-600（5-10 分钟）</td></tr><tr style="font-size: inherit;color: inherit;line-height: inherit;border-width: 1px 0px 0px;border-right-style: initial;border-bottom-style: initial;border-left-style: initial;border-right-color: initial;border-bottom-color: initial;border-left-color: initial;border-top-style: solid;border-top-color: rgb(204, 204, 204);background-color: white;"><td style="color: inherit;line-height: inherit;font-size: 1em;border-color: rgb(204, 204, 204);padding: 0.5em 1em;" width="146">pid file</td><td style="color: inherit;line-height: inherit;font-size: 1em;border-color: rgb(204, 204, 204);padding: 0.5em 1em;" width="393">rsync daemon 启动后将其进程 pid 写入此文件。如果这个文件存在，rsync 不会覆盖该文件，而是会终止</td></tr><tr style="font-size: inherit;color: inherit;line-height: inherit;border-width: 1px 0px 0px;border-right-style: initial;border-bottom-style: initial;border-left-style: initial;border-right-color: initial;border-bottom-color: initial;border-left-color: initial;border-top-style: solid;border-top-color: rgb(204, 204, 204);background-color: white;"><td style="color: inherit;line-height: inherit;font-size: 1em;border-color: rgb(204, 204, 204);padding: 0.5em 1em;" width="146">lock file</td><td style="color: inherit;line-height: inherit;font-size: 1em;border-color: rgb(204, 204, 204);padding: 0.5em 1em;" width="393">指定 lock 文件用来支持“max connections”参数，使得总连接数不会超过限制</td></tr><tr style="font-size: inherit;color: inherit;line-height: inherit;border-width: 1px 0px 0px;border-right-style: initial;border-bottom-style: initial;border-left-style: initial;border-right-color: initial;border-bottom-color: initial;border-left-color: initial;border-top-style: solid;border-top-color: rgb(204, 204, 204);background-color: white;"><td style="color: inherit;line-height: inherit;font-size: 1em;border-color: rgb(204, 204, 204);padding: 0.5em 1em;" width="146">log file</td><td style="color: inherit;line-height: inherit;font-size: 1em;border-color: rgb(204, 204, 204);padding: 0.5em 1em;" width="393">不设或者设置错误，rsync 会使用 rsyslog 输出相关日志信息</td></tr><tr style="font-size: inherit;color: inherit;line-height: inherit;border-width: 1px 0px 0px;border-right-style: initial;border-bottom-style: initial;border-left-style: initial;border-right-color: initial;border-bottom-color: initial;border-left-color: initial;border-top-style: solid;border-top-color: rgb(204, 204, 204);background-color: white;"><td style="color: inherit;line-height: inherit;font-size: 1em;border-color: rgb(204, 204, 204);padding: 0.5em 1em;" width="146">ignore errors</td><td style="color: inherit;line-height: inherit;font-size: 1em;border-color: rgb(204, 204, 204);padding: 0.5em 1em;" width="393">忽略 I/O 错误</td></tr><tr style="font-size: inherit;color: inherit;line-height: inherit;border-width: 1px 0px 0px;border-right-style: initial;border-bottom-style: initial;border-left-style: initial;border-right-color: initial;border-bottom-color: initial;border-left-color: initial;border-top-style: solid;border-top-color: rgb(204, 204, 204);background-color: white;"><td style="color: inherit;line-height: inherit;font-size: 1em;border-color: rgb(204, 204, 204);padding: 0.5em 1em;" width="146">read only=false</td><td style="color: inherit;line-height: inherit;font-size: 1em;border-color: rgb(204, 204, 204);padding: 0.5em 1em;" width="393">指定客户端是否可以上传文件，默认对所有模块为 true</td></tr><tr style="font-size: inherit;color: inherit;line-height: inherit;border-width: 1px 0px 0px;border-right-style: initial;border-bottom-style: initial;border-left-style: initial;border-right-color: initial;border-bottom-color: initial;border-left-color: initial;border-top-style: solid;border-top-color: rgb(204, 204, 204);background-color: white;"><td style="color: inherit;line-height: inherit;font-size: 1em;border-color: rgb(204, 204, 204);padding: 0.5em 1em;" width="146">list=false</td><td style="color: inherit;line-height: inherit;font-size: 1em;border-color: rgb(204, 204, 204);padding: 0.5em 1em;" width="393">是否允许客户端可以查看可用模块列表，默认为可以</td></tr><tr style="font-size: inherit;color: inherit;line-height: inherit;border-width: 1px 0px 0px;border-right-style: initial;border-bottom-style: initial;border-left-style: initial;border-right-color: initial;border-bottom-color: initial;border-left-color: initial;border-top-style: solid;border-top-color: rgb(204, 204, 204);background-color: white;"><td style="color: inherit;line-height: inherit;font-size: 1em;border-color: rgb(204, 204, 204);padding: 0.5em 1em;" width="146">hosts allow</td><td style="color: inherit;line-height: inherit;font-size: 1em;border-color: rgb(204, 204, 204);padding: 0.5em 1em;" width="393">指定可以联系的客户端主机名或和 ip 地址或地址段，默认情况没有此参数，即都可以连接</td></tr><tr style="font-size: inherit;color: inherit;line-height: inherit;border-width: 1px 0px 0px;border-right-style: initial;border-bottom-style: initial;border-left-style: initial;border-right-color: initial;border-bottom-color: initial;border-left-color: initial;border-top-style: solid;border-top-color: rgb(204, 204, 204);background-color: white;"><td style="color: inherit;line-height: inherit;font-size: 1em;border-color: rgb(204, 204, 204);padding: 0.5em 1em;" width="146">hosts deny</td><td style="color: inherit;line-height: inherit;font-size: 1em;border-color: rgb(204, 204, 204);padding: 0.5em 1em;" width="393">指定不可以联系的客户端主机名或 ip 地址或地址段，默认情况没有此参数，即都可以连接</td></tr><tr style="font-size: inherit;color: inherit;line-height: inherit;border-width: 1px 0px 0px;border-right-style: initial;border-bottom-style: initial;border-left-style: initial;border-right-color: initial;border-bottom-color: initial;border-left-color: initial;border-top-style: solid;border-top-color: rgb(204, 204, 204);background-color: white;"><td style="color: inherit;line-height: inherit;font-size: 1em;border-color: rgb(204, 204, 204);padding: 0.5em 1em;" width="146">auth users</td><td style="color: inherit;line-height: inherit;font-size: 1em;border-color: rgb(204, 204, 204);padding: 0.5em 1em;" width="393">指定以空格或逗号分隔的用户可以使用哪些模块，用户不需要在本地系统中存在。默认为所有用户无密码访问</td></tr><tr style="font-size: inherit;color: inherit;line-height: inherit;border-width: 1px 0px 0px;border-right-style: initial;border-bottom-style: initial;border-left-style: initial;border-right-color: initial;border-bottom-color: initial;border-left-color: initial;border-top-style: solid;border-top-color: rgb(204, 204, 204);background-color: white;"><td style="color: inherit;line-height: inherit;font-size: 1em;border-color: rgb(204, 204, 204);padding: 0.5em 1em;" width="146">secrets file</td><td style="color: inherit;line-height: inherit;font-size: 1em;border-color: rgb(204, 204, 204);padding: 0.5em 1em;" width="393">指定用户名和密码存放的文件，格式；用户名；密码，密码不超过 8 位</td></tr><tr style="font-size: inherit;color: inherit;line-height: inherit;border-width: 1px 0px 0px;border-right-style: initial;border-bottom-style: initial;border-left-style: initial;border-right-color: initial;border-bottom-color: initial;border-left-color: initial;border-top-style: solid;border-top-color: rgb(204, 204, 204);background-color: white;"><td style="color: inherit;line-height: inherit;font-size: 1em;border-color: rgb(204, 204, 204);padding: 0.5em 1em;" width="146">[backup]</td><td style="color: inherit;line-height: inherit;font-size: 1em;border-color: rgb(204, 204, 204);padding: 0.5em 1em;" width="393">这里就是模块名称，需用中括号扩起来，起名称没有特殊要求，但最好是有意义的名称，便于以后维护</td></tr><tr style="font-size: inherit;color: inherit;line-height: inherit;border-width: 1px 0px 0px;border-right-style: initial;border-bottom-style: initial;border-left-style: initial;border-right-color: initial;border-bottom-color: initial;border-left-color: initial;border-top-style: solid;border-top-color: rgb(204, 204, 204);background-color: white;"><td style="color: inherit;line-height: inherit;font-size: 1em;border-color: rgb(204, 204, 204);padding: 0.5em 1em;" width="146">path</td><td style="color: inherit;line-height: inherit;font-size: 1em;border-color: rgb(204, 204, 204);padding: 0.5em 1em;" width="393">这个模块中，daemon 使用的文件系统或目录，目录的权限要注意和配置文件中的权限一致，否则会遇到读写的问题</td></tr></tbody></table><p style="font-size: inherit;color: inherit;line-height: inherit;margin-top: 1.5em;margin-bottom: 1.5em;">【4】rsync 常用命令参数详解</p><pre style="font-size: inherit;color: inherit;line-height: inherit;"><code style="margin-right: 2px;margin-left: 2px;line-height: 18px;font-size: 14px;letter-spacing: 0px;font-family: Consolas, Inconsolata, Courier, monospace;border-radius: 0px;background: rgb(29, 31, 33);color: rgb(197, 200, 198);padding: 0.5em;overflow-wrap: normal !important;word-break: normal !important;overflow: auto !important;display: -webkit-box !important;">rsync&nbsp;--help<br /><br />rsync&nbsp;[选项]&nbsp;&nbsp;原始位置&nbsp;&nbsp;&nbsp;目标位置<br /><br />常用选项&nbsp;&nbsp;&nbsp;&nbsp;说明<br /><span style="font-size: inherit;line-height: inherit;color: rgb(204, 102, 102);overflow-wrap: inherit !important;word-break: inherit !important;">-r&nbsp;&nbsp;&nbsp;&nbsp;递归模式，包含目录及子目录中的所有文件</span><br /><span style="font-size: inherit;line-height: inherit;color: rgb(204, 102, 102);overflow-wrap: inherit !important;word-break: inherit !important;">-l&nbsp;&nbsp;&nbsp;&nbsp;对于符号链接文件仍然复制为符号链接文件</span><br /><span style="font-size: inherit;line-height: inherit;color: rgb(204, 102, 102);overflow-wrap: inherit !important;word-break: inherit !important;">-v&nbsp;&nbsp;&nbsp;&nbsp;显示同步过程的详细信息</span><br /><span style="font-size: inherit;line-height: inherit;color: rgb(204, 102, 102);overflow-wrap: inherit !important;word-break: inherit !important;">-z&nbsp;&nbsp;&nbsp;&nbsp;在传输文件时进行压缩goD</span><br /><span style="font-size: inherit;line-height: inherit;color: rgb(204, 102, 102);overflow-wrap: inherit !important;word-break: inherit !important;">-p&nbsp;&nbsp;&nbsp;&nbsp;保留文件的权限标记</span><br /><span style="font-size: inherit;line-height: inherit;color: rgb(204, 102, 102);overflow-wrap: inherit !important;word-break: inherit !important;">-a&nbsp;&nbsp;&nbsp;&nbsp;归档模式，递归并保留对象属性，等同于-rlpt</span><br /><span style="font-size: inherit;line-height: inherit;color: rgb(204, 102, 102);overflow-wrap: inherit !important;word-break: inherit !important;">-t&nbsp;&nbsp;&nbsp;&nbsp;保留文件的时间标记</span><br /><span style="font-size: inherit;line-height: inherit;color: rgb(204, 102, 102);overflow-wrap: inherit !important;word-break: inherit !important;">-g&nbsp;&nbsp;&nbsp;&nbsp;保留文件的属组标记（仅超级用户使用）</span><br /><span style="font-size: inherit;line-height: inherit;color: rgb(204, 102, 102);overflow-wrap: inherit !important;word-break: inherit !important;">-o&nbsp;&nbsp;&nbsp;&nbsp;保留文件的属主标记（仅超级用户使用）</span><br /><span style="font-size: inherit;line-height: inherit;color: rgb(204, 102, 102);overflow-wrap: inherit !important;word-break: inherit !important;">-H&nbsp;&nbsp;&nbsp;&nbsp;保留硬链接文件</span><br /><span style="font-size: inherit;line-height: inherit;color: rgb(204, 102, 102);overflow-wrap: inherit !important;word-break: inherit !important;">-A&nbsp;&nbsp;&nbsp;&nbsp;保留ACL属性信息</span><br /><span style="font-size: inherit;line-height: inherit;color: rgb(204, 102, 102);overflow-wrap: inherit !important;word-break: inherit !important;">-D&nbsp;&nbsp;&nbsp;&nbsp;保留设备文件及其他特殊文件</span><br /><span style="font-size: inherit;line-height: inherit;color: rgb(204, 102, 102);overflow-wrap: inherit !important;word-break: inherit !important;">--delete&nbsp;&nbsp;删除目标位置有而原始位置没有的文件</span><br /><span style="font-size: inherit;line-height: inherit;color: rgb(204, 102, 102);overflow-wrap: inherit !important;word-break: inherit !important;">--checksum&nbsp;&nbsp;根据对象的校验和来决定是否跳过文件</span><br /></code></pre><p style="font-size: inherit;color: inherit;line-height: inherit;margin-top: 1.5em;margin-bottom: 1.5em;">【5】启动服务（数据源机器）</p><pre style="font-size: inherit;color: inherit;line-height: inherit;"><code style="margin-right: 2px;margin-left: 2px;line-height: 18px;font-size: 14px;letter-spacing: 0px;font-family: Consolas, Inconsolata, Courier, monospace;border-radius: 0px;background: rgb(29, 31, 33);color: rgb(197, 200, 198);padding: 0.5em;overflow-wrap: normal !important;word-break: normal !important;overflow: auto !important;display: -webkit-box !important;"><span style="font-size: inherit;line-height: inherit;color: rgb(150, 152, 150);overflow-wrap: inherit !important;word-break: inherit !important;">#rsync监听端口：873</span><br /><span style="font-size: inherit;line-height: inherit;color: rgb(150, 152, 150);overflow-wrap: inherit !important;word-break: inherit !important;">#rsync运行模式：C/S</span><br /><span style="font-size: inherit;line-height: inherit;color: rgb(240, 198, 116);overflow-wrap: inherit !important;word-break: inherit !important;">rsync</span>&nbsp;--daemon&nbsp;--config=/etc/rsyncd.conf<br />netstat&nbsp;-tnlp|grep&nbsp;:<span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">873</span><br /></code></pre><p style="font-size: inherit;color: inherit;line-height: inherit;margin-top: 1.5em;margin-bottom: 1.5em;">【6】执行命令同步数据</p><pre style="font-size: inherit;color: inherit;line-height: inherit;"><code style="margin-right: 2px;margin-left: 2px;line-height: 18px;font-size: 14px;letter-spacing: 0px;font-family: Consolas, Inconsolata, Courier, monospace;border-radius: 0px;background: rgb(29, 31, 33);color: rgb(197, 200, 198);padding: 0.5em;overflow-wrap: normal !important;word-break: normal !important;overflow: auto !important;display: -webkit-box !important;"><span style="font-size: inherit;line-height: inherit;color: rgb(150, 152, 150);overflow-wrap: inherit !important;word-break: inherit !important;">#&nbsp;在目的机器上执行</span><br /><span style="font-size: inherit;line-height: inherit;color: rgb(150, 152, 150);overflow-wrap: inherit !important;word-break: inherit !important;">#&nbsp;rsync&nbsp;-avz&nbsp;用户名@源主机地址/源目录&nbsp;目的目录</span><br />rsync&nbsp;-avz&nbsp;root@192.<span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">168.0</span>.<span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">113</span><span style="font-size: inherit;line-height: inherit;color: rgb(181, 189, 104);overflow-wrap: inherit !important;word-break: inherit !important;">:/opt/nfsdata/*</span>&nbsp;/opt/nfsdata/<br /></code></pre><p style="font-size: inherit;color: inherit;line-height: inherit;margin-top: 1.5em;margin-bottom: 1.5em;">【7】crontab 定时同步</p><pre style="font-size: inherit;color: inherit;line-height: inherit;"><code style="margin-right: 2px;margin-left: 2px;line-height: 18px;font-size: 14px;letter-spacing: 0px;font-family: Consolas, Inconsolata, Courier, monospace;border-radius: 0px;background: rgb(29, 31, 33);color: rgb(197, 200, 198);padding: 0.5em;overflow-wrap: normal !important;word-break: normal !important;overflow: auto !important;display: -webkit-box !important;"><span style="font-size: inherit;line-height: inherit;color: rgb(129, 162, 190);overflow-wrap: inherit !important;word-break: inherit !important;">#&nbsp;配置crontab，&nbsp;每五分钟同步一次，这种方式不好</span><br /><span style="font-size: inherit;color: inherit;line-height: inherit;font-style: italic;overflow-wrap: inherit !important;word-break: inherit !important;">*/5&nbsp;*</span>&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(181, 189, 104);overflow-wrap: inherit !important;word-break: inherit !important;">*&nbsp;*</span>&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(181, 189, 104);overflow-wrap: inherit !important;word-break: inherit !important;">*&nbsp;rsync&nbsp;-avz&nbsp;root@192.168.0.113:/opt/nfsdata/*</span>&nbsp;/opt/nfsdata/<br /></code></pre><blockquote style="line-height: inherit;padding: 15px 15px 15px 1rem;font-size: 0.9em;color: rgb(129, 145, 152);border-left-width: 6px;border-left-color: rgb(220, 230, 240);background: rgb(242, 247, 251);overflow: auto;overflow-wrap: normal;word-break: normal;"><p style="font-size: inherit;color: inherit;line-height: inherit;">【温馨提示】crontab 定时同步数据不太好，可以使用rsync+inotify做数据实时同步，这里篇幅有点长了，先不讲，如果后面有时间会出一篇单独文章来讲。</p></blockquote><blockquote style="line-height: inherit;padding: 15px 15px 15px 1rem;font-size: 0.9em;color: rgb(129, 145, 152);border-left-width: 6px;border-left-color: rgb(220, 230, 240);background: rgb(242, 247, 251);overflow: auto;overflow-wrap: normal;word-break: normal;"><p style="font-size: inherit;color: inherit;line-height: inherit;">【温馨提示】这里跟我之前的文章有点不同，之前的方式也不适用新版本。</p></blockquote><p style="font-size: inherit;color: inherit;line-height: inherit;margin-top: 1.5em;margin-bottom: 1.5em;">GitHub 地址：https://github.com/kubernetes-sigs/nfs-subdir-external-provisioner</p><p style="font-size: inherit;color: inherit;line-height: inherit;margin-top: 1.5em;margin-bottom: 1.5em;">helm 部署 nfs-subdir-external-provisioner</p><p style="font-size: inherit;color: inherit;line-height: inherit;margin-top: 1.5em;margin-bottom: 1.5em;">1、添加 helm 仓库</p><pre style="font-size: inherit;color: inherit;line-height: inherit;"><code style="margin-right: 2px;margin-left: 2px;line-height: 18px;font-size: 14px;letter-spacing: 0px;font-family: Consolas, Inconsolata, Courier, monospace;border-radius: 0px;background: rgb(29, 31, 33);color: rgb(197, 200, 198);padding: 0.5em;overflow-wrap: normal !important;word-break: normal !important;overflow: auto !important;display: -webkit-box !important;">helm&nbsp;repo&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">add</span>&nbsp;nfs-subdir-external-provisioner&nbsp;https:<span style="font-size: inherit;line-height: inherit;color: rgb(150, 152, 150);overflow-wrap: inherit !important;word-break: inherit !important;">//kubernetes-sigs.github.io/nfs-subdir-external-provisioner/</span><br /></code></pre><p style="font-size: inherit;color: inherit;line-height: inherit;margin-top: 1.5em;margin-bottom: 1.5em;">2、helm 安装 nfs provisioner</p><blockquote style="line-height: inherit;padding: 15px 15px 15px 1rem;font-size: 0.9em;color: rgb(129, 145, 152);border-left-width: 6px;border-left-color: rgb(220, 230, 240);background: rgb(242, 247, 251);overflow: auto;overflow-wrap: normal;word-break: normal;"><p style="font-size: inherit;color: inherit;line-height: inherit;">【温馨提示】默认镜像是无法访问的，这里使用 dockerhub 搜索到的镜像willdockerhub/nfs-subdir-external-provisioner:v4.0.2，还有就是 StorageClass 不分命名空间，所有在所有命名空间下都可以使用。</p></blockquote><pre style="font-size: inherit;color: inherit;line-height: inherit;"><code style="margin-right: 2px;margin-left: 2px;line-height: 18px;font-size: 14px;letter-spacing: 0px;font-family: Consolas, Inconsolata, Courier, monospace;border-radius: 0px;background: rgb(29, 31, 33);color: rgb(197, 200, 198);padding: 0.5em;overflow-wrap: normal !important;word-break: normal !important;overflow: auto !important;display: -webkit-box !important;">helm&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">install</span>&nbsp;nfs-subdir-<span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">external</span>-provisioner&nbsp;nfs-subdir-<span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">external</span>-provisioner/nfs-subdir-<span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">external</span>-provisioner&nbsp;\<br />&nbsp;&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(150, 152, 150);overflow-wrap: inherit !important;word-break: inherit !important;">--namespace=nfs-provisioner&nbsp;\</span><br />&nbsp;&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(150, 152, 150);overflow-wrap: inherit !important;word-break: inherit !important;">--create-namespace&nbsp;\</span><br />&nbsp;&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(150, 152, 150);overflow-wrap: inherit !important;word-break: inherit !important;">--set&nbsp;image.repository=willdockerhub/nfs-subdir-external-provisioner&nbsp;\</span><br />&nbsp;&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(150, 152, 150);overflow-wrap: inherit !important;word-break: inherit !important;">--set&nbsp;image.tag=v4.0.2&nbsp;\</span><br />&nbsp;&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(150, 152, 150);overflow-wrap: inherit !important;word-break: inherit !important;">--set&nbsp;replicaCount=2&nbsp;\</span><br />&nbsp;&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(150, 152, 150);overflow-wrap: inherit !important;word-break: inherit !important;">--set&nbsp;storageClass.name=nfs-client&nbsp;\</span><br />&nbsp;&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(150, 152, 150);overflow-wrap: inherit !important;word-break: inherit !important;">--set&nbsp;storageClass.defaultClass=true&nbsp;\</span><br />&nbsp;&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(150, 152, 150);overflow-wrap: inherit !important;word-break: inherit !important;">--set&nbsp;nfs.server=192.168.0.120&nbsp;\</span><br />&nbsp;&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(150, 152, 150);overflow-wrap: inherit !important;word-break: inherit !important;">--set&nbsp;nfs.path=/opt/nfsdata</span><br /></code></pre><blockquote style="line-height: inherit;padding: 15px 15px 15px 1rem;font-size: 0.9em;color: rgb(129, 145, 152);border-left-width: 6px;border-left-color: rgb(220, 230, 240);background: rgb(242, 247, 251);overflow: auto;overflow-wrap: normal;word-break: normal;"><p style="font-size: inherit;color: inherit;line-height: inherit;">【温馨提示】上面 nfs.server 设置为 VIP，可实现高可用。</p></blockquote><p style="font-size: inherit;color: inherit;line-height: inherit;margin-top: 1.5em;margin-bottom: 1.5em;">3、查看</p><pre style="font-size: inherit;color: inherit;line-height: inherit;"><code style="margin-right: 2px;margin-left: 2px;line-height: 18px;font-size: 14px;letter-spacing: 0px;font-family: Consolas, Inconsolata, Courier, monospace;border-radius: 0px;background: rgb(29, 31, 33);color: rgb(197, 200, 198);padding: 0.5em;overflow-wrap: normal !important;word-break: normal !important;overflow: auto !important;display: -webkit-box !important;">kubectl&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">get</span>&nbsp;pods,deploy,sc&nbsp;-n&nbsp;nfs-provisioner<br /></code></pre></section><p style="font-size: inherit;color: inherit;line-height: inherit;margin-top: 1.5em;margin-bottom: 1.5em;"><img src="https://mmbiz.qpic.cn/mmbiz_png/fEsWkVrSk548VEHHslAONpOdL84WRUII2QSbb1SefPToGciaJCDSUzqRh2OMuvWmHok4czX0bgibvXhq2Prnguyg/640?wx_fmt=png" class="rich_pages wxw-img" data-ratio="0.74074" data-src="https://mmbiz.qpic.cn/mmbiz_png/fEsWkVrSk548VEHHslAONpOdL84WRUII2QSbb1SefPToGciaJCDSUzqRh2OMuvWmHok4czX0bgibvXhq2Prnguyg/640?wx_fmt=png" data-type="png" data-w="1080"></p></section><section style="font-size: 16px;color: rgb(62, 62, 62);line-height: 1.6;letter-spacing: 0px;font-family: &#39;Helvetica Neue&#39;, Helvetica, &#39;Hiragino Sans GB&#39;, &#39;Microsoft YaHei&#39;, Arial, sans-serif;"><h4 style="color: inherit;line-height: inherit;margin-top: 1.5em;margin-bottom: 1.5em;font-weight: bold;font-size: 1.2em;"><span style="font-size: inherit;color: inherit;line-height: inherit;">7）部署 Harbor（Https 方式）</span></h4><p style="font-size: inherit;color: inherit;line-height: inherit;margin-top: 1.5em;margin-bottom: 1.5em;">1、创建 Namespace</p><pre style="font-size: inherit;color: inherit;line-height: inherit;"><code style="margin-right: 2px;margin-left: 2px;line-height: 18px;font-size: 14px;letter-spacing: 0px;font-family: Consolas, Inconsolata, Courier, monospace;border-radius: 0px;background: rgb(29, 31, 33);color: rgb(197, 200, 198);padding: 0.5em;overflow-wrap: normal !important;word-break: normal !important;overflow: auto !important;display: -webkit-box !important;"><span style="font-size: inherit;line-height: inherit;color: rgb(240, 198, 116);overflow-wrap: inherit !important;word-break: inherit !important;">kubectl</span>&nbsp;create&nbsp;ns&nbsp;harbor<br /></code></pre><p style="font-size: inherit;color: inherit;line-height: inherit;margin-top: 1.5em;margin-bottom: 1.5em;">2、创建证书秘钥</p><pre style="font-size: inherit;color: inherit;line-height: inherit;"><code style="margin-right: 2px;margin-left: 2px;line-height: 18px;font-size: 14px;letter-spacing: 0px;font-family: Consolas, Inconsolata, Courier, monospace;border-radius: 0px;background: rgb(29, 31, 33);color: rgb(197, 200, 198);padding: 0.5em;overflow-wrap: normal !important;word-break: normal !important;overflow: auto !important;display: -webkit-box !important;"><span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">kubectl</span>&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">create</span>&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">secret</span>&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">tls</span>&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">myharbor</span><span style="font-size: inherit;line-height: inherit;color: rgb(204, 102, 102);overflow-wrap: inherit !important;word-break: inherit !important;">.com</span>&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">--key</span>&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">myharbor</span><span style="font-size: inherit;line-height: inherit;color: rgb(204, 102, 102);overflow-wrap: inherit !important;word-break: inherit !important;">.com</span><span style="font-size: inherit;line-height: inherit;color: rgb(204, 102, 102);overflow-wrap: inherit !important;word-break: inherit !important;">.key</span>&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">--cert</span>&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">myharbor</span><span style="font-size: inherit;line-height: inherit;color: rgb(204, 102, 102);overflow-wrap: inherit !important;word-break: inherit !important;">.com</span><span style="font-size: inherit;line-height: inherit;color: rgb(204, 102, 102);overflow-wrap: inherit !important;word-break: inherit !important;">.crt</span>&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">-n</span>&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">harbor</span><br /><span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">kubectl</span>&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">get</span>&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">secret</span>&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">myharbor</span><span style="font-size: inherit;line-height: inherit;color: rgb(204, 102, 102);overflow-wrap: inherit !important;word-break: inherit !important;">.com</span>&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">-n</span>&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">harbor</span><br /></code></pre><p style="font-size: inherit;color: inherit;line-height: inherit;margin-top: 1.5em;margin-bottom: 1.5em;">3、添加 Chart 库</p><pre style="font-size: inherit;color: inherit;line-height: inherit;"><code style="margin-right: 2px;margin-left: 2px;line-height: 18px;font-size: 14px;letter-spacing: 0px;font-family: Consolas, Inconsolata, Courier, monospace;border-radius: 0px;background: rgb(29, 31, 33);color: rgb(197, 200, 198);padding: 0.5em;overflow-wrap: normal !important;word-break: normal !important;overflow: auto !important;display: -webkit-box !important;">helm&nbsp;repo&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">add</span>&nbsp;harbor&nbsp;https:<span style="font-size: inherit;line-height: inherit;color: rgb(150, 152, 150);overflow-wrap: inherit !important;word-break: inherit !important;">//helm.goharbor.io</span><br /></code></pre><p style="font-size: inherit;color: inherit;line-height: inherit;margin-top: 1.5em;margin-bottom: 1.5em;">4、通过 helm 安装 harbor</p><pre style="font-size: inherit;color: inherit;line-height: inherit;"><code style="margin-right: 2px;margin-left: 2px;line-height: 18px;font-size: 14px;letter-spacing: 0px;font-family: Consolas, Inconsolata, Courier, monospace;border-radius: 0px;background: rgb(29, 31, 33);color: rgb(197, 200, 198);padding: 0.5em;overflow-wrap: normal !important;word-break: normal !important;overflow: auto !important;display: -webkit-box !important;">helm&nbsp;install&nbsp;myharbor&nbsp;--<span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">namespace</span>&nbsp;harbor&nbsp;harbor/harbor&nbsp;\<br />&nbsp;&nbsp;--<span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">set</span>&nbsp;expose.ingress.hosts.core=myharbor.com&nbsp;\<br />&nbsp;&nbsp;--<span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">set</span>&nbsp;expose.ingress.hosts.notary=notary.myharbor.com&nbsp;\<br />&nbsp;&nbsp;--<span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">set</span>-<span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">string</span>&nbsp;expose.ingress.annotations<span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">.'</span>nginx\.org/client-max-body-size'=<span style="font-size: inherit;line-height: inherit;color: rgb(181, 189, 104);overflow-wrap: inherit !important;word-break: inherit !important;">"1024m"</span>&nbsp;\<br />&nbsp;&nbsp;--<span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">set</span>&nbsp;expose.tls.secretName=myharbor.com&nbsp;\<br />&nbsp;&nbsp;--<span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">set</span>&nbsp;persistence.persistentVolumeClaim.registry.storageClass=nfs-client&nbsp;\<br />&nbsp;&nbsp;--<span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">set</span>&nbsp;persistence.persistentVolumeClaim.jobservice.storageClass=nfs-client&nbsp;\<br />&nbsp;&nbsp;--<span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">set</span>&nbsp;persistence.persistentVolumeClaim.database.storageClass=nfs-client&nbsp;\<br />&nbsp;&nbsp;--<span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">set</span>&nbsp;persistence.persistentVolumeClaim.redis.storageClass=nfs-client&nbsp;\<br />&nbsp;&nbsp;--<span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">set</span>&nbsp;persistence.persistentVolumeClaim.trivy.storageClass=nfs-client&nbsp;\<br />&nbsp;&nbsp;--<span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">set</span>&nbsp;persistence.persistentVolumeClaim.chartmuseum.storageClass=nfs-client&nbsp;\<br />&nbsp;&nbsp;--<span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">set</span>&nbsp;persistence.enabled=<span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">true</span>&nbsp;\<br />&nbsp;&nbsp;--<span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">set</span>&nbsp;externalURL=https:<span style="font-size: inherit;line-height: inherit;color: rgb(150, 152, 150);overflow-wrap: inherit !important;word-break: inherit !important;">//myharbor.com&nbsp;\</span><br />&nbsp;&nbsp;--<span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">set</span>&nbsp;harborAdminPassword=Harbor12345<br /></code></pre><p style="font-size: inherit;color: inherit;line-height: inherit;margin-top: 1.5em;margin-bottom: 1.5em;">这里稍等一段时间在查看资源状态</p><pre style="font-size: inherit;color: inherit;line-height: inherit;"><code style="margin-right: 2px;margin-left: 2px;line-height: 18px;font-size: 14px;letter-spacing: 0px;font-family: Consolas, Inconsolata, Courier, monospace;border-radius: 0px;background: rgb(29, 31, 33);color: rgb(197, 200, 198);padding: 0.5em;overflow-wrap: normal !important;word-break: normal !important;overflow: auto !important;display: -webkit-box !important;">kubectl&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">get</span>&nbsp;ingress,svc,pods,pvc&nbsp;-n&nbsp;harbor<br /></code></pre></section><p style="font-size: inherit;color: inherit;line-height: inherit;margin-top: 1.5em;margin-bottom: 1.5em;"><img src="https://mmbiz.qpic.cn/mmbiz_png/fEsWkVrSk548VEHHslAONpOdL84WRUII2peH4vy1awPnwZKNEkQ74icc6T84xJNNQFvIHJBqzMicF5xklGdGTeWA/640?wx_fmt=png" class="rich_pages wxw-img" data-ratio="0.475" data-src="https://mmbiz.qpic.cn/mmbiz_png/fEsWkVrSk548VEHHslAONpOdL84WRUII2peH4vy1awPnwZKNEkQ74icc6T84xJNNQFvIHJBqzMicF5xklGdGTeWA/640?wx_fmt=png" data-type="png" data-w="1080"></p><section style="font-size: 16px;color: rgb(62, 62, 62);line-height: 1.6;letter-spacing: 0px;font-family: &#39;Helvetica Neue&#39;, Helvetica, &#39;Hiragino Sans GB&#39;, &#39;Microsoft YaHei&#39;, Arial, sans-serif;"><p style="font-size: inherit;color: inherit;line-height: inherit;margin-top: 1.5em;margin-bottom: 1.5em;">【分析】，发现"error: endpoints “default-http-backend” not found"</p><pre style="font-size: inherit;color: inherit;line-height: inherit;"><code style="margin-right: 2px;margin-left: 2px;line-height: 18px;font-size: 14px;letter-spacing: 0px;font-family: Consolas, Inconsolata, Courier, monospace;border-radius: 0px;background: rgb(29, 31, 33);color: rgb(197, 200, 198);padding: 0.5em;overflow-wrap: normal !important;word-break: normal !important;overflow: auto !important;display: -webkit-box !important;">cat&nbsp;&lt;&lt;&nbsp;EOF&nbsp;&gt;&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">default</span>-http-backend.yaml<br />---<br /><br />apiVersion:&nbsp;apps/v1<br />kind:&nbsp;Deployment<br />metadata:<br />&nbsp;&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">name</span>:&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">default</span>-http-backend<br />&nbsp;&nbsp;labels:<br />&nbsp;&nbsp;&nbsp;&nbsp;app:&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">default</span>-http-backend<br />&nbsp;&nbsp;namespace:&nbsp;harbor<br />spec:<br />&nbsp;&nbsp;replicas:&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">1</span><br />&nbsp;&nbsp;selector:<br />&nbsp;&nbsp;&nbsp;&nbsp;matchLabels:<br />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;app:&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">default</span>-http-backend<br />&nbsp;&nbsp;template:<br />&nbsp;&nbsp;&nbsp;&nbsp;metadata:<br />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;labels:<br />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;app:&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">default</span>-http-backend<br />&nbsp;&nbsp;&nbsp;&nbsp;spec:<br />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;terminationGracePeriodSeconds:&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">60</span><br />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;containers:<br />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;-&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">name</span>:&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">default</span>-http-backend<br />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;#&nbsp;Any&nbsp;image&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">is</span>&nbsp;permissible&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">as</span>&nbsp;long&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">as</span>:<br />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;#&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">1</span>.&nbsp;It&nbsp;serves&nbsp;a&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">404</span>&nbsp;page&nbsp;at&nbsp;/<br />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;#&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">2</span>.&nbsp;It&nbsp;serves&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">200</span>&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">on</span>&nbsp;a&nbsp;/healthz&nbsp;endpoint<br />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;image:&nbsp;registry.cn-hangzhou.aliyuncs.com/google_containers/defaultbackend:<span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">1.4</span><br />#&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;image:&nbsp;gcr.io/google_containers/defaultbackend:<span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">1.4</span><br />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;livenessProbe:<br />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;httpGet:<br />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;path:&nbsp;/healthz<br />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;port:&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">8080</span><br />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;scheme:&nbsp;HTTP<br />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;initialDelaySeconds:&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">30</span><br />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;timeoutSeconds:&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">5</span><br />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;ports:<br />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;-&nbsp;containerPort:&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">8080</span><br />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;resources:<br />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;limits:<br />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;cpu:&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">10</span>m<br />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;memory:&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">20</span>Mi<br />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;requests:<br />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;cpu:&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">10</span>m<br />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;memory:&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">20</span>Mi<br />---<br /><br />apiVersion:&nbsp;v1<br />kind:&nbsp;Service<br />metadata:<br />&nbsp;&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">name</span>:&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">default</span>-http-backend<br />&nbsp;&nbsp;namespace:&nbsp;harbor<br />&nbsp;&nbsp;labels:<br />&nbsp;&nbsp;&nbsp;&nbsp;app:&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">default</span>-http-backend<br />spec:<br />&nbsp;&nbsp;ports:<br />&nbsp;&nbsp;-&nbsp;port:&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">80</span><br />&nbsp;&nbsp;&nbsp;&nbsp;targetPort:&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(222, 147, 95);overflow-wrap: inherit !important;word-break: inherit !important;">8080</span><br />&nbsp;&nbsp;selector:<br />&nbsp;&nbsp;&nbsp;&nbsp;app:&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">default</span>-http-backend<br />EOF<br />kubectl&nbsp;apply&nbsp;-f&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">default</span>-http-backend.yaml<br /></code></pre><pre style="font-size: inherit;color: inherit;line-height: inherit;"><code style="margin-right: 2px;margin-left: 2px;line-height: 18px;font-size: 14px;letter-spacing: 0px;font-family: Consolas, Inconsolata, Courier, monospace;border-radius: 0px;background: rgb(29, 31, 33);color: rgb(197, 200, 198);padding: 0.5em;overflow-wrap: normal !important;word-break: normal !important;overflow: auto !important;display: -webkit-box !important;"><span style="font-size: inherit;line-height: inherit;color: rgb(150, 152, 150);overflow-wrap: inherit !important;word-break: inherit !important;">#&nbsp;卸载</span><br />helm&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">uninstall</span>&nbsp;myharbor&nbsp;-n&nbsp;harbor<br />kubectl&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(178, 148, 187);overflow-wrap: inherit !important;word-break: inherit !important;">get</span>&nbsp;pvc&nbsp;-n&nbsp;harbor|&nbsp;awk&nbsp;<span style="font-size: inherit;line-height: inherit;color: rgb(181, 189, 104);overflow-wrap: inherit !important;word-break: inherit !important;">'NR!=1{print&nbsp;\)1}’&nbsp;|&nbsp;xargs&nbsp;kubectl&nbsp;delete&nbsp;pvc&nbsp;-n&nbsp;harbor

#&nbsp;部署
helm&nbsp;install&nbsp;myharbor&nbsp;–namespace&nbsp;harbor&nbsp;harbor/harbor&nbsp;</span>
&nbsp;&nbsp;–set&nbsp;expose.ingress.hosts.core=myharbor.com&nbsp;</span>
&nbsp;&nbsp;–set&nbsp;expose.ingress.hosts.notary=notary.myharbor.com&nbsp;</span>
&nbsp;&nbsp;–set-string&nbsp;expose.ingress.annotations.‘nginx.org/client-max-body-size’=“1024m”&nbsp;</span>
&nbsp;&nbsp;–set&nbsp;expose.tls.secretName=myharbor.com&nbsp;</span>
&nbsp;&nbsp;–set&nbsp;persistence.persistentVolumeClaim.registry.storageClass=nfs-client&nbsp;</span>
&nbsp;&nbsp;–set&nbsp;persistence.persistentVolumeClaim.jobservice.storageClass=nfs-client&nbsp;</span>
&nbsp;&nbsp;–set&nbsp;persistence.persistentVolumeClaim.database.storageClass=nfs-client&nbsp;</span>
&nbsp;&nbsp;–set&nbsp;persistence.persistentVolumeClaim.redis.storageClass=nfs-client&nbsp;</span>
&nbsp;&nbsp;–set&nbsp;persistence.persistentVolumeClaim.trivy.storageClass=nfs-client&nbsp;</span>
&nbsp;&nbsp;–set&nbsp;persistence.persistentVolumeClaim.chartmuseum.storageClass=nfs-client&nbsp;</span>
&nbsp;&nbsp;–set&nbsp;persistence.enabled=true&nbsp;</span>
&nbsp;&nbsp;–set&nbsp;externalURL=https://myharbor.com&nbsp;
&nbsp;&nbsp;–set&nbsp;harborAdminPassword=Harbor12345

5、访问 harbor

“insecure-registries”:[“https://myharbor.com”]

重启 docker

讯享网systemctl&nbsp;restart&nbsp;docker

【3】服务器上登录 harbor

docker&nbsp;login&nbsp;https://myharbor.com
#账号/密码：admin/Harbor12345

【4】打标签并把镜像上传到 harbor

讯享网docker&nbsp;tag&nbsp;rancher/pause:3.6&nbsp;myharbor.com/bigdata/pause:3.6
docker&nbsp;push&nbsp;myharbor.com/bigdata/pause:3.6

7、修改 containerd 配置

以前使用 docker-engine 的时候，只需要修改/etc/docker/daemon.json 就行，但是新版的 k8s 已经使用 containerd 了，所以这里需要做相关配置，要不然 containerd 会失败。证书（ca.crt）可以在页面上下载：

创建域名目录

mkdir&nbsp;/etc/containerd/myharbor.com
cp&nbsp;ca.crt&nbsp;/etc/containerd/myharbor.com/

配置文件：/etc/containerd/config.toml

讯享网[plugins.“io.containerd.grpc.v1.cri”.registry]
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;config_path&nbsp;=&nbsp;””

&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;[plugins.“io.containerd.grpc.v1.cri”.registry.auths]

&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;[plugins.“io.containerd.grpc.v1.cri”.registry.configs]
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;[plugins.“io.containerd.grpc.v1.cri”.registry.configs.“myharbor.com”.tls]
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;ca_file&nbsp;=&nbsp;”/etc/containerd/myharbor.com/ca.crt”
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;[plugins.“io.containerd.grpc.v1.cri”.registry.configs.“myharbor.com”.auth]
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;username&nbsp;=&nbsp;“admin”
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;password&nbsp;=&nbsp;“Harbor12345”

&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;[plugins.“io.containerd.grpc.v1.cri”.registry.headers]

&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;[plugins.“io.containerd.grpc.v1.cri”.registry.mirrors]
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;[plugins.“io.containerd.grpc.v1.cri”.registry.mirrors.“myharbor.com”]
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;endpoint&nbsp;=&nbsp;[“https://myharbor.com”]

重启 containerd

#重新加载配置
systemctl&nbsp;daemon-reload
#重启containerd
systemctl&nbsp;restart&nbsp;containerd

简单使用

讯享网#&nbsp;把docker换成crictl&nbsp;就行，命令都差不多
crictl&nbsp;pull&nbsp;myharbor.com/bigdata/mysql:5.7.38

执行 crictl 报如下错误的解决办法

WARN[0000]&nbsp;image&nbsp;connect&nbsp;using&nbsp;default&nbsp;endpoints:&nbsp;[unix:///var/run/dockershim.sock&nbsp;unix:///run/containerd/containerd.sock&nbsp;unix:///run/crio/crio.sock&nbsp;unix:///var/run/cri-dockerd.sock].&nbsp;As&nbsp;the&nbsp;default&nbsp;settings&nbsp;are&nbsp;now&nbsp;deprecated,&nbsp;you&nbsp;should&nbsp;set&nbsp;the&nbsp;endpoint&nbsp;instead.
ERRO[0000]&nbsp;unable&nbsp;to&nbsp;determine&nbsp;image&nbsp;API&nbsp;version:&nbsp;rpc&nbsp;error:&nbsp;code&nbsp;=&nbsp;Unavailable&nbsp;desc&nbsp;=&nbsp;connection&nbsp;error:&nbsp;desc&nbsp;=&nbsp;“transport:&nbsp;Error&nbsp;while&nbsp;dialing&nbsp;dial&nbsp;unix&nbsp;/var/run/dockershim.sock:&nbsp;connect:&nbsp;no&nbsp;such&nbsp;file&nbsp;or&nbsp;directory”

这个报错是 docker 的报错，这里没使用，所以这个错误不影响使用，但是还是解决好点，解决方法如下：

讯享网cat&nbsp;&lt;&lt;EOF&gt;&nbsp;/etc/crictl.yaml
runtime-endpoint:&nbsp;unix:///run/containerd/containerd.sock
image-endpoint:&nbsp;unix:///run/containerd/containerd.sock
timeout:&nbsp;10
debug:&nbsp;false
EOF

再次拉取镜像

crictl&nbsp;pull&nbsp;myharbor.com/bigdata/mysql:5.7.38

Kubernetes（k8s）最新版最完整版基础环境部署+master 高可用实现详细步骤就到这里了