内网服务器配置。

目录

  1. 系统配置
    1. 配置时区
    2. 配置语言
    3. 新增用户
  • 安装GitLab
    1. 安装包
    2. 配置防火墙
    3. 配置
    4. 汉化
    5. 配置SSH服务
  • 安装Docker
    1. 下载包
    2. 安装
  • 安装Harbor
    1. 解压包
    2. 修改HTTP端口
      1. docker-compose.yml
      2. common/templates/registry/config.yml
  • 配置HTTP地址
  • 执行安装脚本
  • 配置Docker
  • 安装k3s
  • 配置Kubernetes
    1. 下载包
    2. 安装

    • 系统配置

    配置时区

    1
    2
    sudo timedatectl set-timezone Asia/Shanghai
    sudo timedatectl set-local-rtc 1

    配置语言

    1
    sudo localectl set-locale LANG=zh_CN.utf8

    新增用户

    1
    2
    3
    useradd k3s
    usermod -aG wheel k3s
    passwd k3s

    安装GitLab

    安装包

    packages.gitlab.com下载安装包

    1
    2
    3
    4
    # 安装依赖
    sudo yum install -y curl policycoreutils-python openssh-server
    # 安装gitlab
    sudo EXTERNAL_URL="http://ip" rpm -i gitlab-ce-11.10.0-ce.0.el7.x86_64.rpm

    配置防火墙

    若启用了防火墙, 配置防火墙

    1
    2
    sudo firewall-cmd --permanent --add-service=http
    sudo systemctl reload firewalld

    配置

    修改配置文件/etc/gitlab/gitlab.rb

    1
    2
    3
    4
    gitlab_rails['time_zone'] = 'Asia/Shanghai'
    gitlab_rails['gitlab_email_enabled'] = false
    gitlab_rails['gitlab_default_can_create_group'] = false
    gitlab_rails['gitlab_username_changing_enabled'] = false

    使配置生效

    1
    sudo gitlab-ctl reconfigure

    汉化

    根据汉化指南生成汉化补丁

    1
    2
    3
    4
    sudo gitlab-ctl stop
    sudo patch -d /opt/gitlab/embedded/service/gitlab-rails -p1 < 11.10.0-zh.diff
    sudo gitlab-ctl start
    sudo gitlab-ctl reconfigure

    配置SSH服务

    编辑 /etc/ssh/sshd_config

    1
    2
    AuthorizedKeysCommand /opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell-authorized-keys-check git %u %k
    AuthorizedKeysCommandUser git

    重载SSH服务:

    1
    sudo service sshd reload

    安装Docker

    下载包

    在可访问互联网且对应版本的CentOS中执行:

    1
    2
    3
    4
    5
    6
    7
    8
    wget https://download.docker.com/linux/centos/docker-ce.repo
    mv docker-ce.repo /etc/yum.repos.d/
    yum list docker-ce --showduplicates | sort -r
    mkdir docker
    cd docker
    yumdownloader --resolve docker-ce
    tar cf docker-ce.offline.tar *.rpm
    curl -L "https://github.com/docker/compose/releases/download/1.24.0/docker-compose-$(uname -s)-$(uname -m)" -o docker-compose

    安装

    在离线环境中执行:

    1
    2
    3
    4
    5
    6
    7
    8
    9
    cd docker
    tar xf docker-ce.offline.tar
    sudo rpm -ivh --replacepkgs --replacefiles *.rpm
    sudo systemctl enable docker.service
    sudo systemctl start docker.service
    sudo usermod -aG docker k3s
    sudo cp docker-compose /usr/local/bin/docker-compose
    sudo chmod +x /usr/local/bin/docker-compose
    sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose

    安装Harbor

    解压包

    1
    2
    tar -zxf harbor-offline-installer-v1.7.5.tgz
    cd harbor

    修改HTTP端口

    docker-compose.yml
    1
    2
    3
    4
    5
    6
    services:
      proxy:
        ports:
          - 88:80
          - 443:443
          - 4443:4443
    common/templates/registry/config.yml
    1
    2
    3
    4
    5
    6
    auth:
      token:
        issuer: harbor-token-issuer
        realm: $public_url:88/service/token
        rootcertbundle: /etc/registry/root.crt
        service: harbor-registry

    配置HTTP地址

    1
    hostname = ip

    执行安装脚本

    1
    sudo ./install.sh

    配置Docker

    创建/etc/docker/daemon.json

    1
    2
    3
    4
    5
    {
      "insecure-registries": [
        "http://ip:88"
      ]
    }

    重启Docker服务

    1
    2
    3
    sudo systemctl daemon-reload
    sudo systemctl restart docker
    docker login http://ip:88

    安装k3s

    1
    2
    3
    4
    5
    6
    7
    sudo mkdir -p /var/lib/rancher/k3s/agent/images/
    sudo cp k3s-airgap-images-amd64.tar /var/lib/rancher/k3s/agent/images/
    sudo cp k3s /usr/local/bin/k3s
    sudo chmod 0755 /usr/local/bin/k3s
    sudo ln -s /usr/local/bin/k3s /usr/bin/k3s
    sudo -- sh -c 'export INSTALL_K3S_SKIP_DOWNLOAD=true ; sh install-k3s.sh -no-deploy traefik'
    echo "source <(kubectl completion bash)" >> ~/.bashrc

    配置Kubernetes

    下载包

    在可访问互联网且对应版本的CentOS中执行:

    1
    2
    3
    4
    5
    6
    7
    8
    9
    wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/mandatory.yaml -O ingress-nginx.yaml
    wget https://raw.githubusercontent.com/kubernetes/dashboard/master/aio/deploy/recommended/kubernetes-dashboard.yaml
    docker pull gcr.azk8s.cn/google-containers/pause:3.1
    docker tag gcr.azk8s.cn/google-containers/pause:3.1 k8s.gcr.io/pause:3.1
    docker pull nginx/nginx-ingress:1.4.6-alpine
    docker pull gcr.azk8s.cn/google-containers/kubernetes-dashboard-amd64:v1.10.1
    docker save k8s.gcr.io/pause:3.1 | gzip -c > pause.3.1.tar.gz
    docker save nginx/nginx-ingress:1.4.6-alpine | gzip -c > nginx-ingress.1.4.6-alpine.tar.gz
    docker save gcr.azk8s.cn/google-containers/kubernetes-dashboard-amd64:v1.10.1 | gzip -c > kubernetes-dashboard-amd64.v1.10.1.tar.gz

    安装

    在离线环境中执行:

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    cd k3s
    ctr cri load pause.3.1.tar.gz
    docker load < nginx-ingress.1.4.6-alpine.tar.gz
    docker load < kubernetes-dashboard-amd64.v1.10.1.tar.gz
    docker tag nginx/nginx-ingress:1.4.6-alpine ip:88/nginx/nginx-ingress:1.4.6-alpine
    docker tag gcr.azk8s.cn/google-containers/kubernetes-dashboard-amd64:v1.10.1 ip:88/google-containers/kubernetes-dashboard-amd64:v1.10.1
    unzip kubernetes-ingress-1.4.6.zip
    cd kubernetes-ingress-1.4.6/deployments/
    kubectl apply -f common/ns-and-sa.yaml
    kubectl apply -f common/default-server-secret.yaml
    kubectl apply -f common/nginx-config.yaml
    kubectl apply -f rbac/rbac.yaml
    ## 修改image参数
    #kubectl apply -f deployment/nginx-ingress.yaml
    # 修改image参数
    kubectl apply -f daemon-set/nginx-ingress.yaml
    kubectl get pods --namespace=nginx-ingress
    kubectl create -f service/nodeport.yaml
    kubectl get pods --namespace=nginx-ingress