本文详述了在Centos 8.3上安装k8s,安装helm, 创建nfs storageclass,采用Air-Gapped方式安装Veeam Kasten k10, 部署minio并创建S3 bucket作为Veeam kasten k10备份存储库,手工部署mysql并应用kanister blueprint,使用Veeam kasten k10实现针对mysql无代理应用感知备份恢复的详细步骤及截图。
本文使用的测试环境是Centos8.3(4 core CPU/10GB内存/50GB硬盘),k8s版本是1.21.3, Veeam Kasten K10版本是4.5.12.
1.安装kubernetes的环境准备
[root@localhost ~]# hostnamectl set-hostname k8s-131
[root@centos8-k8s ~]# cat /etc/centos-release
CentOS Linux release 8.3.2011
[root@centos8-k8s ~]# yum remove podman
[root@centos8-k8s ~]# swapoff -a
root@centos8-k8s ~]# sed -i 's/.*swap.*/#&/' /etc/fstab
把/etc/fstab中的swap注释掉
编辑切换为居中
禁用selinux:
[root@centos8-k8s ~]# sed -i "s/^SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
禁用防火墙:
[root@centos8-k8s ~]# systemctl stop firewalld.service
[root@centos8-k8s ~]# systemctl disable firewalld.service
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@centos8-k8s ~]#
2. 安装kubernetes
[root@centos8-k8~]# curl -o /etc/yum.repos.d/CentOS-Base.repo
http://mirrors.aliyun.com/repo/Centos-8.repo
有关阿里云centos 8 EOL的切换方法,可以参考以下链接:
https://help.aliyun.com/document_detail/405635.html
[root@k8s-131 yum.repos.d]# rename '.repo' '.repo.bak' /etc/yum.repos.d/*.repo
[root@k8s-131 yum.repos.d]# wget https://mirrors.aliyun.com/repo/Centos-vault-8.5.2111.repo -O /etc/ yum.repos.d/Centos-vault-8.5.2111.repo
[root@k8s-131 yum.repos.d]# wget https://mirrors.aliyun.com/repo/epel-archive-8.repo -O /etc/yum.rep os.d/epel-archive-8.repo
[root@k8s-131 yum.repos.d]# sed -i 's/mirrors.cloud.aliyuncs.com/url_tmp/g' /etc/yum.repos.d/Centos -vault-8.5.2111.repo && sed -i 's/mirrors.aliyun.com/mirrors.cloud.aliyuncs.com/g' /etc/yum.repos.d /Centos-vault-8.5.2111.repo && sed -i 's/url_tmp/mirrors.aliyun.com/g' /etc/yum.repos.d/Centos-vault -8.5.2111.repo
[root@k8s-131 yum.repos.d]# sed -i 's/mirrors.aliyun.com/mirrors.cloud.aliyuncs.com/g' /etc/yum.repo s.d/epel-archive-8.repo
[root@k8s-131 yum.repos.d]# vi /etc/yum.repos.d/epel-archive-8.repo
把文件内容中的http://mirrors.cloud.aliyuncs.com/ 替换成 http://mirrors.cloud.aliyuncs.com/
编辑切换为居中
[root@centos8-k8s ~]# vi /etc/yum.repos.d/kubernetes.repo
加入如下内容:
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
[root@k8s-131 yum.repos.d]# yum clean all && yum makecache
如果能看到下面的执行结果,说明yum源配置ok.
编辑切换为居中
[root@centos8-k8s ~]# yum install -y yum-utils device-mapper-persistent-data lvm2 net-tools
[root@centos8-k8s~]# yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
[root@centos8-k8s ~]# yum -y install docker-ce
编辑切换为居中
编辑切换为居中
编辑切换为居中
编辑切换为居中
设置阿里云加速器参考链接:
https://cr.console.aliyun.com/cn-hangzhou/instances/mirrors
[root@centos8-k8s ~]# mkdir -p /etc/docker
[root@centos8-k8s ~]# vi /etc/docker/daemon.json
设置为如下内容:
{
"registry-mirrors" : ["https://vgsgv61q.mirror.aliyuncs.com"]
}
[root@centos8-k8s ~]#systemctl daemon-reload
[root@centos8-k8s ~]#systemctl restart docker
[root@centos8-k8s ~]# yum install -y kubectl-1.21.3 kubelet-1.21.3 kubeadm-1.21.3
编辑切换为居中
[root@centos8-k8s ~]# systemctl enable kubelet
Created symlink /etc/systemd/system/multi-user.target.wants/kubelet.service → /usr/lib/systemd/system/kubelet.service.
[root@centos8-k8s ~]# systemctl start kubelet
[root@centos8-k8s ~]# kubelet --version
Kubernetes v1.21.0
[root@centos8-k8s ~]#docker pull coredns/coredns
[root@localhost yum.repos.d]# docker tag coredns/coredns:latest registry.aliyuncs.com/google_containers/coredns/coredns:v1.8.0
以下初始化k8s的命令,除了--apiserver-advertise-address是本机的ip地址,其它的可以不变。
[root@centos8-k8s ~]# kubeadm init --kubernetes-version=1.21.3 --apiserver-advertise-address=192.168.17.131 --image-repository registry.aliyuncs.com/google_containers --service-cidr=10.10.0.0/16 --pod-network-cidr=10.122.0.0/16
编辑切换为居中
编辑切换为居中
编辑切换为居中
如果以后添加worker node, 在work node上使用下列命令即可:
kubeadm join 192.168.17.131:6443 --token b4xlai.8cr4z0xk5rl033od \
--discovery-token-ca-cert-hash sha256:bc11bae9f88e65718e286e742108dd93094ffae9e66c76b36d99ddf3e5484d61
[root@centos8-k8s ~]# mkdir -p $HOME/.kube
[root@centos8-k8s ~]# cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
[root@centos8-k8s ~]# chown $(id -u):$(id -g) $HOME/.kube/config
[root@centos8-k8s ~]# source <(kubectl completion bash)
[root@centos8-k8s ~]# kubectl get node
NAME STATUS ROLES AGE VERSION
localhost.localdomain NotReady control-plane,master 15m v1.21.0
[root@centos8-k8s ~]# kubectl get pod --all-namespaces
编辑切换为居中
[root@centos8-k8s ~]# kubectl apply -f https://docs.projectcalico.org/manifests/calico.yaml
编辑切换为居中
[root@centos8-k8s ~]# kubectl get pod --all-namespaces
编辑切换为居中
3. 安装kubernetes-dashboard
[root@centos8-k8s ~]#pwd
/root
[root@centos8-k8s ~]#
wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0/aio/deploy/recommended.yaml
[root@centos8-k8s ~]# vi recommended.yaml
添加如下红色内容:
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
type: NodePort
ports:
- port: 443
targetPort: 8443
nodePort: 30000
selector:
k8s-app: kubernetes-dashboard
[root@centos8-k8s ~]# kubectl create -f recommended.yaml
编辑切换为居中
[root@centos8-k8s ~]# kubectl get pod --all-namespaces
编辑切换为居中
[root@centos8-k8s ~]# systemctl restart kubelet
[root@Cen8-131 ~]# kubectl get node
编辑切换为居中
浏览器访问 https://192.168.17.131:30000/ 注意是https请求 浏览器会提示有风险,忽略,点击高级访问网站
编辑切换为居中
创建token, 授权token 访问权限
[root@centos8-k8s ~]# kubectl create sa dashboard-admin -n kube-system
[root@centos8-k8s ~]# kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
获取token:
[root@centos8-k8s ~]# ADMIN_SECRET=$(kubectl get secrets -n kube-system | grep dashboard-admin | awk '{print $1}')
[root@centos8-k8s ~]# DASHBOARD_LOGIN_TOKEN=$(kubectl describe secret -n kube-system ${ADMIN_SECRET} | grep -E '^token' | awk '{print $2}')
显示token:
[root@centos8-k8s ~]# echo ${DASHBOARD_LOGIN_TOKEN}
eyJhbGciOiJSUzI1NiIsImtpZCI6Il9rRXVVNFYxRVF4ejhtUWo2azQ4QW83ZVNFVU1rX2E2bGM5T0p1eWRUVk0ifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tZnZocGsiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiNDkwZTg2OTUtOWE1NC00YzJjLTljNTEtZDk1NTQ0ZjM4MjUzIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.eQIH-VFkJaRoJT_kTigbSXzCuS5qEkljDGJdoOsM1zmKmSGonQJ2dfdM08tE7JCygyIBXqZMcS1QkaBKpLnqAYN1RdDRW9vLBs_MuQKBKhkzxldfWjHV6HAcdRCGas7uVkzuF61q14vzkadAmGAx0F6VVaWDZVloVUswFNISZ3K4C0v7fEo3a0i7Labmxg-xuyepAlLbVDGDRGcJGoSedXrJLG8MfLCczBMymO0lr6SNAyRkyqOoFWlnGXIlK15xyVbmPWKi-Oi9qKBw6_p0bHSWtCGEXCUAYc2-5Yuh6uOXK_ad3QO3tkAyo7ng0ArHfGTjdcEG-e06euBkYZPJrQ
复制上述token,在浏览器中粘贴,点击“登录“按钮即可,因为kubernetes的dashboard缺省过一段时间就会自动退出,需要重新输入token才能登录,该token长期有效,可以把token保留在文件中,以备以后使用。
编辑切换为居中
编辑切换为居中
使用kubeadm初始化的集群,出于安全考虑Pod不会被调度到master node上,不参与工作负载。本文档只有一个master node,为了允许在master node上部署pod,需运行以下命令:
[root@centos8-k8s ~]# kubectl taint nodes --all node-role.kubernetes.io/master-
node/centos8-k8s untainted
