堆栈内存溢出
  简体   繁体   English

准备 VPS 以使用 Kubespray 安装 Kubernetes

[英]Prepare VPS for installing Kubernetes with Kubespray

 原文  2020-01-21 10:22:24       ubuntu/ kubernetes/ kubespray

问题描述

I have 3 VPS based on Ubuntu 18.04 server and would like to build a kubernetes cluster.我有 3 个基于 Ubuntu 18.04 服务器的 VPS,想构建一个 kubernetes 集群。

I going to use Kubespray to install the Kubernetes cluster and my questions are:我将使用 Kubespray 安装 Kubernetes 集群,我的问题是:

  • How to prepare servers, that they can talk to each other如何准备服务器,让他们可以互相交谈
  • How to setup the firewall, that the communication between VPS do not block如何设置防火墙,使 VPS 之间的通信不阻塞
  • Is it possible to configure the firewall, to open particular port for a particular IP address.是否可以配置防火墙,为特定 IP 地址打开特定端口。 For example, only a VPS with 1.11.111.110 is allowed to access the port 10255 on VPS 1.11.111.111.例如,只有 1.11.111.110 的 VPS 才能访问 VPS 1.11.111.111 上的端口 10255。
  • What else do I have to consider?我还需要考虑什么?

4 个解决方案

解决方案1
 3  2020-01-21 14:32:54

  • How to prepare servers, that they can talk to each other如何准备服务器,让他们可以互相交谈

For prepare your Ubuntu instances to install Kubernetes you could check this guide.要准备 Ubuntu 实例以安装 Kubernetes,您可以查看指南。 Use the kubespray documentation to create your cluster.使用 kubespray 文档来创建您的集群。

  • How to setup the firewall, that the communication between VPS do not block如何设置防火墙,使 VPS 之间的通信不阻塞
  • Is it possible to configure the firewall, to open particular port for a particular IP address.是否可以配置防火墙,为特定 IP 地址打开特定端口。 For example, only a VPS with 1.11.111.110 is allowed to access the port 10255 on VPS 1.11.111.111.例如,只有 1.11.111.110 的 VPS 才能访问 VPS 1.11.111.111 上的端口 10255。

You could use iptables to make specific rule from you nodes, but I think it will be a challenge to manage theses rules for your service by hand... you could try but it will be really hard to manage and maintain.您可以使用 iptables 从您的节点制定特定规则,但我认为手动管理您的服务的这些规则将是一个挑战……您可以尝试,但它很难管理和维护。

What else do I have to consider?我还需要考虑什么?

I recommend this setup for understand how to Kubernetes works and for tests purposes, but it is not production-ready, the security of your node could be compromised since you are exposed the Kubernetes ports over the internet.我建议使用此设置来了解 Kubernetes 的工作原理和测试目的,但它不是生产就绪的,由于您通过 Internet 暴露了 Kubernetes 端口,因此您的节点的安全性可能会受到损害。

You can consider also use kubernetes as a single node, take a look is this link.您也可以考虑使用 kubernetes 作为单个节点,看看是这个链接。

解决方案2
 2 已采纳  2020-01-21 15:47:12

If you are using Kubespray, I strongly recommend just following their guidelines and documentation.如果您使用 Kubespray,我强烈建议您遵循他们的指南和文档。 They are very comprehensive and detailed.它们非常全面和详细。

https://kubespray.io/#/ https://kubespray.io/#/

In its current version, Kubespray is a comprehensive wrapper for kubeadm, adding a number of features missing from kubeadm itself.在其当前版本中,Kubespray 是 kubeadm 的综合包装器,添加了 kubeadm 本身缺少的许多功能。

In short, preparing hosts is a matter of allowing remote SSH from the control machine (which is usually your own desktop), prepare the inventory carefully reviewing all of its *.yaml files.简而言之,准备主机就是允许从控制机器(通常是您自己的桌面)进行远程 SSH,仔细检查所有*.yaml文件准备清单。 Once you configure the inventory and install a few python dependencies on the VPS hosts, just fire Kubespray from the terminal and wait.一旦您配置了清单并在 VPS 主机上安装了一些 python 依赖项,只需从终端启动 Kubespray 并等待。

Keep in mind that it's not a perfect tool, and there are flaws during the cluster lifecycle.请记住,它不是一个完美的工具,并且在集群生命周期中存在缺陷。 But it will at least give you a headstart bootstrapping a full production ready cluster.但它至少会给你一个启动一个完整的生产就绪集群的先机。

解决方案3
 0  2020-06-04 12:42:29

Here what i fill which you can do -这是我填写的你可以做的 -

  1. How to prepare servers ?如何准备服务器? - I used the the vagrant to spin up the servers - 我使用 vagrant 来启动服务器
  2. How to setup the firewall?如何设置防火墙? - Either you can set up the firewall rules for the IPs which you have defined in the vagrant file or disable the firewall between the nodes. - 您可以为在 vagrant 文件中定义的 IP 设置防火墙规则,或者禁用节点之间的防火墙。

I would recommend going through the following guide which covers all the steps which i used for setting up kubernetes cluster using kubespray -我建议阅读以下指南,其中涵盖了我使用 kubespray 设置 kubernetes 集群的所有步骤 -

https://jhooq.com/kubespray-12-steps-for-installing-a-production-ready-kubernetes-cluster/ https://jhooq.com/kubespray-12-steps-for-installing-a-production-ready-kubernetes-cluster/

解决方案4
 0  2020-12-16 08:20:07

Also consider things Ubuntu does you might not want, such as checking swap (even when you don't have any) and disabling unattended upgrades which can bring down an otherwise capable system:还要考虑 Ubuntu 可能不希望做的事情,例如检查交换(即使您没有交换)和禁用无人值守升级,这可能会导致其他功能强大的系统崩溃:

sudo swapoff -a && \
apt remove unattended-upgrades -y && \
killall -9 unattended-upgr 2>/dev/null

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 在VPS服务器上安装Kubernetes - Install Kubernetes on VPS server 在我的第一个VPS上的Ubuntu上安装ruby - Installing ruby on ubuntu on my first VPS 在Ubuntu 12.10 VPS上安装Rails-错误 - Installing Rails on Ubuntu 12.10 VPS - errors 在Ubuntu上安装docker和kubernetes - Installing docker and kubernetes on Ubuntu 如何准备Ubuntu 14.04以安装Django - How to prepare Ubuntu 14.04 for installing Django 在Ubuntu v12 VPS上安装“ imagemagick”时遇到问题 - Having issues with installing “imagemagick” on Ubuntu v12 VPS 使用Ubuntu在虚拟盒子上安装Kubernetes - Installing Kubernetes on Virtual box with Ubuntu 在Ubuntu 12.04.5(Dreamhost VPS)上安装WKHTMLtoPDF 0.12.x 64位 - Installing WKHTMLtoPDF 0.12.x 64 bit on Ubuntu 12.04.5 (Dreamhost VPS) 在 ubuntu 18.4/16.4 VPS 上安装 mssql-server 2019 时出现多个错误 - multiple errors in installing mssql-server 2019 on ubuntu 18.4/16.4 VPS 在 Ubuntu 上安装 Kubernetes 会给出“与服务器 localhost:8080 的连接被拒绝 - 您是否指定了正确的主机或端口?” - Installing Kubernetes on Ubuntu gives "The connection to the server localhost:8080 was refused - did you specify the right host or port?"
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM