docker+k3s部署GZCTF
k3s官网
gzctf官方部署文档地址
gzctf官网
一、准备工作
1、准备三台服务器(gzctfweb、k3s-master、k3s-slave)
| name | ip |
| gzctfweb | 192.168.8.100 |
| k3s-master | 192.168.8.101 |
| k3s-slave | 192.168.8.102 |
2、修改用户名
hostnamectl set-hostname gzctfweb # gzctfweb服务器执行
hostnamectl set-hostname k3s-master
hostnamectl set-hostname k3s-slave3、关闭防火墙、清空iptables规则、(所有机器执行)
systemctl disable firewalld && systemctl stop firewalld
iptables -F4、关闭swap分区,关闭selinux(k3s-master和k3s-slave机器执行)
sed -ri 's#(SELINUX=).*#\1disabled#' /etc/selinux/config
setenforce 0
swapoff -a
sed -i ' / swap / s/^\(.*\)$/#\1/g' /etc/fstab5、配置hosts解析(k3s-master和k3s-slave机器执行)
cat >>/etc/hosts<二、安装docker(k3s-master和k3s-slave机器执行)
curl https://releases.rancher.com/install-docker/20.10.sh | sh
systemctl enable --now docker # docker开启自启三、安装k3s集群
1、k3s-master节点执行:
curl -sfL https://rancher-mirror.rancher.cn/k3s/k3s-install.sh | INSTALL_K3S_MIRROR=cn INSTALL_K3S_EXEC="--docker --kube-controller-manager-arg=node-cidr-mask-size=18" sh -systemctl enable --now k3s # k3sserver自启
注意:在安装slave节点时,先在master节点用如下命令查看token
cat /var/lib/rancher/k3s/server/node-token
2、k3s-slave节点执行:
curl -sfL https://rancher-mirror.rancher.cn/k3s/k3s-install.sh | INSTALL_K3S_MIRROR=cn INSTALL_K3S_EXEC="--docker" K3S_URL=https://myserver:6443 K3S_TOKEN=mytoken sh - # myserver:master节点的ip、mytoken就是在master节点查看到的内容
systemctl enable --now k3s.agent # 开启自启
3、更改 NodePort 端口范围(k3s-master机器执行)
vim /etc/systemd/system/k3s.service在ExecStart=/usr/local/bin/k3s最后写入如下内容
--kube-apiserver-arg service-node-port-range=20000-500004、更改 K3s 的容器数量限制(k3s-master和k3s-slave机器执行)
①:
vim /etc/rancher/k3s/kubelet.config
编写如下内容:
apiVersion: kubelet.config.k8s.io/v1beta1
kind: KubeletConfiguration
maxPods: 500 # 容器数量限制②:
vim /etc/systemd/system/k3s.service在ExecStart=/usr/local/bin/k3s最后写入如下内容:
--kubelet-arg=config=/etc/rancher/k3s/kubelet.config5、添加容器镜像仓库(k3s-master机器执行)
vim /etc/rancher/k3s/registries.yaml
写入以下内容(我用的是docker仓库,这里可以根据自己的实际情况更改):
mirrors:
"docker.io":
endpoint:
- "https://hub.docker.com"6、重启k3s集群
systemctl daemon-reload && systemctl restart k3s # master节点
systemctl daemon-reload && systemctl restart k3s-agent # slave节点四、搭建gzctf(在gzctfweb机器上执行)
1、准备文件
① docker-compose.yml #在k3s官网下载
version: '3.0'
services:
gzctf:
image: gztime/gzctf:latest
restart: always
environment:
- "GZCTF_ADMIN_PASSWORD=myctfpassword" # gzctf管理员初始密码
ports:
- "8080:80"
networks:
default:
volumes:
- "./data/files:/app/uploads"
- "./appsettings.json:/app/appsettings.json:ro"
- "./logs:/app/log"
# - "./data/keys:/root/.aspnet/DataProtection-Keys"
- "./k8sconfig.yaml:/app/k8sconfig.yaml:ro"
# - "/var/run/docker.sock:/var/run/docker.sock"
depends_on:
- db
db:
image: postgres:alpine
restart: always
environment:
- "POSTGRES_PASSWORD=mydbpassword" # 数据库的密码
networks:
default:
volumes:
- "./data/db:/var/lib/postgresql/data"
networks:
default:
driver: bridge
ipam:
config:
- subnet: 192.168.12.0/24
② appsettings.json # 在k3s官网下载
{
"AllowedHosts": "*",
"ConnectionStrings": {
"Database": "Host=db:5432;Database=gzctf;Username=postgres;Password=mydbpassword" //数据库的信息
// redis is optional
//"RedisCache": "cache:6379,password="
},
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft": "Warning",
"Microsoft.Hosting.Lifetime": "Information"
}
},
"EmailConfig": {
"SendMailAddress": "[email protected]",
"UserName": "",
"Password": "",
"Smtp": {
"Host": "localhost",
"Port": 587
}
},
"XorKey": "",
"ContainerProvider": {
"Type": "Kubernetes", // or "Kubernetes"
"PublicEntry": "192.168.100.101", // or "xxx.xxx.xxx.xxx" //这里可以写k3s-master的ip
"DockerConfig": {
// optional
"SwarmMode": false,
"Uri": "unix:///var/run/docker.sock"
}
},
"RequestLogging": false,
"DisableRateLimit": false,
"RegistryConfig": {
"UserName": "",
"Password": "",
"ServerAddress": ""
},
"GoogleRecaptcha": {
"VerifyAPIAddress": "https://www.recaptcha.net/recaptcha/api/siteverify",
"Sitekey": "",
"Secretkey": "",
"RecaptchaThreshold": "0.5"
}
}
③ k8sconfig.yaml # 在master节点获取:cat /etc/rancher/k3s/k3s.yaml 保存为k8sconfig.yaml,
修改k8sconfig.yaml中的server字段,将ip地址改为master节点ip,端口号不变
2. 将以上三个文件置于同一文件夹下
3、启动gzctf
docker compose -f docker-compose.yml up # 前台运行,加-d参数可后台运行
docker compose -f docker-compose.yml stop # 停止
docker compose -f docker-compose.yml rm # 删除