kubeadm安装K8s集群基础环境配置
-
- 1.首先确保所有机器可以通信,然后配置主机hosts文件;
- 2.关闭所有节点关闭防火墙、selinux、swap;
- [3.将桥接的IPv4流量传递到 iptables;](#3.将桥接的IPv4流量传递到 iptables;)
- 4.安装常用工具包;
- 5.安装时间同步工具ntpdate,保证所有的机器时间同步,避免实际使用时产生数据相关的问题;
- 6.设置limit修改内核参数/etc/security/limits.conf添加内容如下;
- 7.master节点配置免密钥登录其他节点;
- 8.升级系统;
- 9.升级内核版本;
- 10.安装ipvsadm及一些相关管理工具;
- 11.配置k8s集群中必须的内核参数;
- 12.安装docker;
机器配置清单
| 节点 | IP | 系统 | docker版本 | kubernetes版本 | 安装软件 |
|---|---|---|---|---|---|
| master1 -- k8s01-m1 | 192.168.0.105 | centos7 | 19.03.9 | 1.20.8 | - |
| master1 -- k8s02-m2 | 192.168.0.106 | centos7 | 19.03.9 | 1.20.8 | - |
| worker1 -- k8s03-n1 | 192.168.0.107 | centos7 | 19.03.9 | 1.20.8 | - |
| worker1 -- k8s04-n2 | 192.168.0.108 | centos7 | 19.03.9 | 1.20.8 | - |
1.首先确保所有机器可以通信,然后配置主机hosts文件;
bash
vim /etc/hosts
192.168.0.105 k8s01-m1
192.168.0.106 k8s02-m2
192.168.0.107 k8s03-n1
192.168.0.108 k8s04-n22.关闭所有节点关闭防火墙、selinux、swap;
- 关闭防火墙
bash
systemctl disable --now firewalld
systemctl disable --now NetworkManager- selinux设置disable;
bash
vim /etc/sysconfig/selinux
SELINUX=disable
- 关闭禁用swap,编辑文件/etc/fstab注释掉swap一行;
bash
vim /etc/fstab
bash
swapoff -a && sysctl -w vm.swappiness=0
3.将桥接的IPv4流量传递到 iptables;
bash
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
bash
sysctl --system 4.安装常用工具包;
bash
yum -y install wget psmisc vim net-tools telnet yum-utils device-mapper-persistent-data lvm2 git network-scripts tar curl5.安装时间同步工具ntpdate,保证所有的机器时间同步,避免实际使用时产生数据相关的问题;
bash
yum install -y ntpdate设置时间5分钟自动同步,加入定时任务当中
bash
crontab -e插入以下内容:
bash
*/5 * * * * /usr/sbin/ntpdate ntp1.aliyun.com ntp2.aliyun.com ntp3.aliyun.com ntp4.aliyun.com > /dev/null 2>&1
6.设置limit修改内核参数/etc/security/limits.conf添加内容如下;
bash
cat >> /etc/security/limits.conf <<EOF
* soft nofile 65535
* hard nofile 65535
* soft noproc 65535
* hard noproc 65535
* soft memlock unlimited
* hard memlock unlimited
EOF
7.master节点配置免密钥登录其他节点;
bash
ssh-keygen -t rsa系统会提示您输入一个密码短语。如果希望完全免密钥登录,直接按回车跳过此步骤。否则,输入并确认密码短语;然后将将生成的key导入到其他节点;
bash
ssh-copy-id root@k8s01-m1
ssh-copy-id root@k8s01-m2
ssh-copy-id root@k8s01-n1
ssh-copy-id root@k8s01-n2运行此命令后,系统会提示您输入远程用户的密码。成功输入密码后,公钥将被复制到远程服务器的 ~/.ssh/authorized_keys 文件中。
8.升级系统;
bash
#排除内核
yum update -y --exclude=kernel* && reboot9.升级内核版本;
查找 kernel rpm 历史版本:http://mirrors.coreix.net/elrepo-archive-archive/kernel/el7/x86_64/RPMS/
- 获取安装包,我这里用的是4.4.6
bash
wget http://193.49.22.109/elrepo/kernel/el7/x86_64/RPMS/kernel-lt-devel-4.4.6-1.el7.elrepo.x86_64.rpm
wget http://193.49.22.109/elrepo/kernel/el7/x86_64/RPMS/kernel-lt-4.4.6-1.el7.elrepo.x86_64.rpm- 安装内核包
bash
yum -y localinstall kernel*
- 查看已安装的内核版本;
bash
#查看已安装的内核版本
rpm -qa | grep kernel
#查看启动顺序
awk -F\' '$1=="menuentry " {print $2}' /etc/grub2.cfg- 将安装的内核版本设置为默认使用;
bash
#设置启动顺序并重启
grub2-set-default 0 && grub2-mkconfig -o /etc/grub2.cfg
#查看默认内核
grubby --default-kernel
reboot- 重启后查看内核版本
bash
uname -r10.安装ipvsadm及一些相关管理工具;
bash
yum -y install ipvsadm ipset sysstat conntrack libseccomp- 内核配置ipvs模块
bash
cat > /etc/modules-load.d/ipvs.conf << EOF
ip_vs
ip_vs_lc
ip_vs_wlc
ip_vs_rr
ip_vs_wrr
ip_vs_lblc
ip_vs_lblcr
ip_vs_dh
ip_vs_sh
ip_vs_fo
ip_vs_nq
ip_vs_sed
ip_vs_ftp
ip_vs_sh
nf_conntrack
ip_tables
ip_set
xt_set
ipt_set
ipt_rpfilter
ipt_REJECT
ipip
EOF- 加载配置
bash
#执行命令启动服务,注意上一步升级内核如果没重启此处会不成功
systemctl enable --now systemd-modules-load.service && reboot
#重启系统后查看是否加载
lsmod | grep -e ip_vs -e nf_conntrack11.配置k8s集群中必须的内核参数;
bash
cat >> /etc/sysctl.d/k8s.conf <<EOF
net.ipv4.ip_forward =1
fs.may_detach_mounts = 1
vm.overcommit_memory = 1
vm.panic_on.oom = 0
fs.inotify.max_user_watches=89100
fs.file-max=52706963
fs.nr_open = 52706963
net.netfilter.nf_conntrack_max = 2310720
net.ipv4.tcp_keepalive_time = 600
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.tcp_keepalive_intvl = 15
net.ipv4.tcp_max_tw_buckets = 36000
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_max_orphans = 327680
net.ipv4.tcp_orphan_retries = 3
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.ip_contrack_max = 65536
net.ipv4.tcp_timestamps = 0
net.core.somaxconn = 16384
EOF- 加载配置重启后查看
bash
sysctl --system && reboot
#配置完成后,重启服务器,查看内核加载情况
lsmod | grep --color=auto -e ip_vs -e nf_conntrack12.安装docker;
- 配置阿里docker源
bash
cat >> /etc/yum.repos.d/docker-ce.repo << 'EOF'
[docker-ce-stable]
name=Docker CE Stable - $basearch
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/$basearch/stable
enabled=1
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
[docker-ce-test]
name=Docker CE Test - $basearch
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/$basearch/test
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
[docker-ce-nightly]
name=Docker CE Nightly - $basearch
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/$basearch/nightly
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
EOF- 更新yum缓存
bash
yum makecache fast- 列出docker ce版本
bash
sudo yum list docker-ce --showduplicates | sort -r- 安装指定版本的docker
bash
sudo yum install -y docker-ce-19.03.9 docker-ce-cli-19.03.9 containerd.io
bash
docker -v
systemctl start docker #--启动docker服务
systemctl enable docker #--开机自启
systemctl status docker- 配置daemon.json
bash
cat > /etc/docker/daemon.json << EOF
{
"exec-opts": ["native.cgroupdriver=systemd"],
"max-concurrent-downloads": 10,
"max-concurrent-uploads": 5,
"log-driver": "json-file",
"storage-driver": "overlay2",
"data-root": "/data/docker",
"storage-opts": [
"overlay2.override_kernel_check=true"
],
"log-opts":{
"max-size": "300m",
"max-file": "2"
},
"live-restore": true
}
EOF- 加载配置并启动
bash
systemctl daemon-reload
systemctl start docker
systemctl enable docker