用于工作快速搭建k8s,适用于kuberbetes小于1.23
系统初始化
配置yum仓库
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
| #添加yum源仓库
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
yum install -y https://www.elrepo.org/elrepo-release-7.0-4.el7.elrepo.noarch.rpm
#更新yum源仓库
yum -y update
#添加阿里云YUM软件源
# cat > /etc/yum.repos.d/kubernetes.repo <<EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
# yum clean all && yum makecache && yum repolist
|
配置hosts
1
2
3
4
5
6
| # hostnamectl set-hostname master01
# cat >> /etc/hosts << EOF
10.0.x.x master01
10.0.x.x node01
EOF
|
⚠未配置会hosts在集群检测会出现以下警告:
1
2
| [WARNING Hostname]: hostname "master01" could not be reached
[WARNING Hostname]: hostname "master01": lookup master01 on 8.8.8.8:53: no such host
|
关闭selinux、swap、firewalld
1
2
3
4
5
6
7
| # sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
# sed -i "s@/dev/mapper/centos-swap@#/dev/mapper/centos-swap@g" /etc/fstab
# swapoff -a
# systemctl disable --now firewalld
# yum remove -y firewalld*
# systemctl disable --now NetworkManager
# systemctl disable --now dnsmasq
|
调整文件打开数等配置
1
2
3
4
5
6
7
8
| cat> /etc/security/limits.conf <<EOF
* soft nproc 1000000
* hard nproc 1000000
* soft nofile 1000000
* hard nofile 1000000
* soft memlock unlimited
* hard memlock unlimited
EOF
|
配置时间同步
1
2
3
4
5
6
| # yum install chrony -y
# vim /etc/chrony.conf
server 127.127.1.0 iburst #表示与本机IP同步时间,其他server注释或删除
allow 192.168.2.0/24 #指定一台主机、子网,或者网络以允许或拒绝NTP连接到扮演时钟服务器的机器
local stratum 10 #不去同步任何人的时间。时间同步服务级别
# systemctl restart chronyd && systemctl enable chronyd
|
1
2
3
4
5
| # yum install chrony -y
# vim /etc/chrony.conf
server 服务端IP iburst
# systemctl restart chronyd && systemctl enable chronyd
# chronyc sources -v #查看同步状态
|
服务器免密登陆(高可用)
1
2
3
| # ssh-keygen -t rsa
# for i in k8s-master01 k8s-master02 k8s-master02 k8s-node01 k8s-node02;do ssh-copy-id -i .ssh/id_rsa.pub $i;done
|
内核升级
1
2
3
4
5
6
| rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
yum -y install https://www.elrepo.org/elrepo-release-7.0-4.el7.elrepo.noarch.rpm
yum --enablerepo=elrepo-kernel install kernel-lt -y
grub2-set-default 0
grub2-mkconfig -o /etc/grub2.cfg
reboot //重启服务器
|
配置IPVS
非必须操作,kube-proxy安装后默认使用iptable规则,也可以修改为IP VS规则。
1
2
3
4
5
6
7
8
9
10
11
12
13
| # yum install -y ipvsadm ipset sysstat conntrack libseccomp
:> /etc/modules-load.d/ipvs.conf
module=(
ip_vs
ip_vs_rr
ip_vs_wrr
ip_vs_sh
br_netfilter
)
for kernel_module in ${module[@]};do
/sbin/modinfo -F filename $kernel_module |& grep -qv ERROR && echo $kernel_module >> /etc/modules-load.d/ipvs.conf || :
done
|
1
2
3
4
5
6
7
8
9
10
11
12
| :> /etc/modules-load.d/ipvs.conf
module=(
ip_vs
ip_vs_rr
ip_vs_wrr
ip_vs_sh
nf_conntrack
br_netfilter
)
for kernel_module in ${module[@]};do
/sbin/modinfo -F filename $kernel_module |& grep -qv ERROR && echo $kernel_module >> /etc/modules-load.d/ipvs.conf || :
done
|
1
2
| systemctl daemon-reload
systemctl enable --now systemd-modules-load.service
|
1
2
3
4
5
6
7
8
| # lsmod | grep ip_vs
ip_vs_sh 16384 0
ip_vs_wrr 16384 0
ip_vs_rr 16384 0
ip_vs 172032 6 ip_vs_rr,ip_vs_sh,ip_vs_wrr
nf_conntrack 172032 6 xt_conntrack,nf_nat,xt_state,ipt_MASQUERADE,xt_CT,ip_vs
nf_defrag_ipv6 20480 4 nf_conntrack,xt_socket,xt_TPROXY,ip_vs
libcrc32c 16384 3 nf_conntrack,nf_nat,ip_vs
|
ummy0网卡和kube-ipvs0网卡:在安装k8s集群时,启用了ipvs的话,就会有这两个网卡。(将service的IP绑定在kube-ipvs0网卡上)
配置内核参数
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
| #系统优化
cat > /etc/sysctl.d/k8s_better.conf << EOF
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1
net.ipv4.ip_forward=1
net.ipv4.tcp_tw_recycle=0
vm.swappiness=0
vm.overcommit_memory=1
vm.panic_on_oom=0
fs.inotify.max_user_instances=8192
fs.inotify.max_user_watches=1048576
fs.file-max=52706963
fs.nr_open=52706963
net.ipv6.conf.all.disable_ipv6=1
net.netfilter.nf_conntrack_max=2310720
EOF
sysctl -p /etc/sysctl.d/k8s_better.conf
|
说明:
lnet.bridge.bridge-nf-call-iptables:开启桥设备内核监控(ipv4)
lnet.ipv4.ip_forward:开启路由转发
lnet.bridge.bridge-nf-call-ip6tables:开启桥设备内核监控(ipv6)
docker部署
1
2
3
4
5
6
7
8
9
| # yum install docker-ce-19.03.8
# systemctl start docker && systemctl enable docker
# cat > /etc/docker/daemon.json <<EOF
{
"registry-mirrors": ["https://xcg41ct3.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"]
}
EOF
# systemctl daemon-reload && systemctl restart docker.service
|
安装kubelet、kubectl、kubeadm
1
2
3
4
5
| # yum install -y kubelet-1.20.6
# yum install -y kubectl-1.20.6
# yum install -y kubeadm-1.20.6
# systemctl start kubelet && systemctl enable kubelet
# systemctl status kubelet
|
设置table键补全
1
| # kubectl completion bash > /etc/bash_completion.d/kubelet
|
1
| # kubeadm completion bash > /etc/bash_completion.d/kubeadm
|
安装master节点
检测环境
检测主机环境是否达到集群的要求,可根据结果提示进行逐一排除故障,
1
| # kubeadm init --dry-run
|
初始化master节点
1
| kubeadm config print init-defaults> init-default.yaml
|
初始化前确保kubelet服务已经启动并设置为开机自启。
1
2
3
4
| # kubeadm init --kubernetes-version=1.20.6 \
--pod-network-cidr=10.244.0.0/16 \
--apiserver-advertise-address=10.0.x.x \
--image-repository registry.aliyuncs.com/google_containers
|
Node部署
1
| # kubeadm token create --print-join-command
|
1
| kubeadm join 192.168.2.11:6443 --token xxxx --discovery-token-ca-cert-hash xxxx
|
安装插件
安装Calico网络插件
1
| # wget https://docs.projectcalico.org/manifests/calico.yaml --no-check-certificate
|
1
| # kubectl apply -f calico.yaml
|