鏡像下載、功能變數名稱解析、時間同步請點擊 阿裡雲開源鏡像站 安裝依賴包 yum install -y conntrack ntpdate ntp ipvsadm ipset jq iptables curl systat libseccomp wget vim net-tools git iptables ...
鏡像下載、功能變數名稱解析、時間同步請點擊 阿裡雲開源鏡像站
安裝依賴包
yum install -y conntrack ntpdate ntp ipvsadm ipset jq iptables curl systat libseccomp wget vim net-tools git iptables-services
關閉防火牆,為iptables設置規則
systemctl stop firewalld && systemctl disable firewalld && systemctl status firewalld
systemctl start iptables && systemctl enable iptables && iptables -F && service iptables save
關閉SWAP 和 SELINUX
swapoff -a && sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
setenforce 0 && sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config
調整內核參數,對於k8s
cat > /etc/sysctl.d/kubernetes.conf << EOF
net.bridge.bridge-nf-call-iptables=1 #開啟網橋模式
net.bridge.bridge-nf-call-ip6tables=1 #開啟網橋模式
net.ipv4.ip_forward=1
net.ipv4.tcp_tw_recycle=0
vm.swappiness=0 #禁止使用 swap 空間, 只有當系統 OOM 時才允許使用它
vm.overcommit_memory=1 #不檢查物理記憶體是否夠用
vm.panic_on_oom=0 #開啟OOM
fs.inotify.max_user_instances=8192
fs.inotify.max_user_watches=1048576
fs.file-max=52706963
fs.nr_open=52706963
net.ipv6.conf.all.disable_ipv6=1 #關閉IPV6協議
net.netfilter.nf_conntrack_max=2310720
EOF
sysctl -p /etc/sysctl.d/kubernetes.conf
調整系統時區
# 設置系統時區為 中國/上海
timedatectl set-timezone Asia/Shanghai
關閉系統不需要服務,postfix是郵件服務
systemctl stop postfix && systemctl disable postfix
設置rsyslogd 和 systemd journald
# 創建持久化保存日誌目錄
mkdir -p /var/log/journal
# 創建配置文件存放目錄
mkdir -p /etc/systemd/journald.conf.d
# 創建配置文件
cat > /etc/systemd/journald.conf.d/99-prophet.conf << EOF
[Journal]
#持久化保存到磁碟
Storage=persistent
#壓縮歷史日誌
Compress=yes
SyncIntervalSec=5m
RateLimitInterval=30s
RateLimitBurst=1000
#最大占用空間10G
SystemMaxUse=10G
#單日誌文件最大200M
SystemMaxFileSize=200M
#日誌保存時間2周
MaxRetentionSec=2week
#不將日誌轉發到syslog
ForwardToSyslog=no
EOF
# 重啟journald
systemctl restart systemd-journald
kube-proxy開啟ipvs的前置條件
modprobe br_netfilter
cat > /etc/sysconfig/modules/ipvs.modules << EOF
#!/bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4
EOF
chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep -e ip_vs -e nf_conntrack_ipv4
安裝 Docker 軟體
# 配置daemon
cat > /etc/docker/daemon.json << EOF
{
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
}
}
EOF
# 重啟docker
systemctl daemon-reload && systemctl restart docker
安裝 Kubeadm (主從配置)
# 配置yum源
cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
# 安裝 kubeadm 初始化工具,kubectl 命令行管理工具,kubelet
yum -y install kubeadm-1.15.1 kubectl-1.15.1 kubelet-1.15.1
# 設置開機自啟
systemctl enable kubelet
初始化主節點
註意:
1.advertiseAddress需要更換為master伺服器的ip地址
# 列印預設的初始化文件,列印到kubeadm-init.yaml
kubeadm config print init-defaults > kubeadm-init.yaml
# 修改
cat > kubeadm-init.yaml << EOF
apiVersion: kubeadm.k8s.io/v1beta2
bootstrapTokens:
- groups:
- system:bootstrappers:kubeadm:default-node-token
token: abcdef.0123456789abcdef
ttl: 24h0m0s
usages:
- signing
- authentication
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: xx.xx.xx.xx # master節點的IP地址
bindPort: 6443
nodeRegistration:
criSocket: /var/run/dockershim.sock
name: master
taints:
- effect: NoSchedule
key: node-role.kubernetes.io/master
---
apiServer:
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta2
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns:
type: CoreDNS
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: k8s.gcr.io
kind: ClusterConfiguration
kubernetesVersion: v1.15.1
networking:
dnsDomain: cluster.local
podSubnet: 10.244.0.0/16
serviceSubnet: 10.96.0.0/12
scheduler: {}
---
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
featureGates:
SupportIPVSProxyMode: true
mode: ipvs
EOF
# 啟動
kubeadm init --config=kubeadm-init.yaml | tee kubeadm-init.log
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
mkdir -p /root/install-k8s/core
mv /root/kubeadm-init.* /root/install-k8s/core
安裝 flannel
mkdir -p /root/install-k8s/plugin/flannel
cd /root/install-k8s/plugin/flannel
wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
kubectl apply -f /root/install-k8s/plugin/flannel/kube-flannel.yml
本文轉自:https://blog.csdn.net/weixin_45456679/article/details/123423237
