K8S部署kubeadm安装(一)节点配置
环境:双master节点,单node节点:
yueyuemaster01 10.12.4.23
yueyuemaster02 10.12.4.205
masterjie点VIP 10.12.4.2
yueyuenode01 10.12.4.94
1、添加hosts文件域名解析
#vim /etc/hosts 10.12.4.23 yueyuemaster01 10.12.4.205 yueyuemaster02 10.12.4.94 yueyuenode01
将配置同步至三台节点
#scp /etc/hosts root@10.12.4.205:/etc/ #scp /etc/hosts root@10.12.4.94:/etc/
2、配置免密登录
#ssh-keygen \N \N \N ##############将公钥发送到各个节点,三个节点均要执行此操作 #ssh-copy-id yueyuemaster01/yueyuemaster02/yueyuenode01
3、关闭swap分区,来提升性能,三个节点都需要关
#swapoff -a
注释/etc/fatab文件中的swap挂载配置;永久关闭:注释 swap 挂载,给 swap 这行开头加一下注释
如果不关swap分区的化安装部署时,会提示报错(swap,这个当内存不足时,linux会自动使用swap,将部分内存数据存放到磁盘中,这个这样会使性能下降,为了性能考虑推荐关掉;而 kubelet 在 1.8 版本以后强制要求 swap 必须关闭),或者编辑/etc/sysconfig/kubelet ,添加KUBELET_EXTRA_ARGS="–fail-swap-on=false"
#vim /etc/fstab # # /etc/fstab # Created by anaconda on Mon Dec 6 14:45:43 2021 # # Accessible filesystems, by reference, are maintained under '/dev/disk' # See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info # /dev/mapper/system-root / xfs defaults 0 0 UUID=8292fbfa-af53-483d-b7d3-fe74e9e97fee /boot xfs defaults 0 0 /dev/mapper/system-lv_home /home xfs defaults 0 0 /dev/mapper/system-lv_tmp /tmp xfs defaults 0 0 /dev/mapper/system-lv_usr /usr xfs defaults 0 0 /dev/mapper/system-lv_var /var xfs defaults 0 0 /dev/mapper/system-lv_gwmapp /gwmfc xfs defaults 0 0 /dev/mapper/system-swap swap swap defaults 0 0 #/dev/mapper/system-swap none swap sw,comment=cloudconfig 0 0
4、如果是克隆虚拟机注释/etc/fstab中的UUID(未明确)
5、加载br_netfilter模块;测试的三个节点都需要添加
#modprobe br_netfilter
查看mod
#lsmod | grep br_netfilter
6、编辑并加内核参数;测试的三个节点都需要
#vi /etc/sysctl.d/k8s.conf net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 net.ipv4.ip_forward = 1
#sysctl -p /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
7、关闭防火墙(一般是firewalld);测试的三个节点都需要
#systemctl stop firewalld && systemctl disable firewalld Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service. Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service. #systemctl status firewalld ● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled) Active: inactive (dead) Docs: man:firewalld(1) Jun 29 08:11:10 yueyuenode01 systemd[1]: Stopping firewalld - dynamic firewall daemon... Jun 29 08:11:11 yueyuenode01 systemd[1]: Stopped firewalld - dynamic firewall daemon. Hint: Some lines were ellipsized, use -l to show in full.
8、关闭selinux
#vim /etc/selinux/config # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=disabled # SELINUXTYPE= can take one of three two values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted
#setenforce 0 #getenforce Disabled
9、配置阿里的repo源
#cd /etc/yum.repos.d/ #mkdir /root/repo-bak #mv ./*.repo /root/repo-bak/ #vim CentOS-Base.repo # CentOS-Base.repo # # The mirror system uses the connecting IP address of the client and the # update status of each mirror to pick mirrors that are updated to and # geographically close to the client. You should use this for CentOS updates # unless you are manually picking other mirrors. # # If the mirrorlist= does not work for you, as a fall back you can try the # remarked out baseurl= line instead. # # [base] name=CentOS-$releasever - Base - mirrors.aliyun.com failovermethod=priority baseurl=http://mirrors.aliyun.com/centos/$releasever/os/$basearch/ http://mirrors.aliyuncs.com/centos/$releasever/os/$basearch/ http://mirrors.cloud.aliyuncs.com/centos/$releasever/os/$basearch/ gpgcheck=1 gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7 #released updates [updates] name=CentOS-$releasever - Updates - mirrors.aliyun.com failovermethod=priority baseurl=http://mirrors.aliyun.com/centos/$releasever/updates/$basearch/ http://mirrors.aliyuncs.com/centos/$releasever/updates/$basearch/ http://mirrors.cloud.aliyuncs.com/centos/$releasever/updates/$basearch/ gpgcheck=1 gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7 #additional packages that may be useful [extras] name=CentOS-$releasever - Extras - mirrors.aliyun.com failovermethod=priority baseurl=http://mirrors.aliyun.com/centos/$releasever/extras/$basearch/ http://mirrors.aliyuncs.com/centos/$releasever/extras/$basearch/ http://mirrors.cloud.aliyuncs.com/centos/$releasever/extras/$basearch/ gpgcheck=1 gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7 #additional packages that extend functionality of existing packages [centosplus] name=CentOS-$releasever - Plus - mirrors.aliyun.com failovermethod=priority baseurl=http://mirrors.aliyun.com/centos/$releasever/centosplus/$basearch/ http://mirrors.aliyuncs.com/centos/$releasever/centosplus/$basearch/ http://mirrors.cloud.aliyuncs.com/centos/$releasever/centosplus/$basearch/ gpgcheck=1 enabled=0 gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7 #contrib - packages by Centos Users [contrib] name=CentOS-$releasever - Contrib - mirrors.aliyun.com failovermethod=priority baseurl=http://mirrors.aliyun.com/centos/$releasever/contrib/$basearch/ http://mirrors.aliyuncs.com/centos/$releasever/contrib/$basearch/ http://mirrors.cloud.aliyuncs.com/centos/$releasever/contrib/$basearch/ gpgcheck=1 enabled=0 gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
#vim epel.repo [epel] name=Extra Packages for Enterprise Linux 7 - $basearch #baseurl=http://download.fedoraproject.org/pub/epel/7/$basearch metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=$basearch&infra=$infra&content=$contentdir failovermethod=priority enabled=1 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7 [epel-debuginfo] name=Extra Packages for Enterprise Linux 7 - $basearch - Debug #baseurl=http://download.fedoraproject.org/pub/epel/7/$basearch/debug metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-debug-7&arch=$basearch&infra=$infra&content=$contentdir failovermethod=priority enabled=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7 gpgcheck=1 [epel-source] name=Extra Packages for Enterprise Linux 7 - $basearch - Source #baseurl=http://download.fedoraproject.org/pub/epel/7/SRPMS metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-source-7&arch=$basearch&infra=$infra&content=$contentdir failovermethod=priority enabled=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7 gpgcheck=1
安装rzsz命令和scp命令
# yum install lrzsz y #yum install openssh clients
所有节点配置docker的repo源
####安装yum-config-manager命令包,在yum-utils中 #yum -y install yum-utils #yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
所有节点添加k8s的repo源
#vim /etc/yum.repos.d/kubernetes.repo [kubernetes] name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetesel7 x86_64/ enabled=1 gpgcheck=0
# scp /etc/yum.repos.d/kubernetes.repo 其他节点:/etc/yum.repos.
10、设置ntp时间服务器
#yum install ntpdate -y #ntpdate ntp服务器地址(或者使用自己的ntp服务器) #编辑计划任务,每小时同步一次时间 #crontab -e * */1 * * * /usr/sbin/ntpdate ntp服务器地址 #systemctl restart crond
如没有ntp服务器,安装ntpdate后的默认配置示例
#ntpdate cn.pool.ntp.org ##计划任务 #crontab -e * */1 * * * /usr/sbin/ntpdate cn.pool.ntp.org #systemctl restart crond
11、配置开启ipvs
#cd /etc/sysconfig/modules/ #vim ipvs.modules #!/bin/bash ipvs_modules="ip_vs ip_vs_lc ip_vs_wlc ip_vs_rr ip_vs_wrr ip_vs_lblc ip_vs_lblcr ip_vs_dh ip_vs_sh ip_vs_nq ip_vs_sed ip_vs_ftp nf_conntrack" for kernel_module in ${ipvs_modules}; do /sbin/modinfo -F filename ${kernel_module} > /dev/null 2>&1 if [ 0 -eq 0 ]; then /sbin/modprobe ${kernel_module} fi done :wq #chmod +x ipvs.modules #bash ipvs.modules
#lsmod |grep ip ip_vs_ftp 13079 0 nf_nat 26583 1 ip_vs_ftp ip_vs_sed 12519 0 ip_vs_nq 12516 0 ip_vs_sh 12688 0 ip_vs_dh 12688 0 ip_vs_lblcr 12922 0 ip_vs_lblc 12819 0 ip_vs_wrr 12697 0 ip_vs_rr 12600 0 ip_vs_wlc 12519 0 ip_vs_lc 12516 0 ip_vs 145458 22 ip_vs_dh,ip_vs_lc,ip_vs_nq,ip_vs_rr,ip_vs_sh,ip_vs_ftp,ip_vs_sed,ip_vs_wlc,ip_vs_wrr,ip_vs_lblcr,ip_vs_lblc nf_conntrack 139264 3 ip_vs,nf_nat,nf_conntrack_netlink ip_set 45799 0 libcrc32c 12644 4 xfs,ip_vs,nf_nat,nf_conntrack
12、安装基础软件包
#yum install yum-utils device mapper persistent data lvm2 wget net-tools nfs-utils lrzsz gcc gcc-c++ make cmake libxml2-devel openssl-devel curl curl-devel unzip sudo ntp libaio-devel wget vim ncurses-devel autoconf automake zlib-devel python-devel epel-release openssh-server socat ipvsadm conntrack ntpdate telnet ipvsadm -y
13、安装iptables
#yum install iptables-services -y #systemctl stop iptables #systemctl disable iptables #iptables -F