K8S部署kubeadm安装（一）节点配置

环境：双master节点，单node节点：

yueyuemaster01   10.12.4.23

yueyuemaster02   10.12.4.205

masterjie点VIP      10.12.4.2

yueyuenode01      10.12.4.94

1、添加hosts文件域名解析

#vim /etc/hosts
10.12.4.23   yueyuemaster01
10.12.4.205   yueyuemaster02
10.12.4.94   yueyuenode01

将配置同步至三台节点

#scp  /etc/hosts  root@10.12.4.205:/etc/
#scp  /etc/hosts  root@10.12.4.94:/etc/

2、配置免密登录

 

#ssh-keygen
\N
\N
\N
##############将公钥发送到各个节点，三个节点均要执行此操作
#ssh-copy-id  yueyuemaster01/yueyuemaster02/yueyuenode01

 3、关闭swap分区，来提升性能，三个节点都需要关

#swapoff -a

注释/etc/fatab文件中的swap挂载配置；永久关闭：注释 swap 挂载，给 swap 这行开头加一下注释

如果不关swap分区的化安装部署时，会提示报错(swap，这个当内存不足时，linux会自动使用swap，将部分内存数据存放到磁盘中，这个这样会使性能下降，为了性能考虑推荐关掉；而 kubelet 在 1.8 版本以后强制要求 swap 必须关闭)，或者编辑/etc/sysconfig/kubelet ,添加KUBELET_EXTRA_ARGS="–fail-swap-on=false"

#vim /etc/fstab


#
# /etc/fstab
# Created by anaconda on Mon Dec  6 14:45:43 2021
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/system-root /                       xfs     defaults        0 0
UUID=8292fbfa-af53-483d-b7d3-fe74e9e97fee /boot                   xfs     defaults        0 0
/dev/mapper/system-lv_home /home                   xfs     defaults        0 0
/dev/mapper/system-lv_tmp /tmp                    xfs     defaults        0 0
/dev/mapper/system-lv_usr /usr                    xfs     defaults        0 0
/dev/mapper/system-lv_var /var                    xfs     defaults        0 0
/dev/mapper/system-lv_gwmapp /gwmfc                    xfs     defaults        0 0
/dev/mapper/system-swap  swap                 swap            defaults        0 0
#/dev/mapper/system-swap    none    swap    sw,comment=cloudconfig    0    0

 4、如果是克隆虚拟机注释/etc/fstab中的UUID(未明确)

 

5、加载br_netfilter模块；测试的三个节点都需要添加

#modprobe br_netfilter

查看mod

#lsmod  | grep br_netfilter

6、编辑并加内核参数；测试的三个节点都需要

#vi /etc/sysctl.d/k8s.conf

net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1

#sysctl -p /etc/sysctl.d/k8s.conf

net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1

 7、关闭防火墙(一般是firewalld)；测试的三个节点都需要

#systemctl stop firewalld && systemctl disable firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.

#systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
   Active: inactive (dead)
     Docs: man:firewalld(1)

Jun 29 08:11:10 yueyuenode01 systemd[1]: Stopping firewalld - dynamic firewall daemon...
Jun 29 08:11:11 yueyuenode01 systemd[1]: Stopped firewalld - dynamic firewall daemon.
Hint: Some lines were ellipsized, use -l to show in full.

 8、关闭selinux

#vim /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected. 
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted 

#setenforce 0
#getenforce 
Disabled

9、配置阿里的repo源

 

#cd /etc/yum.repos.d/
#mkdir /root/repo-bak
#mv ./*.repo  /root/repo-bak/
#vim CentOS-Base.repo
# CentOS-Base.repo
#
# The mirror system uses the connecting IP address of the client and the
# update status of each mirror to pick mirrors that are updated to and
# geographically close to the client.  You should use this for CentOS updates
# unless you are manually picking other mirrors.
#
# If the mirrorlist= does not work for you, as a fall back you can try the 
# remarked out baseurl= line instead.
#
#
 
[base]
name=CentOS-$releasever - Base - mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/$releasever/os/$basearch/
        http://mirrors.aliyuncs.com/centos/$releasever/os/$basearch/
        http://mirrors.cloud.aliyuncs.com/centos/$releasever/os/$basearch/
gpgcheck=1
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
 
#released updates 
[updates]
name=CentOS-$releasever - Updates - mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/$releasever/updates/$basearch/
        http://mirrors.aliyuncs.com/centos/$releasever/updates/$basearch/
        http://mirrors.cloud.aliyuncs.com/centos/$releasever/updates/$basearch/
gpgcheck=1
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
 
#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras - mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/$releasever/extras/$basearch/
        http://mirrors.aliyuncs.com/centos/$releasever/extras/$basearch/
        http://mirrors.cloud.aliyuncs.com/centos/$releasever/extras/$basearch/
gpgcheck=1
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
 
#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - Plus - mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/$releasever/centosplus/$basearch/
        http://mirrors.aliyuncs.com/centos/$releasever/centosplus/$basearch/
        http://mirrors.cloud.aliyuncs.com/centos/$releasever/centosplus/$basearch/
gpgcheck=1
enabled=0
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
 
#contrib - packages by Centos Users
[contrib]
name=CentOS-$releasever - Contrib - mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/$releasever/contrib/$basearch/
        http://mirrors.aliyuncs.com/centos/$releasever/contrib/$basearch/
        http://mirrors.cloud.aliyuncs.com/centos/$releasever/contrib/$basearch/
gpgcheck=1
enabled=0
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7

#vim epel.repo
[epel]
name=Extra Packages for Enterprise Linux 7 - $basearch
#baseurl=http://download.fedoraproject.org/pub/epel/7/$basearch
metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=$basearch&infra=$infra&content=$contentdir
failovermethod=priority
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7

[epel-debuginfo]
name=Extra Packages for Enterprise Linux 7 - $basearch - Debug
#baseurl=http://download.fedoraproject.org/pub/epel/7/$basearch/debug
metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-debug-7&arch=$basearch&infra=$infra&content=$contentdir
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
gpgcheck=1

[epel-source]
name=Extra Packages for Enterprise Linux 7 - $basearch - Source
#baseurl=http://download.fedoraproject.org/pub/epel/7/SRPMS
metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-source-7&arch=$basearch&infra=$infra&content=$contentdir
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
gpgcheck=1

安装rzsz命令和scp命令

# yum install lrzsz y
#yum install openssh clients

所有节点配置docker的repo源

####安装yum-config-manager命令包，在yum-utils中
#yum -y install yum-utils
#yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

所有节点添加k8s的repo源

#vim /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetesel7 x86_64/
enabled=1
gpgcheck=0

# scp /etc/yum.repos.d/kubernetes.repo 其他节点:/etc/yum.repos.

 10、设置ntp时间服务器

#yum install ntpdate -y
#ntpdate    ntp服务器地址（或者使用自己的ntp服务器）
#编辑计划任务，每小时同步一次时间
#crontab  -e 
* */1 * * * /usr/sbin/ntpdate   ntp服务器地址
#systemctl restart crond

如没有ntp服务器，安装ntpdate后的默认配置示例

#ntpdate cn.pool.ntp.org
##计划任务
#crontab  -e
* */1 * * * /usr/sbin/ntpdate  cn.pool.ntp.org
#systemctl restart crond

11、配置开启ipvs

#cd /etc/sysconfig/modules/
#vim ipvs.modules
#!/bin/bash
ipvs_modules="ip_vs ip_vs_lc ip_vs_wlc ip_vs_rr ip_vs_wrr ip_vs_lblc ip_vs_lblcr ip_vs_dh ip_vs_sh ip_vs_nq ip_vs_sed ip_vs_ftp nf_conntrack"
for kernel_module in ${ipvs_modules}; do
 /sbin/modinfo -F filename ${kernel_module} > /dev/null 2>&1
 if [ 0 -eq 0 ]; then
 /sbin/modprobe ${kernel_module}
 fi
done
:wq
#chmod +x ipvs.modules
#bash ipvs.modules

 

#lsmod |grep ip
ip_vs_ftp              13079  0 
nf_nat                 26583  1 ip_vs_ftp
ip_vs_sed              12519  0 
ip_vs_nq               12516  0 
ip_vs_sh               12688  0 
ip_vs_dh               12688  0 
ip_vs_lblcr            12922  0 
ip_vs_lblc             12819  0 
ip_vs_wrr              12697  0 
ip_vs_rr               12600  0 
ip_vs_wlc              12519  0 
ip_vs_lc               12516  0 
ip_vs                 145458  22 ip_vs_dh,ip_vs_lc,ip_vs_nq,ip_vs_rr,ip_vs_sh,ip_vs_ftp,ip_vs_sed,ip_vs_wlc,ip_vs_wrr,ip_vs_lblcr,ip_vs_lblc
nf_conntrack          139264  3 ip_vs,nf_nat,nf_conntrack_netlink
ip_set                 45799  0 
libcrc32c              12644  4 xfs,ip_vs,nf_nat,nf_conntrack

12、安装基础软件包

#yum install  yum-utils device mapper persistent data lvm2  wget net-tools nfs-utils lrzsz gcc gcc-c++ make cmake libxml2-devel openssl-devel curl curl-devel unzip sudo ntp libaio-devel wget vim ncurses-devel autoconf automake zlib-devel python-devel epel-release openssh-server socat ipvsadm conntrack ntpdate telnet ipvsadm -y

 

13、安装iptables

#yum install iptables-services -y
#systemctl stop iptables
#systemctl disable iptables
#iptables -F