K8S从入门到放弃系列-(1)环境初始化
一、系统规划
主机名 | IP | 组件 |
k8s-master01 | 192.168.1.225 | etcd、kube-apiserver、kube-controller-manager、kube-scheduler |
k8s-node01 | 192.168.1.226 | kubelet、kube-proxy、docker、dns、calico |
k8s-node02 | 192.168.1.227 | kubelet、kube-proxy、docker、dns、calico |
二、初始化系统基础环境
系统初始化时由于5台机器大部分操作都相同,我这里在配置过程中,在一台主机上进行配置文件创建,然后使用ansible进行分发,当然你也可以直接在对应主机上进行操作。
1)设置主机名
在五台机器分别执行对应设置主机名的命令
hostnamectl set-hostname k8s-master01 hostnamectl set-hostname k8s-node01 hostnamectl set-hostname k8s-node02
2)配置免密钥登陆
以k8s-master01为主机,对另外4台机器进行免密钥登陆
ssh-keygen ##一路回车进行公钥私钥创建 ssh-copy-id -i ~/.ssh/id_rsa.pub root@192.168.1.228 ssh-copy-id -i ~/.ssh/id_rsa.pub root@192.168.1.229 ssh-copy-id -i ~/.ssh/id_rsa.pub root@192.168.1.230
3、建议安装ansible(可以不安装,把生成文件或者命令在各节点执行即可)
这里只需在master01节点安装即可,后续一些操作均在此机器上执行,然后把生成的文件分发至对应节点
yum -y install epel-release yum -y install ansible ansible --version
定义主机组
vim /etc/ansible/hosts [k8s-all] 192.168.1.228 192.168.1.229 192.168.1.230 [k8s-master] 192.168.1.228 [k8s-node] 192.168.1.229 192.168.1.230 [k8s-etcd] 192.168.1.228 192.168.1.229 192.168.1.230 #测试ansible是否正常 ansible k8s-all -m ping
4、关闭防火墙、selinux(5台机器都执行,我这里使用ansible)
##如果你不使用ansible,在各个机器执行一下命令 systemctl stop firewalld systemctl disable firewalld setenforce 0 sed -i "s/^SELINUX=enforcing/SELINUX=disabled/g" /etc/sysconfig/selinux sed -i "s/^SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
[root@k8s-master01 ~]# ansible k8s-all -m shell -a 'systemctl stop firewalld' [root@k8s-master01 ~]# ansible k8s-all -m shell -a 'systemctl disable firewalld' [root@k8s-master01 ~]# ansible k8s-all -m shell -a 'setenforce 0' [root@k8s-master01 ~]# ansible k8s-all -m replace -a 'path=/etc/sysconfig/selinux regexp="SELINUX=enforcing" replace=SELINUX=disabled' [root@k8s-master01 ~]# ansible k8s-all -m replace -a 'path=/etc/selinux/config regexp="SELINUX=enforcing" replace=SELINUX=disabled'
5、配置host主机域名解析
[root@k8s-master01 ~]# vim /etc/hosts 192.168.1.228 k8s-master01 192.168.1.229 k8s-node01 192.168.1.230 k8s-node02 [root@k8s-master01 ~]# ansible k8s-all -m copy -a "src=/etc/hosts dest=/etc/hosts" ##文件分发
6、设置内核,阿里云主机可不设置
[root@k8s-master01 ~]# vim /etc/sysctl.d/k8s.conf net.ipv4.ip_forward = 1 net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 [root@k8s-master01 ~]# ansible k8s-all -m copy -a "src=/etc/sysctl.d/k8s.conf dest=/etc/sysctl.d/k8s.conf" [root@k8s-master01 ~]# ansible k8s-all -m shell -a 'modprobe br_netfilter' [root@k8s-master01 ~]# ansible k8s-all -m shell -a 'sysctl -p /etc/sysctl.d/k8s.conf'
7、时间同步,阿里云主机可不设置
[root@k8s-master01 ~]# ansible k8s-all -m yum -a "name=ntpdate state=latest" [root@k8s-master01 ~]# ansible k8s-all -m cron -a "name='k8s cluster crontab' minute=*/30 hour=* day=* month=* weekday=* job='ntpdate time7.aliyun.com >/dev/null 2>&1'" [root@k8s-master01 ~]# ansible k8s-all -m shell -a "ntpdate time7.aliyun.com"
8、创建集群目录
在集群组件部署之前,先进行对应的目录创建## 所有节点所需目录 [root@k8s-master01 ~]# ansible k8s-all -m file -a 'path=/etc/kubernetes/ssl state=directory' [root@k8s-master01 ~]# ansible k8s-all -m file -a 'path=/etc/kubernetes/config state=directory' ## k8s-master01节点所需目录 [root@k8s-master01 ~]# mkdir -p /opt/k8s/{certs,cfg,unit}
此有锦囊若干,公可依计行事