k8s的搭建1.15（一）

1.  初始化系统  

yum install net-tools vim wget lrzsz git -y

  2. 关闭防火墙和selinux

systemctl stop firewalld
systemctl disable firewalld
sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
reboot

3.设置时区

\cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime -rf

4. 关闭交换分区

swapoff -a
sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab

5.设置时间同步

 yum install -y ntpdate
ntpdate -u ntp.api.bz
echo "*/5 * * * * ntpdate time7.aliyun.com >/dev/null 2>&1" >> /etc/crontab
systemctl  restart crond
systemctl  enable crond 

7. 设置hosts解析

192.168.168.51  master51
192.168.168.52  master52
192.168.168.53  node53
192.168.168.54  node54
192.168.168.55  node55

8.免密钥（省略）

9.优化内核参数

cat >/etc/sysctl.d/kubernetes.conf <<EOF
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1
net.ipv4.ip_forward=1
vm.swappiness=0
fs.file-max=52706963
fs.nr_open=52706963
EOF

sysctl -p

10. 安装keepalivyum install -y keepalived

cat >/etc/keepalived/keepalived.conf <<EOL
global_defs {
   router_id KUB_LVS
}
vrrp_script CheckMaster {
    script "curl -k https://192.168.168.100:6443"
    interval 3
    timeout 9
    fall 2
    rise 2
}
vrrp_instance VI_1 {
    state MASTER
    interface ens33
    virtual_router_id 61
    priority 100
    advert_int 1
    nopreempt
    authentication {
        auth_type PASS
        auth_pass 111111
    }
    virtual_ipaddress {
        192.168.168.100/24 dev ens33
    }
    track_script {
        CheckMaster
    }
}
EOL
#SLAVE
#修改state为slave, priority 为 90
 systemctl enable keepalived && systemctl restart keepalived
service keepalived status

11. 下载创建证书工具

mkdir /soft && cd /soft
wget https://pkg.cfssl.org/R1.2/cfssl_linux-amd64
wget https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64
wget https://pkg.cfssl.org/R1.2/cfssl-certinfo_linux-amd64
chmod +x cfssl_linux-amd64 cfssljson_linux-amd64 cfssl-certinfo_linux-amd64
mv cfssl_linux-amd64 /usr/local/bin/cfssl
mv cfssljson_linux-amd64 /usr/local/bin/cfssljson
mv cfssl-certinfo_linux-amd64 /usr/bin/cfssl-certinfo