基础服务
本文基于centos7.5部署
规划
|
10.8.28.200
|
master-VIP
|
|
10.8.31.84
|
k8s-test-master-1
|
|
10.8.152.149
|
k8s-test-master-2
|
|
10.8.191.56
|
k8s-test-master-3
|
|
10.8.85.173
|
k8s-test-node-1
|
将host信息写入hosts文件
系统调优
1 # 关闭swap 2 swapoff -a 3 yes | cp /etc/fstab /etc/fstab_bak 4 cat /etc/fstab_bak |grep -v swap > /etc/fstab 5 6 # 关闭selinux 7 setenforce 0 8 && sed -i 's/^SELINUX=.*$/SELINUX=disabled/' /etc/selinux/config 9 && getenforce 10 11 # 关闭防火墙 12 systemctl stop firewalld 13 && systemctl daemon-reload 14 && systemctl disable firewalld 15 && systemctl daemon-reload 16 && systemctl status firewalld 17 18 yum install -y iptables-services 19 && systemctl stop iptables 20 && systemctl disable iptables 21 && systemctl status iptables 22 23 # 系统参数调优 24 [ ! -e "/etc/sysctl.conf_bk" ] && /bin/mv /etc/sysctl.conf{,_bk} 25 && cat > /etc/sysctl.conf << EOF 26 fs.file-max=1000000 27 fs.nr_open=20480000 28 net.ipv4.tcp_max_tw_buckets = 180000 29 net.ipv4.tcp_sack = 1 30 net.ipv4.tcp_window_scaling = 1 31 net.ipv4.tcp_rmem = 4096 87380 4194304 32 net.ipv4.tcp_wmem = 4096 16384 4194304 33 net.ipv4.tcp_max_syn_backlog = 16384 34 net.core.netdev_max_backlog = 32768 35 net.core.somaxconn = 32768 36 net.core.wmem_default = 8388608 37 net.core.rmem_default = 8388608 38 net.core.rmem_max = 16777216 39 net.core.wmem_max = 16777216 40 net.ipv4.tcp_timestamps = 0 41 net.ipv4.tcp_fin_timeout = 20 42 net.ipv4.tcp_synack_retries = 2 43 net.ipv4.tcp_syn_retries = 2 44 net.ipv4.tcp_syncookies = 1 45 #net.ipv4.tcp_tw_len = 1 46 net.ipv4.tcp_tw_reuse = 1 47 net.ipv4.tcp_mem = 94500000 915000000 927000000 48 net.ipv4.tcp_max_orphans = 3276800 49 net.ipv4.ip_local_port_range = 1024 65000 50 #net.nf_conntrack_max = 6553500 51 #net.netfilter.nf_conntrack_max = 6553500 52 #net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60 53 #net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120 54 #net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120 55 #net.netfilter.nf_conntrack_tcp_timeout_established = 3600 56 EOF 57 sysctl -p 58 59 # k8s部分参数调优 60 cat <<EOF > /etc/sysctl.d/k8s.conf 61 net.bridge.bridge-nf-call-ip6tables = 1 62 net.bridge.bridge-nf-call-iptables = 1 63 net.ipv4.ip_nonlocal_bind = 1 64 net.ipv4.ip_forward = 1 65 vm.swappiness=0 66 EOF 67 sysctl -p /etc/sysctl.d/k8s.conf 68 69 # 开启ipvs 70 cat > /etc/sysconfig/modules/ipvs.modules <<EOF 71 #!/bin/bash 72 modprobe -- ip_vs 73 modprobe -- ip_vs_rr 74 modprobe -- ip_vs_wrr 75 modprobe -- ip_vs_sh 76 modprobe -- nf_conntrack_ipv4 77 EOF 78 chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep -e ip_vs -e nf_conntrack_ipv4 79 80 # 制作镜像(正常安装无需执行) 81 echo "mkdir -p /data/docker" >> /etc/rc.d/rc.local 82 echo "swapoff -a" >> /etc/rc.d/rc.local
安装docker
1 # 拉取rpm文件,国内可以从阿里源下载 2 mkdir -p /data/init/docker && cd /data/init/docker 3 wget https://download.docker.com/linux/centos/7/x86_64/stable/Packages/docker-ce-18.09.8-3.el7.x86_64.rpm 4 wget https://download.docker.com/linux/centos/7/x86_64/stable/Packages/containerd.io-1.2.6-3.3.el7.x86_64.rpm 5 wget https://download.docker.com/linux/centos/7/x86_64/stable/Packages/docker-ce-cli-18.09.8-3.el7.x86_64.rpm 6 yum install -y containerd.io-1.2.6-3.3.el7.x86_64.rpm docker-ce-cli-18.09.8-3.el7.x86_64.rpm docker-ce-18.09.8-3.el7.x86_64.rpm 7 8 # 创建docker目录,修改docker运行参数 9 mkdir /data/docker 10 cat << EOF >/etc/sysconfig/docker 11 INSECURE_REGISTRY="--insecure-registry=harbor.test123.net" 12 DOCKER_NETWORK_OPTIONS="-H fd:// --containerd=/run/containerd/containerd.sock" 13 DOCKER_STORAGE_OPTIONS="--data-root=/data/docker --storage-driver=overlay2" 14 EOF 15 16 # 编辑system unit文件 17 cat << EOF > /usr/lib/systemd/system/docker.service 18 [Unit] 19 Description=Docker Application Container Engine 20 Documentation=https://docs.docker.com 21 BindsTo=containerd.service 22 After=network-online.target firewalld.service containerd.service 23 Wants=network-online.target 24 Requires=docker.socket 25 26 [Service] 27 Type=notify 28 EnvironmentFile=-/etc/sysconfig/docker 29 ExecStart=/usr/bin/dockerd \ 30 $INSECURE_REGISTRY \ 31 $DOCKER_STORAGE_OPTIONS \ 32 $DOCKER_NETWORK_OPTIONS 33 ExecReload=/bin/kill -s HUP $MAINPID 34 TimeoutSec=0 35 RestartSec=2 36 Restart=always 37 StartLimitBurst=3 38 StartLimitInterval=60s 39 LimitNOFILE=infinity 40 LimitNPROC=infinity 41 LimitCORE=infinity 42 TasksMax=infinity 43 Delegate=yes 44 KillMode=process 45 46 [Install] 47 WantedBy=multi-user.target 48 49 EOF 50 51 # 启动docker 52 systemctl daemon-reload 53 systemctl restart docker.service 54 systemctl enable docker.service 55 56 # 验证 57 docker info 58 docker version
安装kubeadm/kubelet/kubectl(选装)
1 cat <<EOF > /etc/yum.repos.d/kubernetes.repo 2 [kubernetes] 3 name=Kubernetes 4 baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64 5 enabled=1 6 gpgcheck=1 7 repo_gpgcheck=1 8 gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg 9 EOF 10 11 yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes 12 13 systemctl enable --now kubelet
预下载镜像
1 kubeadm config images pull 2 [config/images] Pulled k8s.gcr.io/kube-apiserver:v1.15.1 3 [config/images] Pulled k8s.gcr.io/kube-controller-manager:v1.15.1 4 [config/images] Pulled k8s.gcr.io/kube-scheduler:v1.15.1 5 [config/images] Pulled k8s.gcr.io/kube-proxy:v1.15.1 6 [config/images] Pulled k8s.gcr.io/pause:3.1 7 [config/images] Pulled k8s.gcr.io/etcd:3.3.10 8 [config/images] Pulled k8s.gcr.io/coredns:1.3.1
master-1到其他master免密
1 # master-1执行 2 ssh-keygen 3 ssh-copy-id -i /root/.ssh/id_rsa.pub -p 8022 root@k8s-test-master-2 4 ssh-copy-id -i /root/.ssh/id_rsa.pub -p 8022 root@k8s-test-master-3