Kubernetes 搭建之一

初始化环境

☑️ 设置主机名：hostnamectl set-hostname anyu967master1 && bash

☑️ VMware 克隆改 UUID：uuidgen 命令; nmcli connection show; nmcli device show ens33

☑️ 域名解析：vim /etc/hosts

☑️ 配置免密登录：ssh-keygen ssh-copy-id -i ~/.ssh/id_rsa.pub hostname 或者 user@ip

☑️ 关闭 swap：swapoff -a vim /etc/fstab 克隆的虚拟机需删除 UUID

☑️ 修改内核参数：

modprobe br_netfilter lsmod |grep br_netfilter

vim /etc/sysctl.d/k8s.conf

cat > /etc/sysctl.d/k8s.conf <<EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF

sysctl -p /etc/sysctl.d/k8s.conf

☑️ 配置防火墙：

systemctl stop firewalld && systemctl disable firewalld sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config

☑️ 配置 yum 源：

# CentOS-Base.repo
wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo

# epel.repo
wget -O /etc/yum.repos.d/epel.repo https://mirrors.aliyun.com/repo/epel-7.repo

# docker-ce.repo
sudo yum install -y yum-utils device-mapper-persistent-data lvm2
sudo yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

# install
sudo yum -y install wget net-tools nfs-utils lrzsz gcc gcc-c++ make cmake libxml2-devel \
openssl-devel curl curl-devel unzip sudo ntp libaio-devel wget vim ncurses-devel \
autoconf automake zlib-devel python-devel epel-release openssh-server socat ipvsadm \
conntrack ntpdate yum-utils device-mapper-persistent-data lvm2

# kubernetes.repo
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

setenforce 0
yum install -y kubelet kubeadm kubectl
systemctl enable kubelet && systemctl start kubelet

☑️ 时间同步：yum install ntpdate -y ntpdate cn.pool.ntp.org * */1 * * * /usr/sbin/ntpdate cn.pool.ntp.org

☑️ 开启 ipvs（IP Virtual Server）：

# IPVS基本上是一种高效的Layer-4交换机，它提供负载平衡的功能。
# https://www.cnblogs.com/hongdada/p/9758939.html
# ipvs 和 iptables 基于netfilter实现的，ipvs采用hash
  # 1、ipvs为大型集群提供了更好的可扩展性和性能；
  # 2、ipvs 支持比 iptables更复杂的负载均衡算法（rr-轮询调度、lc-最小连接数、dh-目标哈希、sh-源哈希、sed-最短期望延迟、nq-不排队调度）
  # 3、ipvs 支持服务器健康检查和连接重试等

/etc/sysconfig/modules
#!/bin/sh
ipvs_mdules="ip_vs ip_vs_lc ip_vs_wlc ip_vs_rr ip_vs_wrr ip_vs_lblc ip_vs_lblcr ip_vs_dh ip_vs_sh ip_vs_nq ip_vs_sed ip_vs_ftp nf_conntrack"
for kernel_module in ${ipvs_modules}; do
    /sbin/modinfo -F filename ${kernel_module} >/dev/null 2>&1
    if [ 0 -eq 0 ]; then
        /sbin/modprobe ${kernel_module}
    fi
done

☑️ 安装 iptables：yum install iptables-services -y systemctl stop iptables && systemctl disable iptables iptables -F

☑️ 安装 docker 服务： Docker

☑️ CRI（容器运行时）

cri-docker(配置cri-docker使kubernetes1.24以docker作为运行时 - 萌褚 - 博客园 (cnblogs.com)

# https://github.com/Mirantis/cri-dockerd/tags
[root@anyu967node1 Package]# cp cri-dockerd/cri-dockerd /usr/bin/

cat <<EOF > /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF

[root@anyu967node1 Package]# sysctl -p /etc/sysctl.d/k8s.conf

# cri-docker.service
[root@vms41 ~]# cat /usr/lib/systemd/system/cri-docker.service
[Unit]
Description=CRI Interface for Docker Application Container Engine
Documentation=https://docs.mirantis.com
After=network-online.target firewalld.service docker.service
Wants=network-online.target
Requires=cri-docker.socket

[Service]
Type=notify
ExecStart=/usr/bin/cri-dockerd --network-plugin=cni --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.7
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always

StartLimitBurst=3
StartLimitInterval=60s

LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity

TasksMax=infinity
Delegate=yes
KillMode=process

[Install]
WantedBy=multi-user.target

# cri-docker.socket
[root@anyu967node1 Package]# cat /usr/lib/systemd/system/cri-docker.socket
[Unit]
Description=CRI Docker Socket for the API
PartOf=cri-docker.service

[Socket]
ListenStream=%t/cri-dockerd.sock
SocketMode=0660
SocketUser=root
SocketGroup=docker

[Install]
WantedBy=sockets.target

[root@anyu967node1 Package]# kubeadm init --image-repository registry.aliyuncs.com/google_containers --kubernetes-version=v1.24.1 --pod-network-cidr=10.244.0.0/16 --cri-socket /var/run/cri-dockerd.sock

containerd

# 安装 containerd
[root@anyu967node1 Package]# yum install containerd

# 配置 containerd
[root@anyu967node1 Package]# containerd config default > /etc/containerd/config.toml
[root@anyu967node1 Package]# vim /etc/containerd/config.toml
# SystemdCgroup = false 改为 SystemdCgroup = true
# sandbox_image = "k8s.gcr.io/pause:3.6" 改为 sandbox_image="registry.aliyuncs.com/google_containers/pause:3.7"

cat > /etc/crictl.yaml <<EOF
runtime-endpoint: unix:///run/containerd/containerd.sock
image-endpoint: unix:///run/containerd/containerd.sock
timeout: 10
debug: false
EOF

# 配置containerd镜像加速器
[root@anyu967node1 Package]# vim /etc/containerd/config.toml
config_path = "/etc/containerd/certs.d"

[root@anyu967node1 Package]# mkdir /etc/containerd/certs.d/docker.io/ -p
[root@anyu967node1 Package]# vim /etc/containerd/certs.d/docker.io/hosts.toml
[host."https://vh3bm52y.mirror.aliyuncs.com",host."https://registry.docker-cn.com"]
  capabilities = ["pull"]