
xiaojizhi2023
2023/03/05阅读:31主题:默认主题
kubernetes部署之一

Kubernetes 搭建之一
初始化环境
☑️ 设置主机名:hostnamectl set-hostname anyu967master1 && bash
☑️ VMware 克隆改 UUID:uuidgen 命令; nmcli connection show; nmcli device show ens33
☑️ 域名解析:vim /etc/hosts
☑️ 配置免密登录:ssh-keygen
ssh-copy-id -i ~/.ssh/id_rsa.pub hostname 或者 user@ip
☑️ 关闭 swap:swapoff -a vim /etc/fstab
克隆的虚拟机需删除 UUID
☑️ 修改内核参数:
-
modprobe br_netfilter
lsmod |grep br_netfilter
-
vim /etc/sysctl.d/k8s.conf
cat > /etc/sysctl.d/k8s.conf <<EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF
sysctl -p /etc/sysctl.d/k8s.conf
☑️ 配置防火墙:
systemctl stop firewalld && systemctl disable firewalld
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
☑️ 配置 yum 源:
# CentOS-Base.repo
wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
# epel.repo
wget -O /etc/yum.repos.d/epel.repo https://mirrors.aliyun.com/repo/epel-7.repo
# docker-ce.repo
sudo yum install -y yum-utils device-mapper-persistent-data lvm2
sudo yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
# install
sudo yum -y install wget net-tools nfs-utils lrzsz gcc gcc-c++ make cmake libxml2-devel \
openssl-devel curl curl-devel unzip sudo ntp libaio-devel wget vim ncurses-devel \
autoconf automake zlib-devel python-devel epel-release openssh-server socat ipvsadm \
conntrack ntpdate yum-utils device-mapper-persistent-data lvm2
# kubernetes.repo
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
setenforce 0
yum install -y kubelet kubeadm kubectl
systemctl enable kubelet && systemctl start kubelet
☑️ 时间同步:yum install ntpdate -y
ntpdate cn.pool.ntp.org
* */1 * * * /usr/sbin/ntpdate cn.pool.ntp.org
☑️ 开启 ipvs(IP Virtual Server):
# IPVS基本上是一种高效的Layer-4交换机,它提供负载平衡的功能。
# https://www.cnblogs.com/hongdada/p/9758939.html
# ipvs 和 iptables 基于netfilter实现的,ipvs采用hash
# 1、ipvs为大型集群提供了更好的可扩展性和性能;
# 2、ipvs 支持比 iptables更复杂的负载均衡算法(rr-轮询调度、lc-最小连接数、dh-目标哈希、sh-源哈希、sed-最短期望延迟、nq-不排队调度)
# 3、ipvs 支持服务器健康检查和连接重试等
/etc/sysconfig/modules
#!/bin/sh
ipvs_mdules="ip_vs ip_vs_lc ip_vs_wlc ip_vs_rr ip_vs_wrr ip_vs_lblc ip_vs_lblcr ip_vs_dh ip_vs_sh ip_vs_nq ip_vs_sed ip_vs_ftp nf_conntrack"
for kernel_module in ${ipvs_modules}; do
/sbin/modinfo -F filename ${kernel_module} >/dev/null 2>&1
if [ 0 -eq 0 ]; then
/sbin/modprobe ${kernel_module}
fi
done
☑️ 安装 iptables:yum install iptables-services -y
systemctl stop iptables && systemctl disable iptables
iptables -F
☑️ 安装 docker 服务: Docker
☑️ CRI(容器运行时)
-
cri-docker(配置cri-docker使kubernetes1.24以docker作为运行时 - 萌褚 - 博客园 (cnblogs.com)
# https://github.com/Mirantis/cri-dockerd/tags
[root@anyu967node1 Package]# cp cri-dockerd/cri-dockerd /usr/bin/
cat <<EOF > /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF
[root@anyu967node1 Package]# sysctl -p /etc/sysctl.d/k8s.conf
# cri-docker.service
[root@vms41 ~]# cat /usr/lib/systemd/system/cri-docker.service
[Unit]
Description=CRI Interface for Docker Application Container Engine
Documentation=https://docs.mirantis.com
After=network-online.target firewalld.service docker.service
Wants=network-online.target
Requires=cri-docker.socket
[Service]
Type=notify
ExecStart=/usr/bin/cri-dockerd --network-plugin=cni --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.7
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always
StartLimitBurst=3
StartLimitInterval=60s
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
TasksMax=infinity
Delegate=yes
KillMode=process
[Install]
WantedBy=multi-user.target
# cri-docker.socket
[root@anyu967node1 Package]# cat /usr/lib/systemd/system/cri-docker.socket
[Unit]
Description=CRI Docker Socket for the API
PartOf=cri-docker.service
[Socket]
ListenStream=%t/cri-dockerd.sock
SocketMode=0660
SocketUser=root
SocketGroup=docker
[Install]
WantedBy=sockets.target
[root@anyu967node1 Package]# kubeadm init --image-repository registry.aliyuncs.com/google_containers --kubernetes-version=v1.24.1 --pod-network-cidr=10.244.0.0/16 --cri-socket /var/run/cri-dockerd.sock -
containerd
# 安装 containerd
[root@anyu967node1 Package]# yum install containerd
# 配置 containerd
[root@anyu967node1 Package]# containerd config default > /etc/containerd/config.toml
[root@anyu967node1 Package]# vim /etc/containerd/config.toml
# SystemdCgroup = false 改为 SystemdCgroup = true
# sandbox_image = "k8s.gcr.io/pause:3.6" 改为 sandbox_image="registry.aliyuncs.com/google_containers/pause:3.7"
cat > /etc/crictl.yaml <<EOF
runtime-endpoint: unix:///run/containerd/containerd.sock
image-endpoint: unix:///run/containerd/containerd.sock
timeout: 10
debug: false
EOF
# 配置containerd镜像加速器
[root@anyu967node1 Package]# vim /etc/containerd/config.toml
config_path = "/etc/containerd/certs.d"
[root@anyu967node1 Package]# mkdir /etc/containerd/certs.d/docker.io/ -p
[root@anyu967node1 Package]# vim /etc/containerd/certs.d/docker.io/hosts.toml
[host."https://vh3bm52y.mirror.aliyuncs.com",host."https://registry.docker-cn.com"]
capabilities = ["pull"]
作者介绍
