xiaojizhi2023

V1

2023/03/05阅读:31主题:默认主题

kubernetes部署之一

Kubernetes 搭建之一

初始化环境

☑️ 设置主机名:hostnamectl set-hostname anyu967master1 && bash

☑️ VMware 克隆改 UUID:uuidgen 命令; nmcli connection show; nmcli device show ens33

☑️ 域名解析:vim /etc/hosts

☑️ 配置免密登录:ssh-keygen ssh-copy-id -i ~/.ssh/id_rsa.pub hostname 或者 user@ip

☑️ 关闭 swap:swapoff -a vim /etc/fstab 克隆的虚拟机需删除 UUID

☑️ 修改内核参数:

  • modprobe br_netfilter lsmod |grep br_netfilter

  • vim /etc/sysctl.d/k8s.conf

    cat > /etc/sysctl.d/k8s.conf <<EOF
    net.bridge.bridge-nf-call-ip6tables = 1
    net.bridge.bridge-nf-call-iptables = 1
    net.ipv4.ip_forward = 1
    EOF

    sysctl -p /etc/sysctl.d/k8s.conf

☑️ 配置防火墙:

systemctl stop firewalld && systemctl disable firewalld sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config

☑️ 配置 yum 源:

# CentOS-Base.repo
wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo

# epel.repo
wget -O /etc/yum.repos.d/epel.repo https://mirrors.aliyun.com/repo/epel-7.repo

# docker-ce.repo
sudo yum install -y yum-utils device-mapper-persistent-data lvm2
sudo yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

# install
sudo yum -y install wget net-tools nfs-utils lrzsz gcc gcc-c++ make cmake libxml2-devel \
openssl-devel curl curl-devel unzip sudo ntp libaio-devel wget vim ncurses-devel \
autoconf automake zlib-devel python-devel epel-release openssh-server socat ipvsadm \
conntrack ntpdate yum-utils device-mapper-persistent-data lvm2

# kubernetes.repo
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

setenforce 0
yum install -y kubelet kubeadm kubectl
systemctl enable kubelet && systemctl start kubelet

☑️ 时间同步:yum install ntpdate -y ntpdate cn.pool.ntp.org * */1 * * * /usr/sbin/ntpdate cn.pool.ntp.org

☑️ 开启 ipvs(IP Virtual Server):

# IPVS基本上是一种高效的Layer-4交换机,它提供负载平衡的功能。
# https://www.cnblogs.com/hongdada/p/9758939.html
# ipvs 和 iptables 基于netfilter实现的,ipvs采用hash
  # 1、ipvs为大型集群提供了更好的可扩展性和性能;
  # 2、ipvs 支持比 iptables更复杂的负载均衡算法(rr-轮询调度、lc-最小连接数、dh-目标哈希、sh-源哈希、sed-最短期望延迟、nq-不排队调度)
  # 3、ipvs 支持服务器健康检查和连接重试等

/etc/sysconfig/modules
#!/bin/sh
ipvs_mdules="ip_vs ip_vs_lc ip_vs_wlc ip_vs_rr ip_vs_wrr ip_vs_lblc ip_vs_lblcr ip_vs_dh ip_vs_sh ip_vs_nq ip_vs_sed ip_vs_ftp nf_conntrack"
for kernel_module in ${ipvs_modules}do
    /sbin/modinfo -F filename ${kernel_module} >/dev/null 2>&1
    if [ 0 -eq 0 ]; then
        /sbin/modprobe ${kernel_module}
    fi
done

☑️ 安装 iptables:yum install iptables-services -y systemctl stop iptables && systemctl disable iptables iptables -F

☑️ 安装 docker 服务: Docker

☑️ CRI(容器运行时)

  • cri-docker(配置cri-docker使kubernetes1.24以docker作为运行时 - 萌褚 - 博客园 (cnblogs.com)

    # https://github.com/Mirantis/cri-dockerd/tags
    [root@anyu967node1 Package]# cp cri-dockerd/cri-dockerd /usr/bin/

    cat <<EOF > /etc/sysctl.d/k8s.conf
    net.bridge.bridge-nf-call-ip6tables = 1
    net.bridge.bridge-nf-call-iptables = 1
    net.ipv4.ip_forward = 1
    EOF

    [root@anyu967node1 Package]# sysctl -p /etc/sysctl.d/k8s.conf

    # cri-docker.service
    [root@vms41 ~]# cat /usr/lib/systemd/system/cri-docker.service
    [Unit]
    Description=CRI Interface for Docker Application Container Engine
    Documentation=https://docs.mirantis.com
    After=network-online.target firewalld.service docker.service
    Wants=network-online.target
    Requires=cri-docker.socket

    [Service]
    Type=notify
    ExecStart=/usr/bin/cri-dockerd --network-plugin=cni --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.7
    ExecReload=/bin/kill -s HUP $MAINPID
    TimeoutSec=0
    RestartSec=2
    Restart=always

    StartLimitBurst=3
    StartLimitInterval=60s

    LimitNOFILE=infinity
    LimitNPROC=infinity
    LimitCORE=infinity

    TasksMax=infinity
    Delegate=yes
    KillMode=process

    [Install]
    WantedBy=multi-user.target

    # cri-docker.socket
    [root@anyu967node1 Package]# cat /usr/lib/systemd/system/cri-docker.socket
    [Unit]
    Description=CRI Docker Socket for the API
    PartOf=cri-docker.service

    [Socket]
    ListenStream=%t/cri-dockerd.sock
    SocketMode=0660
    SocketUser=root
    SocketGroup=docker

    [Install]
    WantedBy=sockets.target

    [root@anyu967node1 Package]# kubeadm init --image-repository registry.aliyuncs.com/google_containers --kubernetes-version=v1.24.1 --pod-network-cidr=10.244.0.0/16 --cri-socket /var/run/cri-dockerd.sock
  • containerd

    # 安装 containerd
    [root@anyu967node1 Package]# yum install containerd

    # 配置 containerd
    [root@anyu967node1 Package]# containerd config default > /etc/containerd/config.toml
    [root@anyu967node1 Package]# vim /etc/containerd/config.toml
    # SystemdCgroup = false 改为 SystemdCgroup = true
    # sandbox_image = "k8s.gcr.io/pause:3.6" 改为 sandbox_image="registry.aliyuncs.com/google_containers/pause:3.7"

    cat > /etc/crictl.yaml <<EOF
    runtime-endpoint: unix:///run/containerd/containerd.sock
    image-endpoint: unix:///run/containerd/containerd.sock
    timeout: 10
    debug: false
    EOF

    # 配置containerd镜像加速器
    [root@anyu967node1 Package]# vim /etc/containerd/config.toml
    config_path = "/etc/containerd/certs.d"

    [root@anyu967node1 Package]# mkdir /etc/containerd/certs.d/docker.io/ -p
    [root@anyu967node1 Package]# vim /etc/containerd/certs.d/docker.io/hosts.toml
    [host."https://vh3bm52y.mirror.aliyuncs.com",host."https://registry.docker-cn.com"]
      capabilities = ["pull"]

分类:

后端

标签:

云计算

作者介绍

xiaojizhi2023
V1