目录
9、设置 rsyslogd 和 systemd journald
一、环境准备
| 角色 | IP |
|---|---|
| master1 | 10.0.0.11 |
| node1 | 10.0.0.20 |
| node2 | 10.0.0.21 |
| harbor | 10.0.0.12 |
1、设置系统主机名及hosts解析
#修改主机名
[root@k8s-master ~]# hostnamectl set-hostname k8s-master01
#配置hosts解析
[root@k8s-master01 ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.0.0.11 k8s-master01
10.0.0.20 k8s-node01
10.0.0.21 k8s-node02
10.0.0.12 harbor
#拷贝hosts文件置其他服务器
[root@k8s-master01 ~]# scp /etc/hosts root@10.0.0.20:/etc/hosts
[root@k8s-master01 ~]# scp /etc/hosts root@10.0.0.21:/etc/hosts
[root@k8s-master01 ~]# scp /etc/hosts root@10.0.0.12:/etc/hosts2、安装相关依赖包
[root@k8s-master01 ~]# curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
[root@k8s-master01 ~]# yum install -y conntrack ntpdate ntp ipvsadm ipset jq iptables curl sysstat libseccomp wget vim net-tools git3、设置防火墙为iptables并设置空规则
[root@k8s-master01 ~]# systemctl stop firewalld && systemctl disable firewalld
[root@k8s-master01 ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:firewalld(1)
[root@k8s-master01 ~]# yum install -y iptables-services && systemctl start iptables && systemctl enable iptables &&iptables -F && service iptables save4、关闭swap及selinux
K8s初始化init时,会检测swap分区有没有关闭,如果虚拟内存开启,容器pod就可能会放置在虚拟内存中运行,会大大降低运行效率
#关闭swap,
[root@k8s-master01 ~]# swapoff -a && sed -r -i '/swap/s@(.*)@#\1@g' /etc/fstab
#关闭selinux
[root@k8s-master01 ~]# setenforce 0 && sed -i 's#^SELINUX=.*#SELINUX=disabled#g' /etc/selinux/config
setenforce: SELinux is disabled
[root@k8s-master01 ~]# getenforce
Disabled5、升级内核为4.4
#安装完成后检查 /boot/grub2/grub.cfg 中对应内核 menuentry 中是否包含 initrd16 配置,如果没有,再安装一次!
[root@k8s-master01 ~]# rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm
[root@k8s-master01 ~]# yum --enablerepo=elrepo-kernel install -y kernel-lt
#设置开机从新内核启动
[root@k8s-master01 ~]# grub2-set-default "CentOS Linux (4.4.182-1.el7.elrepo.x86_64) 7 (Core)"
#重启
[root@k8s-master01 ~]# reboot
[root@k8s-master01 ~]# uname -r
4.4.212-1.el7.elrepo.x86_646、调整内核参数
cat > /etc/sysctl.d/kubernetes.conf <<EOF
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1
net.ipv4.ip_forward=1
net.ipv4.tcp_tw_recycle=0
vm.swappiness=0 # 禁止使用 swap 空间,只有当系统 OOM 时才允许使用它
vm.overcommit_memory=1 # 不检查物理内存是否够用
vm.panic_on_oom=0 # 开启OOM
fs.inotify.max_user_instances=8192
fs.inotify.max_user_watches=1048576
fs.file-max=52706963
fs.nr_open=52706963
net.ipv6.conf.all.disable_ipv6=1
net.netfilter.nf_conntrack_max=2310720
EOF
#使配置生效
[root@k8s-master01 ~]# sysctl -p /etc/sysctl.d/kubernetes.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
net.ipv4.tcp_tw_recycle = 0
vm.swappiness = 0 # 禁止使用 swap 空间,只有当系统 OOM 时才允许使用它
vm.overcommit_memory = 1 # 不检查物理内存是否够用
vm.panic_on_oom = 0 # 开启OOM
fs.inotify.max_user_instances = 8192
fs.inotify.max_user_watches = 1048576
fs.file-max = 52706963
fs.nr_open = 52706963
net.ipv6.conf.all.disable_ipv6 = 1
sysctl: cannot stat /proc/sys/net/netfilter/nf_conntrack_max: No such file or directory7、调整系统时区
#设置系统时区为中国/上海
[root@k8s-master01 ~]# timedatectl set-timezone Asia/Shanghai
#将当前的 UTC 时间写入硬件时钟
[root@k8s-master01 ~]# timedatectl set-local-rtc 0
#重启依赖于系统时间的服务
[root@k8s-master01 ~]# systemctl restart rsyslog && systemctl restart crond8、关闭不需要的服务
[root@k8s-master01 ~]# systemctl stop postfix && systemctl disable postfix9、设置 rsyslogd 和 systemd journald
#持久化保存日志的目录
[root@k8s-master01 ~]# mkdir /var/log/journal
[root@k8s-master01 ~]# mkdir /etc/systemd/journald.conf.d
#配置文件
cat > /etc/systemd/journald.conf.d/99-prophet.conf <<EOF
[Journal]
#持久化保存到磁盘
Storage=persistent
# 压缩历史日志
Compress=yes
SyncIntervalSec=5m
RateLimitInterval=30s
RateLimitBurst=1000
# 最大占用空间10G
SystemMaxUse=10G
# 单日志文件最大200M
SystemMaxFileSize=200M
# 日志保存时间 2 周
MaxRetentionSec=2week
# 不将日志转发到 syslog
ForwardToSyslog=no
EOF
#重启journald配置
[root@k8s-master01 ~]# systemctl restart systemd-journald二、kube-proxy开启ipvs的前置
#加载netfilter模块
[root@k8s-master01 ~]# modprobe br_netfilter
#添加配置文件
cat > /etc/sysconfig/modules/ipvs.modules <<EOF
#!/bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4
EOF
#赋予权限并引导
[root@k8s-master01 ~]# chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules &&lsmod | grep -e ip_vs -e nf_conntrack_ipv4
nf_conntrack_ipv4 20480 0
nf_defrag_ipv4 16384 1 nf_conntrack_ipv4
ip_vs_sh 16384 0
ip_vs_wrr 16384 0
ip_vs_rr 16384 0
ip_vs 147456 6 ip_vs_rr,ip_vs_sh,ip_vs_wrr
nf_conntrack 114688 2 ip_vs,nf_conntrack_ipv4
libcrc32c 16384 2 xfs,ip_vs三、所有节点安装docker安装
#docker依赖
[root@k8s-master01 ~]# yum install -y yum-utils device-mapper-persistent-data lvm2
#导入阿里云的docker-ce仓库
[root@k8s-master01 ~]# yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
#更新系统安装docker-ce
[root@k8s-master01 ~]# yum update -y && yum install -y docker-ce
#配置文件
[root@k8s-master01 ~]# mkdir /etc/docker -p
[root@k8s-master01 ~]# mkdir -p /etc/systemd/system/docker.service.d
cat > /etc/docker/daemon.json <<EOF
{
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
}
}
EOF
#启动docker
[root@k8s-master01 ~]# systemctl daemon-reload && systemctl start docker && systemctl enable docker四、kubeadm安装
#导入阿里云的YUM仓库
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
#在每个节点安装kubeadm(初始化工具)、kubectl(命令行管理工具)、kubelet
最低0.47元/天 解锁文章
1万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
