环境规划:
主机名 |
角色 |
IP |
备注 |
centos1 |
control etcd work |
192.168.181.11 |
|
centos2 |
control etcd work |
192.168.181.12 |
|
centos3 |
control etcd work |
192.168.181.13 |
一、基础准备
docker-ce前期已安装好,版本为23.0.0,时区,时间同步已设置。
分别设置主机名
hostnamectl set-hostname centos1
hostnamectl set-hostname centos2
hostnamectl set-hostname centos3
配置主机名解析
cat >> /etc/hosts << EOF
192.168.181.11 centos1
192.168.181.12 centos2
192.168.181.13 centos3
EOF
升级Linux内核
rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
rpm -Uvh https://www.elrepo.org/elrepo-release-7.el7.elrepo.noarch.rpm
sed -i 's#elrepo.org/linux#mirrors.aliyun.com/elrepo#g' /etc/yum.repos.d/elrepo.repo
yum --disablerepo=\* --enablerepo=elrepo-kernel repolist
yum --disablerepo=\* --enablerepo=elrepo-kernel list kernel*
为保持稳定,安装长期支持版
yum --disablerepo=\* --enablerepo=elrepo-kernel install kernel-lt.x86_64 -y
设置默认启动
grub2-set-default 0
grub2-editenv list
关闭swap
sed -i '/ swap / s/^/#/' /etc/fstab
加载br_netfilter和ipvs模块
echo "br_netfilter" > /etc/modules-load.d/br_netfilter.conf
cat >/etc/modules-load.d/ipvs.conf <<EOF
ip_vs
ip_vs_lc
ip_vs_wlc
ip_vs_rr
ip_vs_wrr
ip_vs_lblc
ip_vs_lblcr
ip_vs_dh
ip_vs_sh
ip_vs_nq
ip_vs_sed
ip_vs_ftp
ip_vs_sh
nf_conntrack
ip_tables
ip_set
xt_set
ipt_set
ipt_rpfilter
ipt_REJECT
EOF
systemctl enable --now systemd-modules-load.service
设置内核参数
cat >/etc/sysctl.conf<<EOF
net.ipv4.tcp_keepalive_time=600
net.ipv4.tcp_keepalive_intvl=30
net.ipv4.tcp_keepalive_probes=10
net.ipv6.conf.all.disable_ipv6=1
net.ipv6.conf.default.disable_ipv6=1
net.ipv6.conf.lo.disable_ipv6=1
net.ipv4.neigh.default.gc_stale_time=120
net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0
net.ipv4.conf.default.arp_announce=2
net.ipv4.conf.lo.arp_announce=2
net.ipv4.conf.all.arp_announce=2
net.ipv4.ip_local_port_range= 45001 65000
net.ipv4.ip_forward=1
net.ipv4.tcp_max_tw_buckets=6000
net.ipv4.tcp_syncookies=1
net.ipv4.tcp_synack_retries=2
net.bridge.bridge-nf-call-ip6tables=1
net.bridge.bridge-nf-call-iptables=1
net.netfilter.nf_conntrack_max=2310720
net.ipv6.neigh.default.gc_thresh1=8192
net.ipv6.neigh.default.gc_thresh2=32768
net.ipv6.neigh.default.gc_thresh3=65536
net.core.netdev_max_backlog=16384
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.tcp_max_syn_backlog = 8096
net.core.somaxconn = 32768
fs.inotify.max_user_instances=8192
fs.inotify.max_user_watches=524288
fs.file-max=52706963
fs.nr_open=52706963
kernel.pid_max = 4194303
net.bridge.bridge-nf-call-arptables=1
vm.swappiness=0
vm.overcommit_memory=1
vm.panic_on_oom=0
vm.max_map_count = 262144
EOF
安装基础软件
yum makecache fast
yum install curl conntrack ipvsadm ipset iptables jq sysstat libseccomp rsync wget jq psmisc vim net-tools telnet -y
优化journald日志
mkdir -p /var/log/journal
mkdir -p /etc/systemd/journald.conf.d
cat > /etc/systemd/journald.conf.d/99-prophet.conf <<EOF
[Journal]
# 持久化保存到磁盘
Storage=persistent
# 压缩历史日志
Compress=yes
SyncIntervalSec=5m
RateLimitInterval=30s
RateLimitBurst=1000
# 最大占用空间 10G
SystemMaxUse=1G
# 单日志文件最大 200M
SystemMaxFileSize=10M
# 日志保存时间 2 周
MaxRetentionSec=2week
# 不将日志转发到 syslog
ForwardToSyslog=no
EOF
systemctl restart systemd-journald && systemctl enable systemd-journald
#重启
reboot
#重启服务器执行检查
lsmod | grep -e ip_vs -e nf_conntrack -e br_netfilter
安装cri-dockerd,适配docker-ce
下载地址: https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.1/cri-dockerd-0.3.1-3.el7.x86_64.rpm
设置开机启动:
systemctl enable --now cri-docker.service &&systemctl enable --now cri-docker.socket
下载kubernetes 1.26.1的二进制包和etcd 3.5.7
kubernetes下载地址:https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.26.md,本次下载的安装包为:kubernetes-server-linux-amd64.tar.gz
etcd下载地址:https://github.com/etcd-io/etcd/releases/download/v3.5.7/etcd-v3.5.7-linux-amd64.tar.gz
创建免密码ssh登陆,并复制安装包到其他服务器
仅在centos1执行
ssh-keygen -t rsa
ssh-copy-id root@centos2
ssh-copy-id root@centos3
scp kubernetes-server-linux-