镜像下载、域名解析、时间同步请点击 阿里云开源镜像站
一. 环境准备
1.1 配置yum阿里源
yum -y install wget
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.bak
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
yum clean all
yum makecache
1.2 关闭防火墙
# 查看防火墙状态
firewall-cmd --state
# 临时停止防火墙
systemctl stop firewalld.service
# 禁止防火墙开机启动
systemctl disable firewalld.service
1.3 关闭selinux
# 查看selinux状态
getenforce
# 临时关闭selinux
setenforce 0
# 永久关闭selinux
sed -i 's/^ *SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
1.4 关闭swap
# 临时关闭swap
swapoff -a
# 永久关闭swap
sed -i.bak '/swap/s/^/#/' /etc/fstab
# 查看
free -g
1.5 调整内核参数及模块
加载所需内核模块
cat <<EOF> /etc/modules-load.d/k8s.conf
br_netfilter
EOF
cat <<EOF> /etc/modules-load.d/containerd.conf
overlay
br_netfilter
EOF
modprobe overlay
modprobe br_netfilter
设置必需的 sysctl 参数,允许iptables检查桥接流量,这些参数在重新启动后仍然存在
cat <<EOF> /etc/sysctl.d/99-kubernetes-cri.conf
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-ip6tables = 1
EOF
# 应用 sysctl 参数而无需重新启动
sudo sysctl --system
1.6 开启ipvs
不开启ipvs将会使用iptables进行数据包转发,但是效率低,所以推荐开通ipvs,使用
cat <<EOF> /etc/sysconfig/modules/ipvs.modules
#!/bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4
EOF
# 加载模块
chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep -e ip_vs -e nf_conntrack_ipv4
# 安装了ipset软件包
yum install ipset -y
# 安装管理工具ipvsadm
yum install ipvsadm -y
1.7 同步服务器时间
yum install chrony -y
systemctl enable chronyd
systemctl start chronyd
[root@master ~]# chronyc sources
210 Number of sources = 4
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^- ntp.wdc1.us.leaseweb.net 2 9 201 329 -8125us[-8125us] +/- 264ms
^- ntp5.flashdance.cx 2 9 373 189 -43ms[ -43ms] +/- 223ms
^+ time.cloudflare.com 3 8 377 197 +38ms[ +38ms] +/- 121ms
^* 119.28.183.184 2 8 155 30m -8460us[ -13ms] +/- 67ms
[root@master ~]# date
2022年 03月 26日 星期六 15:11:32 CST
1.8 安装containerd
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
# 查看最新版本
yum list containerd --showduplicates | sort -r
yum install containerd -y
# 安装了`containerd.io-1.5.11-3.1.el7.x86_64`
containerd config default > /etc/containerd/config.toml
systemctl start containerd
systemctl enable containerd
配置
# 修改cgroups为systemd
sed -i 's#SystemdCgroup = false#SystemdCgroup = true#' /etc/containerd/config.toml
# 修改基础设施镜像
sed -i 's#sandbox_image = "k8s.gcr.io/pause:3.5"#sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.6"#' /etc/containerd/config.toml
systemctl daemon-reload
systemctl restart containerd
安装 CRI 客户端 crictl 选择版本 https://github.com/kubernetes-sigs/cri-tools/releases/
wget https://github.