一、建立k8s集群
1、官网安装:
2、开始
1.防火墙
关闭防火墙:
systemctl stop firewalld.service.
开启防火墙:
systemctl start firewalld.service
关闭开机启动:
systemctl disable firewalld.service
- 关闭selinux
# 将 SELinux 设置为 permissive 模式(相当于将其禁用)
sudo setenforce 0
sudo sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
- 切换到root
sudo su
- 修改主机名称
hostnamectl set-hostname xxxxx
- 关闭 swap
swapoff -a
vim /etc/fstab
#
# /etc/fstab
# Created by anaconda on Sun Mar 13 12:51:19 2022
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/cl-root / xfs defaults 0 0
UUID=f724164d-a1bc-412e-b119-fb07aab95643 /boot xfs defaults 0 0
/dev/mapper/cl-home /home xfs defaults 0 0
#/dev/mapper/cl-swap swap swap defaults 0 0
将 带有swap那行注释掉
6.修改本机名和添加其它节点的主机名
yum install vim -y
vim /etc/hosts
添加如下内容
192.168.x.x k8s-master-1
192.168.x.x k8s-node-1
7.修改内核参数和模块
转发 IPv4 并让 iptables 看到桥接流量
通过运行 lsmod | grep br_netfilter 来验证 br_netfilter 模块是否已加载。
若要显式加载此模块,请运行 sudo modprobe br_netfilter。
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
overlay
br_netfilter
EOF
sudo modprobe overlay
sudo modprobe br_netfilter
为了让 Linux 节点的 iptables 能够正确查看桥接流量,请确认 sysctl 配置中的 net.bridge.bridge-nf-call-iptables 设置为 1。例如:
# 设置所需的 sysctl 参数,参数在重新启动后保持不变
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
EOF
# 应用 sysctl 参数而不重新启动
sudo sysctl --system
3、安装 容器运行时
- 安装docker
官网安装
设置 Docker 国内镜像,并设置cgroupDriver
1.安装docker
yum update -y
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum -y install docker-ce-20.10.7 docker-ce-cli-20.10.7 containerd.io-1.4.6 docker-compose-plugin
systemctl start docker
systemctl status docker
systemctl enable docker
2.换成国内docker仓库
mkdir -p /etc/docker
touch /etc/docker/daemon.json
vim /etc/docker/daemon.json
添加如下内容
{
"exec-opts":["native.cgroupdriver=systemd"],
"registry-mirrors": ["https://2vgbfb0x.mirror.aliyuncs.com"]
}
- Docker服务的重启服务命令
systemctl restart docker
4.设置开机启动
systemctl enable docker
测试
docker run --name nginx-test -p 4000:80 -d nginx
5.卸载docker
- 查询docker安装包
yum list installed | grep docker
- 删除安装包
yum remove docker* -y
- 删除镜像/容器等
rm -rf /var/lib/docker
- 安装containerd (可选)
1.安装依赖
yum install -y yum-utils device-mapper-persistent-data lvm2
2.添加yum源
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
3.安装containerd
yum install containerd -y
4.生成配置文件
containerd config default > /etc/containerd/config.toml
5.替换 containerd 默认的 sand_box 镜像,编辑 /etc/containerd/config.toml
sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.2"
6.启动服务
systemctl restart containerd && systemctl enable containerd
7.配置 systemd cgroup 驱动程序
结合 runc 使用 systemd cgroup 驱动,在 /etc/containerd/config.toml 中设置
[plugins."io.con