硬件条件:
RHEL/CentOS系统或更多
每台机器2GB或更多RAM
每台机器2个CPU或更多CPU
每个节点的唯一主机名,MAC地址和product_uuid
保证端口未被占用,master端口:6443,2379-2380,10250,10251,10252 node端口:10250,30000-32767
资源分配:
节点 | ip | 服务 | 备注 |
---|---|---|---|
k8s01-test.mars.ljnode.com | 10.26.14.148 | Kubernetes API server,etcd server client AP,Kubelet API,kube-scheduler,kube-controller-manager | master |
k8s02-test.mars.ljnode.com | 10.26.14.233 | Kubelet API,NodePort Services** | node |
k8s03-test.mars.ljnode.com | 10.26.14.217 | Kubelet API,NodePort Services** | node |
机器初始化
为了让docker能够启动,对我司腾讯云机器内核模块加载配置进行修改
vim /etc/modprobe.d/blacklist.conf
注释掉下面内容:
#blacklist nf_conntrack
#blacklist nf_conntrack_ipv6
#blacklist xt_conntrack
#blacklist nf_conntrack_ftp
#blacklist xt_state
#blacklist iptable_nat
#blacklist ipt_REDIRECT
#blacklist nf_nat
#blacklist nf_conntrack_ipv4
vim /etc/modprobe.d/connectiontracking.conf 注释掉文件所有内容
为了能让kubernetes很好的运行,需要把swap关闭
swapoff -a
禁用SELINUX
setenforce 0
sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
关闭防火墙
systemctl stop firewalld
systemctl disable firewalld
确认一下iptables filter表中FOWARD链的默认策略(pllicy)为ACCEPT。
[root@k8s01-test gaoyaohua001]# iptables -nvL
Chain INPUT (po