1 安装yum源及必备工具
[root@localhost ~]# curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
[root@localhost ~]# yum install lrzsz wget jq psmisc vim net-tools telnet yum-utils device-mapper-persistent-data lvm2 git -y
[root@localhost ~]# yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo
# 如果报签名错误
[root@localhost ~]# vim /etc/yum.repos.d/CentOS-Base.repo把其中的gpgcheck值改为0;如果还报错yum命令后加上参数 --nogpgcheck (跳过验证) 。
2 关闭firewalld 、dnsmasq、selinux(CentOS7需要关闭NetworkManager,CentOS8不需要)
[root@localhost ~]# systemctl disable --now firewalld
[root@localhost ~]# systemctl disable --now dnsmasq
[root@localhost ~]# systemctl disable --now NetworkManager
[root@localhost ~]# setenforce 0
[root@localhost ~]# sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/sysconfig/selinux
[root@localhost ~]# sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/selinux/config
3 关闭swap分区,fstab注释swa
[root@localhost ~]# swapoff -a && sysctl -w vm.swappiness=0
vm.swappiness = 0
[root@localhost ~]# sed -ri '/^[^#]*swap/s@^@#@' /etc/fstab
# 查看swap分区
[root@localhost ~]# free -m
total used free shared buff/cache available
Mem: 1819 230 1072 9 516 1426
Swap: 0 0 0
4 修改主机名及配置hosts
## 修改主机名
[root@localhost ~]# hostnamectl set-hostname k8s-master01
## 配置hosts映射
[root@localhost ~]# vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
## 上面是原有的不要删除 在下面添加
192.168.18.143 k8s-master01
5 同步时间
# 安装ntpdate
[root@k8s-master01 ~]# rpm -ivh http://mirrors.wlnmp.com/centos/wlnmp-release-centos.noarch.rpm
Retrieving http://mirrors.wlnmp.com/centos/wlnmp-release-centos.noarch.rpm
Preparing... ################################# [100%]
Updating / installing...
1:wlnmp-release-centos-2-1 ################################# [100%]
[root@k8s-master01 ~]# yum install ntpdate -y
# 所有节点同步时间配置如下:
[root@k8s-master01 ~]# ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
[root@k8s-master01 ~]# echo 'Asia/Shanghai' >/etc/timezone
[root@k8s-master01 ~]# ntpdate time2.aliyun.com
15 Jan 18:08:18 ntpdate[12682]: adjust time server 203.107.6.88 offset 0.001383 sec
# 加入到crontab
[root@k8s-master01 ~]# crontab -e
# 添加如下定时任务: */5 * * * * /usr/sbin/ntpdate time2.aliyun.com
# 重启 crond 服务
[root@k8s-master01 ~]# service crond restart
Redirecting to /bin/systemctl restart crond.service
6 配置limit
[root@k8s-master01 ~]# ulimit -SHn 65535
[root@k8s-master01 ~]# vim /etc/security/limits.conf
# 末尾添加如下内容(大写的GG 跳到文件末尾)
* soft nofile 65536
* hard nofile 131072
* soft nproc 65535
* hard nproc 655350
* soft memlock unlimited
* hard memlock unlimited
7 配置免密登陆(非必须)
[root@k8s-master01 ~]# ssh-keygen -t rsa
# 一路回车,不输入密码
# 然后把生成的 ssh 公钥文件安装到远程主机对应的账户 比如这里配置本机免密登陆:
[root@k8s-master01 ~]# ssh-copy-id -i .ssh/id_rsa.pub k8s-master01
# 输入yes 然后输入一次root密码
# 多个节点空格隔开
[root@k8s-master01 ~]# for i in 192.168.18.143 192.168.18.144;do ssh-copy-id -i .ssh/id_rsa.pub $i;done
8 升级内核(CentOS7 需要升级内核至4.18+,本地升级的版本为4.19)
安装的Centos7 默认内核版本3.10,安装K8S集群做环境搭建,查看官方介绍,CentOS7 需要升级内核至4.18+,本次升级的版本为4.19(阿里云盘下载):
## 查看内核版本
[root@k8s-master01 ~]# uname -srm
## 在线下载安装4.19(或者使用上面阿里云盘下载)
[root@k8s-master01 ~]# cd /root
[root@k8s-master01 ~]# wget http://193.49.22.109/elrepo/kernel/el7/x86_64/RPMS/kernel-ml-devel-4.19.12-1.el7.elrepo.x86_64.rpm
[root@k8s-node01 ~]# wget http://193.49.22.109/elrepo/kernel/el7/x86_64/RPMS/kernel-ml-4.19.12-1.el7.elrepo.x86_64.rpm
# 拷贝到其他需要升级的linux机器
[root@k8s-master01 ~]# for i in ip1.XXX ip2.XXX;do scp kernel-ml-4.19.12-1.el7.elrepo.x86_64.rpm kernel-ml-devel-4.19.12-1.el7.elrepo.x86_64.rpm $i:/root/ ; done
# 安装内核 等待完成安装
[root@k8s-node01 ~]# cd /root && yum localinstall -y kernel-ml*
# 更改内核启动顺序
[root@k8s-master01 ~]# grub2-set-default 0 && grub2-mkconfig -o /etc/grub2.cfg
[root@k8s-master01 ~]# grubby --args="user_namespace.enable=1" --update-kernel="$(grubby --default-kernel)"
# 检查默认内核是不是4.19
[root@k8s-master01 ~]# grubby --default-kernel
/boot/vmlinuz-4.19.12-1.el7.elrepo.x86_64
9 安装ipvsadm
[root@k8s-master01 ~]# yum install ipvsadm ipset sysstat conntrack libseccomp -y
# 配置ipvs模块,在内核4.19+版本nf_conntrack_ipv4已经改为nf_conntrack
[root@k8s-master01 ~]# vim /etc/modules-load.d/ipvs.conf
ip_vs
ip_vs_lc
ip_vs_wlc
ip_vs_rr
ip_vs_wrr
ip_vs_lblc
ip_vs_lblcr
ip_vs_dh
ip_vs_sh
ip_vs_fo
ip_vs_nq
ip_vs_sed
ip_vs_ftp
ip_vs_sh
nf_conntrack
ip_tables
ip_set
xt_set
ipt_set
ipt_rpfilter
ipt_REJECT
ipip
配置完成后 执行如下操作:
[root@k8s-master01 ~]# systemctl enable --now systemd-modules-load.service
10 开启一些k8s集群中必须的内核参数
cat <<EOF > /etc/sysctl.d/k8s.conf
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
fs.may_detach_mounts = 1
vm.overcommit_memory=1
net.ipv4.conf.all.route_localnet = 1
vm.panic_on_oom=0
fs.inotify.max_user_watches=89100
fs.file-max=52706963
fs.nr_open=52706963
net.netfilter.nf_conntrack_max=2310720
net.ipv4.tcp_keepalive_time = 600
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.tcp_keepalive_intvl =15
net.ipv4.tcp_max_tw_buckets = 36000
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_max_orphans = 327680
net.ipv4.tcp_orphan_retries = 3
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.ip_conntrack_max = 65536
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_timestamps = 0
net.core.somaxconn = 16384
EOF
sysctl --syste
配置完内核后,重启服务器,保证重启后内核依旧加载
[root@k8s-master01 ~]# reboot
[root@k8s-master01 ~]# lsmod | grep --color=auto -e ip_vs -e nf_conntrack
ip_vs_ftp 16384 0
nf_nat 32768 1 ip_vs_ftp
ip_vs_sed 16384 0
ip_vs_nq 16384 0
ip_vs_fo 16384 0
ip_vs_sh 16384 0
ip_vs_dh 16384 0
ip_vs_lblcr 16384 0
ip_vs_lblc 16384 0
ip_vs_wrr 16384 0
ip_vs_rr 16384 0
ip_vs_wlc 16384 0
ip_vs_lc 16384 0
ip_vs 151552 25 ip_vs_wlc,ip_vs_rr,ip_vs_dh,ip_vs_lblcr,ip_vs_sh,ip_vs_fo,ip_vs_nq,ip_vs_lblc,ip_vs_wrr,ip_vs_lc,ip_vs_sed,ip_vs_ftp
nf_conntrack 143360 2 nf_nat,ip_vs
nf_defrag_ipv6 20480 1 nf_conntrack
nf_defrag_ipv4 16384 1 nf_conntrack
libcrc32c 16384 4 nf_conntrack,nf_nat,xfs,ip_vs
11 安装docker
安装docker-ce-20.10 社区版:
[root@k8s-master01 ~]# yum install docker-ce-20.10.* docker-cli-20.10.* -y
由于新版kubelet建议使用systemd,所以需要把docker的CgroupDriver改成systemd
[root@k8s-master01 ~]# mkdir /etc/docker
[root@k8s-master01 ~]# vim /etc/docker/daemon.json
{
"exec-opts": ["native.cgroupdriver=systemd"],
"registry-mirrors": ["https://lc37ku91.mirror.aliyuncs.com"],
"max-concurrent-downloads": 10,
"max-concurrent-uploads": 5,
"log-opts": {
"max-size": "500m",
"max-file": "3"
},
"live-restore": true
}
- registry-mirrors:根据自己的阿里云镜像仓库修改代理地址
- max-concurrent-downloads:最大并发下载线程数
- max-concurrent-uploads:最大并发上传线程数
- log-opts 日志配置 -> max-size 最大500m进行切割 只保留3份(根据实际情况修改)
- live-restore:开启守护进程
设置开机自启动Docker:
[root@k8s-master01 ~]# systemctl daemon-reload && systemctl enable --now docker && systemctl restart docker
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
Kubernetes Linux机器预置环境准备完成!!!