Kubernetes Linux机器预置docker环境

Jax_u90b9

已于 2022-08-01 11:36:56 修改

阅读量460

点赞数

分类专栏：运维 Centos7 docker 文章标签： linux kubernetes 运维

于 2022-07-29 17:24:28 首次发布

本文链接：https://blog.csdn.net/qq_38723394/article/details/126055514

版权

运维同时被 3 个专栏收录

4 篇文章 0 订阅

订阅专栏

docker

4 篇文章 0 订阅

订阅专栏

Centos7

2 篇文章 0 订阅

订阅专栏

1 安装yum源及必备工具

[root@localhost ~]#  curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo

[root@localhost ~]# yum install lrzsz wget jq psmisc vim net-tools telnet yum-utils device-mapper-persistent-data lvm2 git -y

[root@localhost ~]#  yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo

# 如果报签名错误
[root@localhost ~]#  vim /etc/yum.repos.d/CentOS-Base.repo把其中的gpgcheck值改为0；如果还报错yum命令后加上参数  --nogpgcheck  (跳过验证) 。

2 关闭firewalld 、dnsmasq、selinux(CentOS7需要关闭NetworkManager，CentOS8不需要)

[root@localhost ~]#  systemctl disable --now firewalld
[root@localhost ~]#  systemctl disable --now dnsmasq
[root@localhost ~]#  systemctl disable --now NetworkManager
[root@localhost ~]#  setenforce 0
[root@localhost ~]#  sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/sysconfig/selinux
[root@localhost ~]#  sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/selinux/config

3 关闭swap分区，fstab注释swa

[root@localhost ~]#  swapoff -a && sysctl -w vm.swappiness=0
vm.swappiness = 0
[root@localhost ~]# sed -ri '/^[^#]*swap/s@^@#@' /etc/fstab

# 查看swap分区
[root@localhost ~]# free -m
              total        used        free      shared  buff/cache   available
Mem:           1819         230        1072           9         516        1426
Swap:             0           0           0

4 修改主机名及配置hosts

## 修改主机名
[root@localhost ~]# hostnamectl set-hostname k8s-master01

## 配置hosts映射
[root@localhost ~]# vim /etc/hosts

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

## 上面是原有的不要删除 在下面添加
192.168.18.143 k8s-master01

5 同步时间

# 安装ntpdate
[root@k8s-master01 ~]# rpm -ivh http://mirrors.wlnmp.com/centos/wlnmp-release-centos.noarch.rpm
Retrieving http://mirrors.wlnmp.com/centos/wlnmp-release-centos.noarch.rpm
Preparing...                          ################################# [100%]
Updating / installing...
   1:wlnmp-release-centos-2-1         ################################# [100%]
   
[root@k8s-master01 ~]# yum install ntpdate -y

# 所有节点同步时间配置如下：
[root@k8s-master01 ~]# ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime

[root@k8s-master01 ~]# echo 'Asia/Shanghai' >/etc/timezone

[root@k8s-master01 ~]# ntpdate time2.aliyun.com
15 Jan 18:08:18 ntpdate[12682]: adjust time server 203.107.6.88 offset 0.001383 sec

# 加入到crontab
[root@k8s-master01 ~]# crontab -e
# 添加如下定时任务： */5 * * * * /usr/sbin/ntpdate time2.aliyun.com

# 重启 crond 服务
[root@k8s-master01 ~]# service crond restart
Redirecting to /bin/systemctl restart crond.service

6 配置limit

[root@k8s-master01 ~]# ulimit -SHn 65535
[root@k8s-master01 ~]# vim /etc/security/limits.conf
# 末尾添加如下内容(大写的GG 跳到文件末尾)
* soft nofile 65536
* hard nofile 131072
* soft nproc 65535
* hard nproc 655350
* soft memlock unlimited
* hard memlock unlimited

7 配置免密登陆(非必须)

[root@k8s-master01 ~]# ssh-keygen -t rsa
# 一路回车，不输入密码
# 然后把生成的 ssh 公钥文件安装到远程主机对应的账户 比如这里配置本机免密登陆：
[root@k8s-master01 ~]# ssh-copy-id -i .ssh/id_rsa.pub k8s-master01
# 输入yes 然后输入一次root密码
# 多个节点空格隔开
[root@k8s-master01 ~]# for i in 192.168.18.143 192.168.18.144;do ssh-copy-id -i .ssh/id_rsa.pub $i;done

8 升级内核（CentOS7 需要升级内核至4.18+，本地升级的版本为4.19）

安装的Centos7 默认内核版本3.10，安装K8S集群做环境搭建，查看官方介绍，CentOS7 需要升级内核至4.18+，本次升级的版本为4.19(阿里云盘下载)：

## 查看内核版本
[root@k8s-master01 ~]# uname -srm
## 在线下载安装4.19(或者使用上面阿里云盘下载)
[root@k8s-master01 ~]# cd /root
[root@k8s-master01 ~]# wget http://193.49.22.109/elrepo/kernel/el7/x86_64/RPMS/kernel-ml-devel-4.19.12-1.el7.elrepo.x86_64.rpm
[root@k8s-node01 ~]# wget http://193.49.22.109/elrepo/kernel/el7/x86_64/RPMS/kernel-ml-4.19.12-1.el7.elrepo.x86_64.rpm
# 拷贝到其他需要升级的linux机器
[root@k8s-master01 ~]# for i in ip1.XXX ip2.XXX;do scp kernel-ml-4.19.12-1.el7.elrepo.x86_64.rpm kernel-ml-devel-4.19.12-1.el7.elrepo.x86_64.rpm $i:/root/ ; done
# 安装内核 等待完成安装
[root@k8s-node01 ~]# cd /root && yum localinstall -y kernel-ml*
# 更改内核启动顺序
[root@k8s-master01 ~]# grub2-set-default  0 && grub2-mkconfig -o /etc/grub2.cfg
[root@k8s-master01 ~]# grubby --args="user_namespace.enable=1" --update-kernel="$(grubby --default-kernel)"
# 检查默认内核是不是4.19 
[root@k8s-master01 ~]# grubby --default-kernel
/boot/vmlinuz-4.19.12-1.el7.elrepo.x86_64

9 安装ipvsadm

[root@k8s-master01 ~]# yum install ipvsadm ipset sysstat conntrack libseccomp -y
# 配置ipvs模块，在内核4.19+版本nf_conntrack_ipv4已经改为nf_conntrack
[root@k8s-master01 ~]# vim /etc/modules-load.d/ipvs.conf
ip_vs
ip_vs_lc
ip_vs_wlc
ip_vs_rr
ip_vs_wrr
ip_vs_lblc
ip_vs_lblcr
ip_vs_dh
ip_vs_sh
ip_vs_fo
ip_vs_nq
ip_vs_sed
ip_vs_ftp
ip_vs_sh
nf_conntrack
ip_tables
ip_set
xt_set
ipt_set
ipt_rpfilter
ipt_REJECT
ipip

配置完成后执行如下操作：

[root@k8s-master01 ~]# systemctl enable --now systemd-modules-load.service

10 开启一些k8s集群中必须的内核参数

cat <<EOF > /etc/sysctl.d/k8s.conf
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
fs.may_detach_mounts = 1
vm.overcommit_memory=1
net.ipv4.conf.all.route_localnet = 1

vm.panic_on_oom=0
fs.inotify.max_user_watches=89100
fs.file-max=52706963
fs.nr_open=52706963
net.netfilter.nf_conntrack_max=2310720

net.ipv4.tcp_keepalive_time = 600
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.tcp_keepalive_intvl =15
net.ipv4.tcp_max_tw_buckets = 36000
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_max_orphans = 327680
net.ipv4.tcp_orphan_retries = 3
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.ip_conntrack_max = 65536
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_timestamps = 0
net.core.somaxconn = 16384
EOF
sysctl --syste

配置完内核后，重启服务器，保证重启后内核依旧加载

[root@k8s-master01 ~]# reboot
[root@k8s-master01 ~]# lsmod | grep --color=auto -e ip_vs -e nf_conntrack
ip_vs_ftp              16384  0 
nf_nat                 32768  1 ip_vs_ftp
ip_vs_sed              16384  0 
ip_vs_nq               16384  0 
ip_vs_fo               16384  0 
ip_vs_sh               16384  0 
ip_vs_dh               16384  0 
ip_vs_lblcr            16384  0 
ip_vs_lblc             16384  0 
ip_vs_wrr              16384  0 
ip_vs_rr               16384  0 
ip_vs_wlc              16384  0 
ip_vs_lc               16384  0 
ip_vs                 151552  25 ip_vs_wlc,ip_vs_rr,ip_vs_dh,ip_vs_lblcr,ip_vs_sh,ip_vs_fo,ip_vs_nq,ip_vs_lblc,ip_vs_wrr,ip_vs_lc,ip_vs_sed,ip_vs_ftp
nf_conntrack          143360  2 nf_nat,ip_vs
nf_defrag_ipv6         20480  1 nf_conntrack
nf_defrag_ipv4         16384  1 nf_conntrack
libcrc32c              16384  4 nf_conntrack,nf_nat,xfs,ip_vs

11 安装docker

安装docker-ce-20.10 社区版：

[root@k8s-master01 ~]# yum install docker-ce-20.10.* docker-cli-20.10.* -y

由于新版kubelet建议使用systemd，所以需要把docker的CgroupDriver改成systemd

[root@k8s-master01 ~]# mkdir /etc/docker
[root@k8s-master01 ~]# vim /etc/docker/daemon.json
{
  "exec-opts": ["native.cgroupdriver=systemd"],
  "registry-mirrors": ["https://lc37ku91.mirror.aliyuncs.com"],
  "max-concurrent-downloads": 10,
  "max-concurrent-uploads": 5,
  "log-opts": {
                "max-size": "500m",
                "max-file": "3"
              },
  "live-restore": true
}

registry-mirrors：根据自己的阿里云镜像仓库修改代理地址
max-concurrent-downloads：最大并发下载线程数
max-concurrent-uploads：最大并发上传线程数
log-opts 日志配置 -> max-size 最大500m进行切割只保留3份(根据实际情况修改)
live-restore：开启守护进程

设置开机自启动Docker:

[root@k8s-master01 ~]# systemctl daemon-reload && systemctl enable --now docker && systemctl restart docker
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.

Kubernetes Linux机器预置环境准备完成!!!