环境准备
机器规划
机器主机名 | IP | 备注 | 机器信息 |
---|---|---|---|
master | 192.168.74.128 | master服务 | CentOS Linux release 7.5.1804 (Core) |
node1 | 192.168.74.129 | node1 | CentOS Linux release 7.5.1804 (Core) |
node2 | 192.168.74.130 | node2 | CentOS Linux release 7.5.1804 (Core) |
机名映射
[root@xxx ~]# vi /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.74.128 master
192.168.74.129 node1
192.168.74.130 node2
所有机器信息均需要配置主机和ip映射关系
关闭&禁用防火墙
running
[root@xxx ~]# systemctl stop firewalld
[root@xxx ~]# systemctl disable firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@xxx ~]# firewall-cmd --state
not running
关闭SELINUX
[root@xxx ~]# sed -i 's/enforcing/disabled/' /etc/selinux/config
[root@xxx ~]# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# disabled - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of disabled.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
重启机器生效,重启后可以使用getenforce命令查看状态
[root@master ~]# getenforce
Disabled
关闭SWAP
- 临时关闭
[root@master ~]# swapoff -a
[root@master ~]# free -m
total used free shared buff/cache available
Mem: 1821 106 1577 9 136 1556
Swap: 0 0 0
- 永久关闭
仅仅只需要注释掉/dev/mapper/centos-swap swap
配置即可
[root@master ~]# vi /etc/fstab
#
# /etc/fstab
# Created by anaconda on Mon Aug 8 21:52:55 2022
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/centos-root / xfs defaults 0 0
UUID=81f67b13-d684-4d63-becc-d134e784f6da /boot xfs defaults 0 0
#/dev/mapper/centos-swap swap
网桥过滤和地址转发功能
[root@xxx ~]# vi /etc/sysctl.d/kubernetes.conf
net.ipv4.ip_forward = 1
net.ipv4.tcp_tw_recycle = 0
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
vm.swappiness=0
加载网桥过滤模块
- 临时开启
[root@xxx ~]# modprobe br_netfilter
[root@xxx ~]# lsmod |grep br_netfilter
br_netfilter 22256 0
bridge 146976 1 br_netfilter
- 永久开启
[root@xxx ~]# vi /etc/rc.sysinit
#!/bin/bash
for file in /etc/sysconfig/modules/*.modules ; do
[ -x $file ] && $file
done
[root@xxx ~]# vi /etc/sysconfig/modules/br_netfilter.modules
modprobe br_netfilter
[root@xxx ~]# chmod 755 /etc/sysconfig/modules/br_netfilter.modules
[root@xxx ~]# lsmod |grep br_netfilter
[root@xxx ~]# lsmod |grep br_netfilter
br_netfilter 22256 0
bridge 146976 1 br_netfilter
生效配置
[root@master ~]# sysctl -p /etc/sysctl.d/kubernetes.conf
net.ipv4.ip_forward = 1
net.ipv4.tcp_tw_recycle = 0
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
vm.swappiness = 0
配置ipvs功能
[root@xxx ~]# vi /etc/sysconfig/modules/ipvs.modules
#!/bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4
[root@xxx ~]# chmod u+x /etc/sysconfig/modules/ipvs.modules
[root@xxx ~]# /etc/sysconfig/modules/ipvs.modules
[root@xxx ~]# lsmod | grep -e -ip_vs -e nf_conntrack_ipv4
nf_conntrack_ipv4 15053 0
nf_defrag_ipv4 12729 1 nf_conntrack_ipv4
nf_conntrack 133053 2 ip_vs,nf_conntrack_ipv4
时钟同步
- 修改master作为时钟同步主机
[root@master ~]# yum -y install ntp
[root@master ~]# vi /etc/ntp.conf
driftfile /var/lib/ntp/drift
restrict 127.0.0.1
restrict ::1
restrict 192.168.74.128 nomodify notrap nopeer noquery
restrict 192.168.74.0 mask 255.255.255.0 nomodify notrap
server 127.127.1.0
Fudge 127.127.1.0 stratum 10
includefile /etc/ntp/crypto/pw
keys /etc/ntp/keys
disable monitor
[root@master ~]