基础服务
本文基于centos7.5部署
规划
|
10.8.28.200 |
master-VIP |
|
10.8.31.84 |
k8s-test-master-1 |
|
10.8.152.149 |
k8s-test-master-2 |
|
10.8.191.56 |
k8s-test-master-3 |
|
10.8.85.173 |
k8s-test-node-1 |
将host信息写入hosts文件
系统调优
1 # 关闭swap
2 swapoff -a
3 yes | cp /etc/fstab /etc/fstab_bak
4 cat /etc/fstab_bak |grep -v swap > /etc/fstab
5
6 # 关闭selinux
7 setenforce 0 8 && sed -i ‘s/^SELINUX=.*$/SELINUX=disabled/‘ /etc/selinux/config 9 && getenforce
10
11 # 关闭防火墙
12 systemctl stop firewalld 13 && systemctl daemon-reload 14 && systemctl disable firewalld 15 && systemctl daemon-reload 16 && systemctl status firewalld
17
18 yum install -y iptables-services 19 && systemctl stop iptables 20 && systemctl disable iptables 21 && systemctl status iptables
22
23 # 系统参数调优
24 [ ! -e "/etc/sysctl.conf_bk" ] && /bin/mv /etc/sysctl.conf{,_bk} 25 && cat > /etc/sysctl.conf << EOF
26 fs.file-max=1000000
27 fs.nr_open=20480000
28 net.ipv4.tcp_max_tw_buckets = 180000
29 net.ipv4.tcp_sack = 1
30 net.ipv4.tcp_window_scaling = 1
31 net.ipv4.tcp_rmem = 4096 87380 4194304
32 net.ipv4.tcp_wmem = 4096 16384 4194304
33 net.ipv4.tcp_max_syn_backlog = 16384
34 net.core.netdev_max_backlog = 32768
35 net.core.somaxconn = 32768
36 net.core.wmem_default = 8388608
37 net.core.rmem_default = 8388608
38 net.core.rmem_max = 16777216
39 net.core.wmem_max = 16777216
40 net.ipv4.tcp_timestamps = 0
41 net.ipv4.tcp_fin_timeout = 20
42 net.ipv4.tcp_synack_retries = 2
43 net.ipv4.tcp_syn_retries = 2
44 net.ipv4.tcp_syncookies = 1
45 #net.ipv4.tcp_tw_len = 1
46 net.ipv4.tcp_tw_reuse = 1
47 net.ipv4.tcp_mem = 94500000 915000000 927000000
48 net.ipv4.tcp_max_orphans = 3276800
49 net.ipv4.ip_local_port_range = 1024 65000
50 #net.nf_conntrack_max = 6553500
51 #net.netfilter.nf_conntrack_max = 6553500
52 #net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
53 #net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120
54 #net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
55 #net.netfilter.nf_conntrack_tcp_timeout_established = 3600
56 EOF
57 sysctl -p
58
59 # k8s部分参数调优
60 cat <<EOF > /etc/sysctl.d/k8s.conf
61 net.bridge.bridge-nf-call-ip6tables = 1
62 net.bridge.bridge-nf-call-iptables = 1
63 net.ipv4.ip_nonlocal_bind = 1
64 net.ipv4.ip_forward = 1
65 vm.swappiness=0
66 EOF
67 sysctl -p /etc/sysctl.d/k8s.conf
68
69 # 开启ipvs
70 cat > /etc/sysconfig/modules/ipvs.modules <<EOF
71 #!/bin/bash
72 modprobe -- ip_vs
73 modprobe -- ip_vs_rr
74 modprobe -- ip_vs_wrr
75 modprobe -- ip_vs_sh
76 modprobe -- nf_conntrack_ipv4
77 EOF
78 chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep -e ip_vs -e nf_conntrack_ipv4
79
80 # 制作镜像(正常安装无需执行)
81 echo "mkdir -p /data/docker" >> /etc/rc.d/rc.local
82 echo "swapoff -a" >> /etc/rc.d/rc.local
安装docker
1 # 拉取rpm文件,国内可以从阿里源下载 2 mkdir -p /data/init/docker && cd /data/init/docker 3 wget https://download.docker.com/linux/centos/7/x86_64/stable/Packages/docker-ce-18.09.8-3.el7.x86_64.rpm 4 wget https://download.docker.com/linux/centos/7/x86_64/stable/Packages/containerd.io-1.2.6-3.3.el7.x86_64.rpm 5 wget https://download.docker.com/linux/centos/7/x86_64/stable/Packages/docker-ce-cli-18.09.8-3.el7.x86_64.rpm 6 yum install -y containerd.io-1.2.6-3.3.el7.x86_64.rpm docker-ce-cli-18.09.8-3.el7.x86_64.rpm docker-ce-18.09.8-3.el7.x86_64.rpm 7 8 # 创建docker目录,修改docker运行参数 9 mkdir /data/docker 10 cat << EOF >/etc/sysconfig/docker 11 INSECURE_REGISTRY="--insecure-registry=harbor.test123.net" 12 DOCKER_NETWORK_OPTIONS="-H fd:// --containerd=/run/containerd/containerd.sock" 13 DOCKER_STORAGE_OPTIONS="--data-root=/data/docker --storage-driver=overlay2" 14 EOF 15 16 # 编辑system unit文件 17 cat << EOF > /usr/lib/systemd/system/docker.service 18 [Unit] 19 Description=Docker Application Container Engine 20 Documentation=https://docs.docker.com 21 BindsTo=containerd.service 22 After=network-online.target firewalld.service containerd.service 23 Wants=network-online.target 24 Requires=docker.socket 25 26 [Service] 27 Type=notify 28 EnvironmentFile=-/etc/sysconfig/docker 29 ExecStart=/usr/bin/dockerd \30 \$INSECURE_REGISTRY \31 \$DOCKER_STORAGE_OPTIONS \32 \$DOCKER_NETWORK_OPTIONS 33 ExecReload=/bin/kill -s HUP \$MAINPID 34 TimeoutSec=0 35 RestartSec=2 36 Restart=always 37 StartLimitBurst=3 38 StartLimitInterval=60s 39 LimitNOFILE=infinity 40 LimitNPROC=infinity 41 LimitCORE=infinity 42 TasksMax=infinity 43 Delegate=yes 44 KillMode=process 45 46 [Install] 47 WantedBy=multi-user.target 48 49 EOF 50 51 # 启动docker 52 systemctl daemon-reload 53 systemctl restart docker.service 54 systemctl enable docker.service 55 56 # 验证 57 docker info 58 docker version
安装kubeadm/kubelet/kubectl(选装)
1 cat <<EOF > /etc/yum.repos.d/kubernetes.repo 2 [kubernetes] 3 name=Kubernetes 4 baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64 5 enabled=1 6 gpgcheck=1 7 repo_gpgcheck=1 8 gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg 9 EOF 10 11 yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes 12 13 systemctl enable --now kubelet
预下载镜像
1 kubeadm config images pull 2 [config/images] Pulled k8s.gcr.io/kube-apiserver:v1.15.1 3 [config/images] Pulled k8s.gcr.io/kube-controller-manager:v1.15.1 4 [config/images] Pulled k8s.gcr.io/kube-scheduler:v1.15.1 5 [config/images] Pulled k8s.gcr.io/kube-proxy:v1.15.1 6 [config/images] Pulled k8s.gcr.io/pause:3.1 7 [config/images] Pulled k8s.gcr.io/etcd:3.3.10 8 [config/images] Pulled k8s.gcr.io/coredns:1.3.1
master-1到其他master免密
1 # master-1执行 2 ssh-keygen 3 ssh-copy-id -i /root/.ssh/id_rsa.pub -p 8022 [email protected]2 4 ssh-copy-id -i /root/.ssh/id_rsa.pub -p 8022 [email protected]3
原文地址:https://www.cnblogs.com/dolphintwo/p/11308142.html
时间: 2024-07-31 00:30:23