基础环境搭建
k8s 环境规划:
Pod 网段: 10.0.0.0/16
Service 网段: 10.255.0.0/16
实验环境规划:
操作系统:centos7.9
配置: 4Gib 内存/4vCPU/100G 硬盘
网络:NAT
开启虚拟机的虚拟化
| K8S 集群角色 |
Ip |
主机名 |
安装的组件 |
| 控制节点 |
172.16.40.11 |
master1 |
apiserver、controller-manager、scheduler、etcd、docker、keepalived、nginx |
| 控制节点 |
172.16.40.12 |
master2 |
apiserver、controller-manager、scheduler、etcd、docker、keepalived、nginx |
| 控制节点 |
172.16.40.13 |
master3 |
apiserver、controller-manager、scheduler、etcd、docker |
| 工作节点 |
172.16.40.101 |
node1 |
kubelet、kube-proxy、docker、calico、coredns |
| Vip |
172.16.40.201 |
---- |
---- |
网卡配置文件
# /etc/sysconfig/network-scripts/ifcfg-eth0
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=eth0
UUID=5f1ab3c1-7560-4a30-9b41-8cf8f32fe185
DEVICE=eth0
ONBOOT=yes
IPADDR=172.16.40.11
NETMASK=255.255.255.0
#GATEWAY=172.16.40.2
DNS1=114.114.114.114
hosts文件
# /etc/hosts
172.16.40.11 master1
172.16.40.12 master2
172.16.40.13 master3
172.16.40.101 node1
配置 SSH 免密登录 masters、nodes
ssh-keygen -t rsa # 生成rsa密钥对
ssh-copy-id -i .ssh/id_rsa.pub master1 # 免密登录master1
ssh-copy-id -i .ssh/id_rsa.pub master2 # 免密登录master2
ssh-copy-id -i .ssh/id_rsa.pub master3 # 免密登录master3
ssh-copy-id -i .ssh/id_rsa.pub node1 # 免密登录node1
关闭防火墙自启动
systemctl stop firewalld && systemctl disable firewalld && systemctl status firewalld
关闭selinux
#/etc/selinux/config
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
setenforce 0
关闭交换分区
# 修改 /etc/fstab
sed -i '/swap/d' /etc/fstab
swapoff -a
修改内核参数
modprobe br_netfilter # 加载模块
lsmod | grep br_netfilter
cat > /etc/sysctl.d/k8s.conf <<EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF
sysctl -p /etc/sysctl.d/k8s.conf
加载内核模块
modprobe br_netfilter
modprobe overlay
开机自动加载内裤模块
cat > /etc/modules-load.d/k8s.conf << EOF
overlay
br_netfilter
EOF
配置阿里云 repo 源
rm -rf /etc/yum.repos.d/*
curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
yum install yum-utils -y
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum clean all && yum makecache
时间同步
yum install chrony -y
sed -i '/^server/d' /etc/chrony.conf
sed -i '1s;^;allow 172.16.40.0/24\n;' /etc/chrony.conf
sed -i '1s;^;local stratum 10\n;' /etc/chrony.conf
sed -i '1s;^;server master1 iburst\n;' /etc/chrony.conf
systemctl enable chronyd
systemctl restart chronyd
systemctl status chronyd
chronyc sources
安装 iptables
yum install iptables-services -y
systemctl stop iptables && systemctl disable iptables
iptables -F
开启 ipvs
#把 ipvs.modules 上传到 /etc/sysconfig/modules/ 目录下
chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep ip_vs
安装基础软件包
yum install -y yum-utils device-mapper-persistent-data lvm2 wget net-tools nfs-utils lrzsz gcc gcc-c++ make cmake libxml2-devel openssl-devel curl curl-devel unzip sudo ntp libaio-devel wget vim ncurses-devel autoconf automake zlib-devel python-devel epel-release openssh-server socat ipvsadm conntrack ntpdate telnet rsync
安装 docker-ce
yum install docker-ce docker-ce-cli containerd.io -y
systemctl start docker && systemctl enable docker.service && systemctl status docker.service
配置docker镜像加速
cat > /etc/docker/daemon.json <<EOF
{
"registry-mirrors": ["https://dockerhub.icu"],
"exec-opts": ["native.cgroupdriver=systemd"]
}
EOF
systemctl daemon-reload && systemctl restart docker && systemctl status docker
