-
Kubernetes Linux机器预置docker环境
1 安装yum源及必备工具
[root@localhost ~]# curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo [root@localhost ~]# yum install lrzsz wget jq psmisc vim net-tools telnet yum-utils device-mapper-persistent-data lvm2 git -y [root@localhost ~]# yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo # 如果报签名错误 [root@localhost ~]# vim /etc/yum.repos.d/CentOS-Base.repo把其中的gpgcheck值改为0;如果还报错yum命令后加上参数 --nogpgcheck (跳过验证) 。- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
2 关闭firewalld 、dnsmasq、selinux(CentOS7需要关闭NetworkManager,CentOS8不需要)
[root@localhost ~]# systemctl disable --now firewalld [root@localhost ~]# systemctl disable --now dnsmasq [root@localhost ~]# systemctl disable --now NetworkManager [root@localhost ~]# setenforce 0 [root@localhost ~]# sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/sysconfig/selinux [root@localhost ~]# sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/selinux/config- 1
- 2
- 3
- 4
- 5
- 6
3 关闭swap分区,fstab注释swa
[root@localhost ~]# swapoff -a && sysctl -w vm.swappiness=0 vm.swappiness = 0 [root@localhost ~]# sed -ri '/^[^#]*swap/s@^@#@' /etc/fstab # 查看swap分区 [root@localhost ~]# free -m total used free shared buff/cache available Mem: 1819 230 1072 9 516 1426 Swap: 0 0 0- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
4 修改主机名及配置hosts
## 修改主机名 [root@localhost ~]# hostnamectl set-hostname k8s-master01 ## 配置hosts映射 [root@localhost ~]# vim /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 ## 上面是原有的不要删除 在下面添加 192.168.18.143 k8s-master01- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
5 同步时间
# 安装ntpdate [root@k8s-master01 ~]# rpm -ivh http://mirrors.wlnmp.com/centos/wlnmp-release-centos.noarch.rpm Retrieving http://mirrors.wlnmp.com/centos/wlnmp-release-centos.noarch.rpm Preparing... ################################# [100%] Updating / installing... 1:wlnmp-release-centos-2-1 ################################# [100%] [root@k8s-master01 ~]# yum install ntpdate -y # 所有节点同步时间配置如下: [root@k8s-master01 ~]# ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime [root@k8s-master01 ~]# echo 'Asia/Shanghai' >/etc/timezone [root@k8s-master01 ~]# ntpdate time2.aliyun.com 15 Jan 18:08:18 ntpdate[12682]: adjust time server 203.107.6.88 offset 0.001383 sec # 加入到crontab [root@k8s-master01 ~]# crontab -e # 添加如下定时任务: */5 * * * * /usr/sbin/ntpdate time2.aliyun.com # 重启 crond 服务 [root@k8s-master01 ~]# service crond restart Redirecting to /bin/systemctl restart crond.service- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
6 配置limit
[root@k8s-master01 ~]# ulimit -SHn 65535 [root@k8s-master01 ~]# vim /etc/security/limits.conf # 末尾添加如下内容(大写的GG 跳到文件末尾) * soft nofile 65536 * hard nofile 131072 * soft nproc 65535 * hard nproc 655350 * soft memlock unlimited * hard memlock unlimited- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
7 配置免密登陆(非必须)
[root@k8s-master01 ~]# ssh-keygen -t rsa # 一路回车,不输入密码 # 然后把生成的 ssh 公钥文件安装到远程主机对应的账户 比如这里配置本机免密登陆: [root@k8s-master01 ~]# ssh-copy-id -i .ssh/id_rsa.pub k8s-master01 # 输入yes 然后输入一次root密码 # 多个节点空格隔开 [root@k8s-master01 ~]# for i in 192.168.18.143 192.168.18.144;do ssh-copy-id -i .ssh/id_rsa.pub $i;done- 1
- 2
- 3
- 4
- 5
- 6
- 7
8 升级内核(CentOS7 需要升级内核至4.18+,本地升级的版本为4.19)
安装的Centos7 默认内核版本3.10,安装K8S集群做环境搭建,查看官方介绍,CentOS7 需要升级内核至4.18+,本次升级的版本为4.19(阿里云盘下载):
## 查看内核版本 [root@k8s-master01 ~]# uname -srm ## 在线下载安装4.19(或者使用上面阿里云盘下载) [root@k8s-master01 ~]# cd /root [root@k8s-master01 ~]# wget http://193.49.22.109/elrepo/kernel/el7/x86_64/RPMS/kernel-ml-devel-4.19.12-1.el7.elrepo.x86_64.rpm [root@k8s-node01 ~]# wget http://193.49.22.109/elrepo/kernel/el7/x86_64/RPMS/kernel-ml-4.19.12-1.el7.elrepo.x86_64.rpm # 拷贝到其他需要升级的linux机器 [root@k8s-master01 ~]# for i in ip1.XXX ip2.XXX;do scp kernel-ml-4.19.12-1.el7.elrepo.x86_64.rpm kernel-ml-devel-4.19.12-1.el7.elrepo.x86_64.rpm $i:/root/ ; done # 安装内核 等待完成安装 [root@k8s-node01 ~]# cd /root && yum localinstall -y kernel-ml* # 更改内核启动顺序 [root@k8s-master01 ~]# grub2-set-default 0 && grub2-mkconfig -o /etc/grub2.cfg [root@k8s-master01 ~]# grubby --args="user_namespace.enable=1" --update-kernel="$(grubby --default-kernel)" # 检查默认内核是不是4.19 [root@k8s-master01 ~]# grubby --default-kernel /boot/vmlinuz-4.19.12-1.el7.elrepo.x86_64- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
9 安装ipvsadm
[root@k8s-master01 ~]# yum install ipvsadm ipset sysstat conntrack libseccomp -y # 配置ipvs模块,在内核4.19+版本nf_conntrack_ipv4已经改为nf_conntrack [root@k8s-master01 ~]# vim /etc/modules-load.d/ipvs.conf ip_vs ip_vs_lc ip_vs_wlc ip_vs_rr ip_vs_wrr ip_vs_lblc ip_vs_lblcr ip_vs_dh ip_vs_sh ip_vs_fo ip_vs_nq ip_vs_sed ip_vs_ftp ip_vs_sh nf_conntrack ip_tables ip_set xt_set ipt_set ipt_rpfilter ipt_REJECT ipip- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
配置完成后 执行如下操作:
[root@k8s-master01 ~]# systemctl enable --now systemd-modules-load.service- 1
10 开启一些k8s集群中必须的内核参数
cat <<EOF > /etc/sysctl.d/k8s.conf net.ipv4.ip_forward = 1 net.bridge.bridge-nf-call-iptables = 1 net.bridge.bridge-nf-call-ip6tables = 1 fs.may_detach_mounts = 1 vm.overcommit_memory=1 net.ipv4.conf.all.route_localnet = 1 vm.panic_on_oom=0 fs.inotify.max_user_watches=89100 fs.file-max=52706963 fs.nr_open=52706963 net.netfilter.nf_conntrack_max=2310720 net.ipv4.tcp_keepalive_time = 600 net.ipv4.tcp_keepalive_probes = 3 net.ipv4.tcp_keepalive_intvl =15 net.ipv4.tcp_max_tw_buckets = 36000 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_max_orphans = 327680 net.ipv4.tcp_orphan_retries = 3 net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_max_syn_backlog = 16384 net.ipv4.ip_conntrack_max = 65536 net.ipv4.tcp_max_syn_backlog = 16384 net.ipv4.tcp_timestamps = 0 net.core.somaxconn = 16384 EOF sysctl --syste- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
配置完内核后,重启服务器,保证重启后内核依旧加载
[root@k8s-master01 ~]# reboot [root@k8s-master01 ~]# lsmod | grep --color=auto -e ip_vs -e nf_conntrack ip_vs_ftp 16384 0 nf_nat 32768 1 ip_vs_ftp ip_vs_sed 16384 0 ip_vs_nq 16384 0 ip_vs_fo 16384 0 ip_vs_sh 16384 0 ip_vs_dh 16384 0 ip_vs_lblcr 16384 0 ip_vs_lblc 16384 0 ip_vs_wrr 16384 0 ip_vs_rr 16384 0 ip_vs_wlc 16384 0 ip_vs_lc 16384 0 ip_vs 151552 25 ip_vs_wlc,ip_vs_rr,ip_vs_dh,ip_vs_lblcr,ip_vs_sh,ip_vs_fo,ip_vs_nq,ip_vs_lblc,ip_vs_wrr,ip_vs_lc,ip_vs_sed,ip_vs_ftp nf_conntrack 143360 2 nf_nat,ip_vs nf_defrag_ipv6 20480 1 nf_conntrack nf_defrag_ipv4 16384 1 nf_conntrack libcrc32c 16384 4 nf_conntrack,nf_nat,xfs,ip_vs- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
11 安装docker
安装docker-ce-20.10 社区版:
[root@k8s-master01 ~]# yum install docker-ce-20.10.* docker-cli-20.10.* -y- 1
由于新版kubelet建议使用systemd,所以需要把docker的CgroupDriver改成systemd
[root@k8s-master01 ~]# mkdir /etc/docker [root@k8s-master01 ~]# vim /etc/docker/daemon.json { "exec-opts": ["native.cgroupdriver=systemd"], "registry-mirrors": ["https://lc37ku91.mirror.aliyuncs.com"], "max-concurrent-downloads": 10, "max-concurrent-uploads": 5, "log-opts": { "max-size": "500m", "max-file": "3" }, "live-restore": true }- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- registry-mirrors:根据自己的阿里云镜像仓库修改代理地址
- max-concurrent-downloads:最大并发下载线程数
- max-concurrent-uploads:最大并发上传线程数
- log-opts 日志配置 -> max-size 最大500m进行切割 只保留3份(根据实际情况修改)
- live-restore:开启守护进程
设置开机自启动Docker:
[root@k8s-master01 ~]# systemctl daemon-reload && systemctl enable --now docker && systemctl restart docker Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.- 1
- 2
Kubernetes Linux机器预置环境准备完成!!!
-
相关阅读:
2022过半,Node你会用了吗
初识MySQL索引
02 C++ 变量和基本类型
芯片设计_IC行业到底还值不值得入?
ArcGIS 10.7软件安装包下载及安装教程!
k8s 资源外部版本和内部版本
【NeRF】1、NeRF 是什么
无代码开发添加数据入门教程
【Go 基础篇】Go语言结构体之间的转换与映射
中国石油大学《高等数学二》第三次在线作业
- 原文地址:https://blog.csdn.net/qq_38723394/article/details/126055514
