k8s集群安装-软件环境

禁止Swap分区

sed -i '/swap/s/^/#/' /etc/fstab
swapoff -a

关闭防火墙

systemctl stop firewalld
systemctl disable firewalld

关闭selinux

sed -i 's/enforcing/disabled/' /etc/selinux/config
setenforce 0

单用户可以打开的最大文件数量，可以设置为官方推荐的65536或更大些

echo "* - nofile 655360" >> /etc/security/limits.conf

单用户线程数调大

echo "* - nproc 131072" >> /etc/security/limits.conf

单进程可以使用的最大map内存区域数量

echo "vm.max_map_count = 655360" >> /etc/sysctl.conf

参数修改立即生效

sysctl -p

查看主机名

hostname

如果主机名不正确，修改主机名

hostnamectl set-hostname node1
hostnamectl set-hostname node2
hostnamectl set-hostname node3
hostnamectl set-hostname node4
hostnamectl set-hostname node5
hostnamectl set-hostname node6

如果以前配置的/etc/hosts，不符合要求，清理

sed -i '/172/d' /etc/hosts

配置/etc/host

echo '
172.16.108.24 node1
172.16.108.25 node2
172.16.108.26 node3
172.16.108.27 node4
172.16.108.28 node5
172.16.108.29 node6
'>>/etc/hosts

将桥接的IPV4流量传递到iptables的链

cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
overlay
br_netfilter
EOF

sudo modprobe overlay
sudo modprobe br_netfilter

# sysctl params required by setup, params persist across reboots
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables  = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward                 = 1
EOF

# Apply sysctl params without reboot
sudo sysctl --system

应用规则

sysctl --system

date 时间同步

安装docker，参考
https://blog.csdn.net/jiakai82/article/details/117811004

配置镜像加速、非必需

sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-'EOF'
{
  "registry-mirrors": ["https://ke9h1pt4.mirror.aliyuncs.com"]
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker

安装kubeadm，kubelet和kubectl

yum list|grep kube

所有机器上安装kubelet kubeadm kubectl，参考https://developer.aliyun.com/mirror/kubernetes

cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

setenforce 0
#yum install -y kubelet kubeadm kubectl
#ps: 由于官网未开放同步方式, 可能会有索引gpg检查失败的情况, 这时请用如下安装
yum install -y --nogpgcheck kubelet kubeadm kubectl 

#开机启动
systemctl enable kubelet && systemctl start kubelet

#下面需要执行、不操作kubeadm init 会出错
#首次安装 mv /etc/containerd/config.toml /tmp
systemctl restart containerd
systemctl status containerd

查看kubelet的状态：

systemctl status kubelet

查看kubelet版本：

kubelet --version

部署k8s-master、安装POD网络插件
官方文档
https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/

初始化高可用集群

kubeadm init \
--pod-network-cidr=10.244.0.0/16 \
--control-plane-endpoint "k8s-api:6443" \
--kubernetes-version v1.24.3
#kubeadm config images pull