一、Initialize the kubernetes basic environment configuration on CentOS 7.9
1 IP 修改
机器克隆后 IP 修改,使Xshell连接上
[root@localhost ~]# vi /etc/sysconfig/network-scripts/ifcfg-ens160
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static # 配置静态IP,防止修改
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens32
UUID=d368b9f1-2b0c-4dbd-b691-e24ea590ccbe
DEVICE=ens32
ONBOOT=yes # 是否开机时就启用
IPADDR=192.168.192.16 # 修改ip地址
PREFIX=24
GATEWAY=192.168.192.2 # 修改网关地址
IPV6_PRIVACY=no
DNS1=114.114.114.114 # DSN配置上,不然使用域名会找不到的
DNS2=8.8.8.8重启网卡,并测试好不好使
systemctl restart network
ping baiud.com2 设置主机名
hostnamectl set-hostname kube-master01
hostnamectl set-hostname kube-master02
hostnamectl set-hostname kube-node01
hostnamectl set-hostname kube-node023 配置hosts本地解析
cat > /etc/hosts <<EOF
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.192.16 kube-master01
192.168.192.17 kube-master02
192.168.192.18 kube-node01
192.168.192.19 kube-node02
EOF4 关闭防火墙 / Selinux / Swap
为了避免额外的干扰,需要关闭防火墙,对于公有云,内网端口一般全开放,外网端口通过安全组控制
# 关闭防火墙
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# systemctl disable firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
# 关闭Selinux
# 永久关闭
[root@localhost ~]# sed -i "s#^SELINUX=.*#SELINUX=disabled#g" /etc/selinux/config
# 临时关闭
[root@localhost ~]# setenforce 0
# 检查
[root@localhost ~]# cat /etc/selinux/config
[root@localhost ~]# /usr/sbin/sestatus -v
SELinux status: enabled
# 先查看 Swap有没有
[root@localhost ~]# free -m
total used free shared buff/cache available
Mem: 1800 1208 122 15 469 417
Swap: 2047 15 2032
# 关闭 Swap 分区,Swap 会影响性能
[root@localhost ~]# swapoff -a && sysctl -w vm.swappiness=0
vm.swappiness = 0
[root@localhost ~]# sed -ri '/^[^#]*swap/s@^@#@' /etc/fstab
# 在确认下 [查看swap一行全是0就正确]
[root@localhost ~]# free -m
total used free shared buff/cache available
Mem: 1800 1210 110 25 479 406
Swap: 0 0 05 YUM 源配置
本地或者自建服务器都需要配置 YUM 源,如果是云服务器由于本身就有对应云的 YUM 源,不需要配置
# 备份旧的 yum 源
cd /etc/yum.repos.d/
mkdir backup-$(date +%F)
mv *repo backup-$(date +%F)
# 上面看不懂,这有简单的
[root@localhost yum.repos.d]# mkdir /etc/yum.repos.d.bak
[root@localhost yum.repos.d]# cp /etc/yum.repos.d/* /etc/yum.repos.d.bak/
[root@localhost yum.repos.d]# ls /etc/yum.repos.d.bak/
# 添加阿里云 yum 源
[root@localhost yum.repos.d]# curl http://mirrors.aliyun.com/repo/Centos-7.repo -o ali.repo
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 2523 100 2523 0 0 13637 0 --:--:-- --:--:-- --:--:-- 136376 基础依赖安装
由于服务器最小化安装,需要安装一些常用的依赖和工具,否则后面安装可能会报错
# 安装 epel 源
[root@localhost yum.repos.d]# yum -y install epel-release
[root@localhost yum.repos.d]# yum clean all
33 files removed
[root@localhost yum.repos.d]# yum makecache
# 安装常用依赖
yum -y install gcc glibc gcc-c++ make cmake net-tools screen vim lrzsz tree dos2unix lsof \
tcpdump bash-completion wget openssl openssl-devel bind-utils traceroute \
bash-completion glib2 glib2-devel unzip bzip2 bzip2-devel libevent libevent-devel \
expect pcre pcre-devel zlib zlib-devel jq psmisc tcping yum-utils device-mapper-persistent-data \
lvm2 git device-mapper-persistent-data bridge-utils container-selinux binutils-devel \
ncurses ncurses-devel elfutils-libelf-devel ack
# 升级服务器
yum -y update7 配置时间同步
本地或者自建服务器都需要配置时间同步,如果是云服务器由于本身就有对应云的时间同步机制,不需要配置
timedatectl8 互相免密
Master 节点执行以下操作
ssh-keygen -t rsa
# 定义 master 列表
MASTER_LIST=(
192.168.192.17
192.168.192.18
192.168.192.19
)
# 配置免密登录
for i in ${MASTER_LIST[@]};do
ssh-copy-id -i /root/.ssh/id_rsa.pub root@$i
done
# yes
# 输入密码9 内核升级
CentOS 7.9 升级内核 kernel-ml-5.6.14版本:https://www.cnblogs.com/huaxiayuyi/p/16788084.html
Centos 8.2 升级内核通过elrepo源:https://www.cnblogs.com/huaxiayuyi/p/16794239.html
10 系统优化
对系统打开文件数进行修改,提升性能
cat >> /etc/security/limits.conf << EOF
# 打开文件优化配置
* soft nofile 655360
* hard nofile 655350
* soft nproc 655350
* hard nproc 655350
* soft memlock unlimited
* hard memlock unlimited
EOF
cat /etc/security/limits.conf11 加载模块
ipvs模块配置
kube-proxy开启ipvs的前置条件
- 原文:https://github.com/kubernetes/kubernetes/blob/master/pkg/proxy/ipvs/README.md
- 参考:https://www.qikqiak.com/post/how-to-use-ipvs-in-kubernetes/
创建配置文件
内核 4.19+版本 nf_conntrack_ipv4 已改为 nf_conntrack ,4.18以下使用 nf_conntrack_ipv4即可。
安装 ipvsadm,节点通信需要用到 LVS,所有需要安装 ipvsadm。ipset 和 ipvsadm (便于查看 ipvs 的代理规则)
yum -y install ipvsadm ipset sysstat conntrack libseccomp配置 ipvs 模块(内核 4.19 版本以前使用 nf_conntrack_ipv4,以后使用 nf_conntrack)
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack
cat > /etc/modules-load.d/ipvs.conf << EOF
ip_vs
ip_vs_lc
ip_vs_wlc
ip_vs_rr
ip_vs_wrr
ip_vs_lblc
ip_vs_lblcr
ip_vs_dh
ip_vs_sh
ip_vs_fo
ip_vs_nq
ip_vs_sed
ip_vs_ftp
ip_vs_sh
nf_conntrack
ip_tables
ip_set
xt_set
ipt_set
ipt_rpfilter
ipt_REJECT
ipip
EOF重新加载配置,检查确认
[root@kube-node02 ~]# systemctl enable --now systemd-modules-load.service
[root@kube-node02 ~]# lsmod | grep -e ip_vs -e nf_conntrack
ip_vs_sh 16384 0
ip_vs_wrr 16384 0
ip_vs_rr 16384 0
ip_vs 155648 6 ip_vs_rr,ip_vs_sh,ip_vs_wrr
nf_conntrack 155648 1 ip_vs
nf_defrag_ipv6 24576 2 nf_conntrack,ip_vs
nf_defrag_ipv4 16384 1 nf_conntrack
libcrc32c 16384 3 nf_conntrack,xfs,ip_vs12 优化系统参数
添加内核调优参数,某些参数对 Kubernetes 集群很重要(不一定是最优,各取所有)
cat >> /etc/sysctl.d/user.conf << EOF
# 内核调优
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
fs.may_detach_mounts = 1
vm.overcommit_memory=1
vm.panic_on_oom=0
fs.inotify.max_user_watches=89100
fs.file-max=52706963
fs.nr_open=52706963
net.netfilter.nf_conntrack_max=2310720
net.ipv4.tcp_keepalive_time = 600
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.tcp_keepalive_intvl =15
net.ipv4.tcp_max_tw_buckets = 36000
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_max_orphans = 327680
net.ipv4.tcp_orphan_retries = 3
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.ip_conntrack_max = 65536
net.ipv4.tcp_timestamps = 0
net.core.somaxconn = 16384
EOF两种方式
1 单独指定配置文件加载
sysctl -p /etc/sysctl.d/user.conf2 手动加载所有的配置文件
[root@kube-master01 ~]# sysctl --system
* Applying /usr/lib/sysctl.d/00-system.conf ...
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
* Applying /usr/lib/sysctl.d/10-default-yama-scope.conf ...
* Applying /usr/lib/sysctl.d/50-default.conf ...
kernel.sysrq = 16
kernel.core_uses_pid = 1
kernel.kptr_restrict = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.promote_secondaries = 1
net.ipv4.conf.all.promote_secondaries = 1
fs.protected_hardlinks = 1
fs.protected_symlinks = 1
* Applying /etc/sysctl.d/99-sysctl.conf ...
* Applying /etc/sysctl.d/user.conf ...
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
vm.overcommit_memory = 1
vm.panic_on_oom = 0
fs.inotify.max_user_watches = 89100
fs.file-max = 52706963
fs.nr_open = 52706963
net.netfilter.nf_conntrack_max = 2310720
net.ipv4.tcp_keepalive_time = 600
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.tcp_keepalive_intvl = 15
net.ipv4.tcp_max_tw_buckets = 36000
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_max_orphans = 327680
net.ipv4.tcp_orphan_retries = 3
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_timestamps = 0
net.core.somaxconn = 16384
* Applying /etc/sysctl.conf ...完成后就可以重启服务器
reboot重启完成,在查看 ipvs 的配置效果
lsmod | grep --color=auto -e ip_vs -e nf_conntrack
二、报错
1 ping name or service not know
# 修改内容
[root@localhost ~]# vi /etc/sysconfig/network-scripts/ifcfg-ens160
BOOTPROTO=“static” #启用静态IP地址
ONBOOT=“yes” # 是否开机时就启用重启网络
service network restartping
ping baidu.com
ping 114.114.114.114
三、安装 k8s
CentOS 7.9 安装 kubernetes-1.25.1:https://www.cnblogs.com/huaxiayuyi/p/16808387.html
标签:kubernetes,CentOS,nf,etc,yum,ipv4,net,7.9,root From: https://www.cnblogs.com/huaxiayuyi/p/16808387.html