第一章 基本环境配置
1.1 配置hosts 所有节点
修改/etc/hosts如下:
| 192.168.0.93 W31-ywzt-SIT-1 192.168.0.94 W31-ywzt-SIT-2 |
1.2 CentOS 7安装yum源如下 所有节点
| curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo yum install -y yum-utils device-mapper-persistent-data lvm2 yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo cat <<EOF > /etc/yum.repos.d/kubernetes.repo [kubernetes] name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/ enabled=1 gpgcheck=0 repo_gpgcheck=0 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg EOF sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo |
1.3 安装必备工具 所有节点
| yum install wget jq psmisc vim net-tools telnet yum-utils device-mapper-persistent-data lvm2 git -y |
1.4 关闭防火墙、selinux、dnsmasq 所有节点
| systemctl disable --now firewalld systemctl disable --now dnsmasq systemctl disable --now NetworkManager setenforce 0 sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/sysconfig/selinux sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/selinux/config |
1.5 关闭swap分区 所有节点
| swapoff -a && sysctl -w vm.swappiness=0 sed -ri '/^[^#]*swap/s@^@#@' /etc/fstab |
1.6 安装ntpdate 所有节点
| rpm -ivh http://mirrors.wlnmp.com/centos/wlnmp-release-centos.noarch.rpm yum install ntpdate -y |
1.7 同步时间 所有节点
| ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime echo 'Asia/Shanghai' >/etc/timezone ntpdate time2.aliyun.com # 加入到crontab crontab -e */5 * * * * /usr/sbin/ntpdate time2.aliyun.com |
1.8 配置limit 所有节点
| ulimit -SHn 65535 vim /etc/security/limits.conf # 末尾添加如下内容 * soft nofile 65536 * hard nofile 131072 * soft nproc 65535 * hard nproc 655350 * soft memlock unlimited * hard memlock unlimited |
1.9 升级系统 所有节点
| yum update -y --exclude=kernel* #CentOS7需要升级,CentOS8可以按需升级系统 |
第二章 内核配置
CentOS7 需要升级内核至4.18+,本地升级的版本为4.19
2.1 master节点下载内核 (或者直接上传内核) master节点
| cd /root wget http://193.49.22.109/elrepo/kernel/el7/x86_64/RPMS/kernel-ml-devel-4.19.12-1.el7.elrepo.x86_64.rpm wget http://193.49.22.109/elrepo/kernel/el7/x86_64/RPMS/kernel-ml-4.19.12-1.el7.elrepo.x86_64.rpm |
2.2 从master节点传到其他节点 master节点
master节点免密钥登录其他节点,密钥配置如下:
ssh-keygen -t rsa
for i in W31-ywzt-SIT-1 W31-ywzt-SIT-2;do ssh-copy-id -i .ssh/id_rsa.pub $i;done
从master节点传到其他节点:
for i in W31-ywzt-SIT-2;do scp kernel-ml-4.19.12-1.el7.elrepo.x86_64.rpm kernel-ml-devel-4.19.12-1.el7.elrepo.x86_64.rpm $i:/root/ ; done
2.3 安装内核 所有节点
| cd /root && yum localinstall -y kernel-ml* |
2.4 更改内核启动顺序 所有节点
| grub2-set-default 0 && grub2-mkconfig -o /etc/grub2.cfg grubby --args="user_namespace.enable=1" --update-kernel="$(grubby --default-kernel)" |
2.5 检查默认内核是不是4.19 所有节点
| grubby --default-kernel |
2.6 所有节点重启,然后检查内核是不是4.19 所有节点
| reboot uname -a |
2.7 安装ipvsadm 所有节点
| yum install ipvsadm ipset sysstat conntrack libseccomp -y |
2.8 配置ipvs模块 所有节点
在内核4.19+版本nf_conntrack_ipv4已经改为nf_conntrack, 4.18以下使用nf_conntrack_ipv4即可:
| modprobe -- ip_vs modprobe -- ip_vs_rr modprobe -- ip_vs_wrr modprobe -- ip_vs_sh modprobe -- nf_conntrack vi /etc/modules-load.d/ipvs.conf # 加入以下内容 ip_vs ip_vs_lc ip_vs_wlc ip_vs_rr ip_vs_wrr ip_vs_lblc ip_vs_lblcr ip_vs_dh ip_vs_sh ip_vs_fo ip_vs_nq ip_vs_sed ip_vs_ftp ip_vs_sh nf_conntrack ip_tables ip_set xt_set ipt_set ipt_rpfilter ipt_REJECT ipip |
然后执行systemctl enable --now systemd-modules-load.service即可
2.9 配置k8s内核 所有节点
| cat <<EOF > /etc/sysctl.d/k8s.conf net.ipv4.ip_forward = 1 net.bridge.bridge-nf-call-iptables = 1 net.bridge.bridge-nf-call-ip6tables = 1 fs.may_detach_mounts = 1 net.ipv4.conf.all.route_localnet = 1 vm.overcommit_memory=1 vm.panic_on_oom=0 fs.inotify.max_user_watches=89100 fs.file-max=52706963 fs.nr_open=52706963 net.netfilter.nf_conntrack_max=2310720 net.ipv4.tcp_keepalive_time = 600 net.ipv4.tcp_keepalive_probes = 3 net.ipv4.tcp_keepalive_intvl =15 net.ipv4.tcp_max_tw_buckets = 36000 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_max_orphans = 327680 net.ipv4.tcp_orphan_retries = 3 net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_max_syn_backlog = 16384 net.ipv4.ip_conntrack_max = 65536 net.ipv4.tcp_max_syn_backlog = 16384 net.ipv4.tcp_timestamps = 0 net.core.somaxconn = 16384 EOF sysctl --system |
2.10 重启服务器,保证重启后内核依旧加载 所有节点
reboot
lsmod | grep --color=auto -e ip_vs -e nf_conntrack
标签:教程,--,ip,vs,yum,net,Kubeadm,节点,1.24 From: https://blog.csdn.net/qingcyb/article/details/139629733