(20240828,准备更新PostgreSQL部分)
大纲
环境配置
系统:Debian 12.06
环境:阿里云ECS 以及 虚拟机
| 序号 | IP地址 | 域名 | 主机名 |
|---|---|---|---|
| 1 | 192.168.100.12 | k8s-master.yourname.com | k8s-master |
| 2 | 192.168.100.15 | k8s-node1.yourname.com | k8s-node1 |
| 3 | 192.168.100.16 | k8s-node2.yourname.com | k8s-node2 |
| 4 | 192.168.100.20 | k8s-register.yourname.com | k8s-register |
VMware虚拟网络编辑器
ssh设置
sudo apt-get update && apt-get upgrade
sudo apt-get install vim
/etc/ssh/sshd_config
...
PermitRootLogin yes
PubkeyAuthentication no
...
master连通其他node
ssh-keygen -t rsa -b 2048
for i in master node1 node2 register; do ssh-copy-id root@k8s-$i; done
静态IP设置
/etc/network/interfaces
其他主机修改IP即可
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
auto ens33
iface ens33 inet static
address 192.168.100.12
netmask 255.255.255.0
gateway 192.168.100.254
search localdomain
nameserver 8.8.8.8
nameserver 114.114.114.114
/etc/init.d/networking restart
主机名和域名
/etc/hostname
k8s-master
/etc/hosts
127.0.0.1 localhost
127.0.1.1 k8s01
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
192.168.100.12 k8s-master.yourname.com k8s-master
192.168.100.15 k8s-node1.yourname.com k8s-node1
192.168.100.16 k8s-node2.yourname.com k8s-node2
192.168.100.21 k8s-register.yourname.com k8s-register
用scp将hosts文件传输到node
for i in node1 node2 register; do scp /etc/hosts root@k8s-$i:/etc/hosts; done
关闭swap
for i in node1 node2 register; do swapoff -a; done
for i in node1 node2 register; do sed -i 's/.*swap.*/#&/' /etc/fstab; done
cat >> /etc/sysctl.d/k8s.conf << EOF
vm.swappiness=0
EOF
内核优化
cat << EOF | sudo tee /etc/sysctl.d/k8s.conf
net.ipv4.ip_forward = 1
EOF
for i in node1 node2 register; do sudo modprobe overlay; done
for i in node1 node2 register; do sudo modprobe br_netfilter; done
for i in node1 node2 register; do sysctl -p /etc/sysctl.d/k8s.conf; done
实践
域名DNS
用的是阿里云,我直接买了一个域名,但因为是个人服务器,不涉及商用没买SSL。
【阿里云-域名解析DNS01-简单介绍】 | chrisjing-com
Docker
sudo apt update
sudo apt install apt-transport-https ca-certificates curl software-properties-common
sudo curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/debian/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://mirrors.aliyun.com/docker-ce/linux/debian $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt update
sudo apt-get install docker-ce docker-ce-cli containerd.io
docker -v
docker compose version
cat > /etc/docker/daemon.json <<EOF
{
"log-driver": "json-file",
"log-opts": {
"max-size": "20m",
"max-file": "3"
},
"registry-mirrors": [
"https://docker.m.daocloud.io",
"https://dockerhub.icu",
"https://docker.anyhub.us.kg",
"https://docker.1panel.live"
]
}
EOF
systemctl daemon-reload
systemctl restart docker
systemctl enable docker
Nginx
mv default.conf default.conf.bak
touch default.conf
vim default.conf
server {
listen 80;
listen [::]:80;
server_name example.com;
access_log /var/log/nginx/access.log main;
location / {
proxy_pass http://127.0.0.1:8080/;
rewrite ^/(.*)$ /$1 break;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade-Insecure-Requests 1;
proxy_set_header X-Forwarded-Proto https;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}