无界面启动
首先配置外部的ssh连接,最好不要在虚拟机里直接操作,复制粘贴起来,非常不方便,尤其是鼠标的切换,非常反人类,启动选项中最好设置”无界面启动“
关闭selinux
# 临时关闭
setenforce 0
# 永久关闭,重启生效
sed` `-i ``"s/SELINUX=enforcing/SELINUX=disabled/g"` `/etc/selinux/config
关闭swap分区或禁用swap文件
# 临时生效
swapoff -a
# 注释掉关于swap分区的行,也是重启后才生效
# 先备份fstab文件
yes | cp /etc/fstab /etc/fstab_bak
cat /etc/fstab_bak | grep -v swap > /etc/fstab
修改网卡配置(主要是修改转发参数)
# 配置转发相关参数,否则可能会出错
cat <<EOF > /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
vm.swappiness=0
EOF
# 添加配置文件到系统进行加载生效
sysctl --system
* Applying /usr/lib/sysctl.d/00-system.conf ...
* Applying /usr/lib/sysctl.d/10-default-yama-scope.conf ...
kernel.yama.ptrace_scope = 0
* Applying /usr/lib/sysctl.d/50-default.conf ...
kernel.sysrq = 16
kernel.core_uses_pid = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.promote_secondaries = 1
net.ipv4.conf.all.promote_secondaries = 1
fs.protected_hardlinks = 1
fs.protected_symlinks = 1
* Applying /etc/sysctl.d/99-sysctl.conf ...
* Applying /etc/sysctl.d/k8s.conf ...
vm.swappiness = 0
* Applying /etc/sysctl.conf ...
启用内核模块
# 添加一个配置
cat <<EOF > /etc/sysconfig/modules/ipvs.modules
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4
EOF
# 配置不是立即生效的,要重启,节省时间,这里手动启用一下,逐个执行一次
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4
# 然后查看一下
cut -f1 -d " " /proc/modules | grep -e ip_vs -e nf_conntrack_ipv4
ip_vs_sh
ip_vs_wrr
ip_vs_rr
ip_vs
nf_conntrack_ipv4
关闭和禁用防火墙
systemctl stop firewalld && systemctl disable firewalld
安装k8s集群工具
kubectl、kubeadm、kubelet
kubelet:运行在clusters所有节点上,负责启动POD和容器 kubeadm:用于初始化cluster Kubectl:命令行工具,部署和管理应用,查看各种资源、创建、删除和更新组件
# 添加kubernetes的yum源
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
EOF
# 重新初始化下yum源
yum -y install epel-release && yum clean all && yum makecache
# 安装
yum install -y kubelet kubeadm kubectl
# 启动和启用kubelet服务
systemctl enable kubelet && systemctl start kubelet
# 查看kubelet状态,这里会有255的报错,原因是因为没有安装docker
kube-master systemd[1]: kubelet.service: main process exited, code=exited, status=255/n/a
安装docker-ce
# 添加docker-ce的yum源
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
# 安装docker
yum install docker-ce docker-ce-cli containerd.io
# 启动和启用
systemctl start docker && systemctl enable docker
# 查看版本,目前最新版本是19.x,客户端和服务端一致
docker version
Client: Docker Engine - Community
Version: 19.03.12
API version: 1.40
Go version: go1.13.10
Git commit: 48a66213fe
Built: Mon Jun 22 15:46:54 2020
OS/Arch: linux/amd64
Experimental: false
Server: Docker Engine - Community
Engine:
Version: 19.03.12
API version: 1.40 (minimum version 1.12)
Go version: go1.13.10
Git commit: 48a66213fe
Built: Mon Jun 22 15:45:28 2020
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.2.13
GitCommit: 7ad184331fa3e55e52b890ea95e65ba581ae3429
runc:
Version: 1.0.0-rc10
GitCommit: dc9208a3303feef5b3839f4323d9beb36df0a9dd
docker-init:
Version: 0.18.0
GitCommit: fec3683
# 接下来还要对docker进行一些配置,为了配合k8s
# 默认情况下docker使用的是linux的cgroup来对容器进行管理,先看下目前的驱动
docker info | grep -i cgroup
Cgroup Driver: cgroupfs
# 从结果来看是cgroupfs,这里就有问题了,k8s默认使用的cgroup的驱动是systemd,那就需要对docker的配置进行一下修改
# 追加 --exec-opt native.cgroupdriver=systemd 参数
sed -i "s#^ExecStart=/usr/bin/dockerd.*#ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --exec-opt native.cgroupdriver=systemd#g" /usr/lib/systemd/system/docker.service
# 重启docker
systemctl daemon-reload && systemctl restart docker
# 再看驱动配置是systemd,就OK了
docker info | grep -i cgroup
Cgroup Driver: systemd
# 还有一种方式就是为docker新建一个守护进程配置
tree /etc/docker/daemon.json <<-'EOF'
{
"exec-opts": ["native.cgroupdriver=systemd"]
}
EOF
# 重启
systemctl daemon-reload && systemctl restart docker
