一、资源配置
1.服务器资源配置
2.软件版本、pod和service网段划分,pod和service网段根据实际需要修改。
pod、service、宿主机网段不可重叠。不清楚的,百度ip地址计算器算一下,我这里pod和service网段都是16个地址段,可有4096个地址。
二、安装前准备工作
1.master01、master02、master03、node01、node02、node03更新内核。我这里替换的是清华源(mirrors.tuna.tsinghua.edu.cn),读者可替换为阿里源:
sudo sed -i 's/archive.ubuntu.com/mirrors.tuna.tsinghua.edu.cn/g' /etc/apt/sources.list
sudo apt update
sudo apt upgrade
2.master01、master02、master03、node01、node02、node03修改主机名,分别在各服务上修改,各服务器执行各的:
sudo hostnamectl set-hostname master01.yyq.local
sudo hostnamectl set-hostname master02.yyq.localsudo hostnamectl set-hostname master03.yyq.local
sudo hostnamectl set-hostname node01.yyq.local
sudo hostnamectl set-hostname node01.yyq.localsudo hostnamectl set-hostname node01.yyq.local
3.master01、master02、master03、node01、node02、node03修改hosts所有服务器执行的都是这个命令:
sudo bash -c "cat >> /etc/hosts" <<EOF
192.188.3.200 master01.yyq.local master01
192.188.3.201 master01.yyq.local master02
192.188.3.202 master01.yyq.local master03
192.188.3.210 node01.yyq.local node01
192.188.3.211 node02.yyq.local node02
192.188.3.212 node03.yyq.local node03
192.188.3.240 vip.yyq.local vip
EOF
4.所有节点禁用swap、防火墙ufw等
sudo systemctl disable --now ufw
sudo sed -ri 's/.*swap.*/#&/' /etc/fstab
sudo swapoff -a && sudo sysctl -w vm.swappiness=0
查看一下swap关闭了没有:
cat /etc/fstab
5.所有节点同步系统时间,设置时区:
sudo timedatectl set-timezone Asia/Shanghai
6.所有节点配置ulimit:
ulimit -SHn 65535
sudo bash -c "cat >>/etc/security/limits.conf" <<EOF
* soft nofile 65536
* hard nofile 131072
* soft nproc 65535
* hard nproc 655350
* soft memlock unlimited
* hard memlock unlimited
EOF
7.所有节点安装ipvs
sudo apt install ipvsadm ipset sysstat conntrack -y
#配置modprobe
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack
sudo bash -c "cat >> /etc/modules-load.d/ipvs.conf" <<EOF
ip_vs
ip_vs_rr
ip_vs_wrr
ip_vs_sh
nf_conntrack
ip_tables
ip_set
xt_set
ipt_set
ipt_rpfilter
ipt_REJECT
ipip
EOF
sudo systemctl restart systemd-modules-load.service
#重启下ubuntu
sudo reboot
lsmod | grep -e ip_vs -e nf_conntrack
8.所有节点修改内核参数
sudo bash -c "cat > /etc/sysctl.d/k8s.conf" <<EOF
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-iptables = 1
fs.may_detach_mounts = 1
vm.overcommit_memory=1
vm.panic_on_oom=0
fs.inotify.max_user_watches=89100
fs.file-max=52706963
fs.nr_open=52706963
net.netfilter.nf_conntrack_max=2310720
net.ipv4.tcp_keepalive_time = 600
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.tcp_keepalive_intvl =15
net.ipv4.tcp_max_tw_buckets = 36000
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_max_orphans = 327680
net.ipv4.tcp_orphan_retries = 3
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.ip_conntrack_max = 65536
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_timestamps = 0
net.core.somaxconn = 16384
net.ipv6.conf.all.disable_ipv6 = 0
net.ipv6.conf.default.disable_ipv6 = 0
net.ipv6.conf.lo.disable_ipv6 = 0
net.ipv6.conf.all.forwarding = 0
EOF
sudo sysctl --system
9. 所有节点安装containerd
-
配置containerd所需的内核
#如果不是root用,介意执行下修改权限 sudo chmod 777 /etc/modules-load.d/
cat <<EOF | sudo tee /etc/modules-load.d/containerd.conf overlay br_netfilter EOF
#加载内核模块 sudo modprobe -- overlay sudo modprobe -- br_netfilter
#配置containerd内核 sudo chmod 777 /etc/sysctl.d/ cat <<EOF | sudo tee /etc/sysctl.d/99-kubernetes-cri.conf net.bridge.bridge-nf-call-iptables = 1 net.ipv4.ip_forward = 1 net.bridge.bridge-nf-call-ip6tables = 1 EOF
sudo sysctl --system
-
下载带cri开头的containerd版本,最新版是v1.6.8。里面包含了 systemd 配置文件,containerd 和ctr、crictl等部署文件。
#下载、解压 wget github.com/containerd/… sudo tar xf cri-containerd-1.6.9-linux-amd64.tar.gz -C /
#创建文件夹 sudo mkdir -p /etc/containerd && sudo chmod 777 /etc/containerd
#生成containerd配置文件 containerd config default | tee /etc/containerd/config.toml
#修改配置文件 sed -ri -e 's/(.SystemdCgroup = )./\1true/' -e 's@(.sandbox_image = ).@\1"registry.aliyuncs.com/google_containers/pause:3.8"@' /etc/containerd/config.toml
#配置crictl客户端连接 sudo bash -c "cat > /etc/crictl.yaml" <<EOF runtime-endpoint: unix:///run/containerd/containerd.sock image-endpoint: unix:///run/containerd/containerd.sock timeout: 10 debug: false EOF
#修改下权限 sudo chmod 777 /etc/crictl.yaml
#启动containerd sudo systemctl daemon-reload && sudo systemctl enable --now containerd
检查一下containerd的运行情况:
