二进制部署kubernetes v1.30.2集群 二、操作系统环境配置

操作系统环境配置(所有节点)

一、配置yum源

sed -e 's|^mirrorlist=|#mirrorlist=|g' -e 's|^#baseurl=http://mirror.centos.org/centos|baseurl=https://mirror.nju.edu.cn/centos|g'  -i.bak /etc/yum.repos.d/CentOS-*.repo

 

二、安装工具、创建部署所需目录

  安装工具

yum -y install   vim telnet wget unzip lrzsz lsof iotop traceroute net-tools sysstat gcc-c++ gperf

  master节点创建目录

mkdir -p /data/{src,shell,kubelet}
mkdir -p /data/k8s/{bin,logs,ssl,conf,manifests}
mkdir -p /data/etcd/{bin,conf,data,ssl}
mkdir -p /root/.kube

   node节点创建目录

mkdir -p /data/k8s/{bin,logs,ssl,conf,manifests}
mkdir -p /data/{src,kubelet}

 

三、关闭防火墙

systemctl stop firewalld
systemctl disable firewalld

 

四、关闭selinux

setenforce 0
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config

 

五、关闭NetworkManager

systemctl stop NetworkManager
systemctl disable NetworkManager

 

六、关闭swap分区

sed -ri 's/.*swap.*/#&/' /etc/fstab
swapoff -a && sysctl -w vm.swappiness=0

 

七、配置hosts

cat >> /etc/hosts <<EOF
192.168.110.20 k8s-vip
192.168.110.21 k8s-master01
192.168.110.22 k8s-master02
192.168.110.23 k8s-master03
192.168.110.24 k8s-node01
192.168.110.25 k8s-node02
EOF

 

八、配置k8s-master01免密ssh其他节点(仅在k8s-master01上执行)。

yum install -y sshpass
cat > /data/shell/sshcopyid.sh << EOF
#节点IP数组
ips="192.168.110.21 192.168.110.22 192.168.110.23 192.168.110.24 192.168.110.25"
#密码
passwd="123456"

ssh-keygen -f /root/.ssh/id_rsa -P ''
for ip in \$ips;do
     sshpass -p \$passwd ssh-copy-id -o StrictHostKeyChecking=no \$ip
done
EOF
sh /data/shell/sshcopyid.sh

 

九、创建文件传输脚本(仅在k8s-master01上创建)

cat > /data/shell/scpfile.sh <<EOF
#!/bin/bash
all_nodes=("k8s-master02" "k8s-master03" "k8s-node01" "k8s-node02")

if [ \$# -lt 2 ]; then
    echo "错误:需要至少2个参数!" >&2
    echo "用法:\$0 <文件1> <文件2>... <目标目录>" >&2
    exit 1
fi

dest="\${@: -1}"  
files=("\${@:1:\$#-1}") 

for node in "\${all_nodes[@]}"; do
    for file in "\${files[@]}"; do
        echo "传输文件\$file,到\${node}节点\${dest}目录下..."
        scp \$file \${node}:\${dest}
    done
done
echo "传输完成!"
EOF

  可以根据情况用脚本传输文件

sh /data/shell/scpfile.sh  /data/src/kernel-ml-* /data/src

 

十、升级libseccomp

  1、查看当前系统libseccomp版本。

rpm -qa | grep  libseccomp

  2、下载libseccomp高版本源码包

cd /data/src
wget https://github.com/seccomp/libseccomp/releases/download/v2.6.0/libseccomp-2.6.0.tar.gz

  3、编译安装

tar zxf libseccomp-2.6.0.tar.gz
cd libseccomp-2.6.0
./configure && make && sudo make install

  4、更新动态链接库

echo "/usr/local/lib" | sudo tee /etc/ld.so.conf.d/libseccomp.conf
sudo ldconfig

  5、删除旧版本

rpm -e libseccomp-2.3.1-4.el7.x86_64 --nodeps

  6、查看库文件路径

ldconfig -v | grep libseccomp

 

十一、时间同步

   服务端配置

cat > /etc/chrony.conf << EOF 
pool ntp.aliyun.com iburst
driftfile /var/lib/chrony/drift
makestep 1.0 3
rtcsync
logdir /var/log/chrony
allow 192.168.110.0/24
EOF
systemctl restart chronyd

  客户端配置

cat > /etc/chrony.conf << EOF 
server 192.168.110.21 iburst
driftfile /var/lib/chrony/drift
makestep 1.0 3
rtcsync
logdir /var/log/chrony
EOF
systemctl restart chronyd

 

十二、配置资源限制

  配置完后,重新登陆生效。

cat >> /etc/security/limits.conf <<EOF
* soft nofile 655360
* hard nofile 131072
* soft nproc 655350
* hard nproc 655350
* seft memlock unlimited
* hard memlock unlimitedd
EOF

 

十三、配置内核参数

cat > /etc/sysctl.d/kubernetes.conf << EOF
#启用了IPv4的IP转发功能,允许服务器作为网络路由器转发数据包。
net.ipv4.ip_forward = 1
#开启网桥模式,可将网桥的流量传递给iptables链
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
#关闭ipv6协议
net.ipv6.conf.all.disable_ipv6 = 1
EOF
sysctl --system

 

十四、安装ipvsadm

#安装
yum install ipvsadm ipset sysstat conntrack libseccomp -y
#配置
cat >> /etc/modules-load.d/ipvs.conf <<EOF 
ip_vs
ip_vs_rr
ip_vs_wrr
ip_vs_sh
nf_conntrack
ip_tables
ip_set
xt_set
ipt_set
ipt_rpfilter
ipt_REJECT
ipip
EOF
#重启
systemctl restart systemd-modules-load.service
#查看模块
lsmod | grep -e ip_vs -e nf_conntrack

 

十五、升级内核版本

  因为centos7.9系统的内核版本是3.10,对于新的k8s集群来说,低版本内核缺少了一些特性。建议先在测试环境升级成功。

  1、下载新版本内核

cd /data/src
wget https://mirrors.coreix.net/elrepo-archive-archive/kernel/el7/x86_64/RPMS/kernel-ml-6.6.0-1.el7.elrepo.x86_64.rpm
wget https://mirrors.coreix.net/elrepo-archive-archive/kernel/el7/x86_64/RPMS/kernel-ml-tools-libs-6.6.0-1.el7.elrepo.x86_64.rpm
wget https://mirrors.coreix.net/elrepo-archive-archive/kernel/el7/x86_64/RPMS/kernel-ml-tools-6.6.0-1.el7.elrepo.x86_64.rpm

  2、清理内核(除内核主包外)

rpm -e kernel-tools-libs-3.10.0-1160.el7.x86_64  kernel-tools-3.10.0-1160.el7.x86_64

  3、安装新版本内核

rpm -ivh kernel-ml-6.6.0-1.el7.elrepo.x86_64.rpm
rpm -ivh kernel-ml-tools-libs-6.6.0-1.el7.elrepo.x86_64.rpm
rpm -ivh kernel-ml-tools-6.6.0-1.el7.elrepo.x86_64.rpm

  4、设置内核生效

grub2-set-default 0

  5、重启系统后,查看内核版本情况

reboot
uname -r

  如果期间出现错报:/usr/bin/grub2-editenv:错误: invalid environment block.,直接忽略,继续操作,最终看内核版本情况即可。

 

十六、安装容器运行时

  这里选择使用containerd作为容器运行时。

  1、下载containerd、cni-plugins包。

cd /data/src
wget https://github.com/containerd/containerd/releases/download/v1.7.27/containerd-1.7.27-linux-amd64.tar.gz
wget https://github.com/containernetworking/plugins/releases/download/v1.7.1/cni-plugins-linux-amd64-v1.7.1.tgz

  2、创建cni插件标准目录,并解压插件到该目录中。

mkdir -p /opt/cni/bin
tar Cxzvf /opt/cni/bin cni-plugins-linux-amd64-v1.7.1.tgz

  3、解压containerd包

tar Cxzvf /usr/local containerd-1.7.27-linux-amd64.tar.gz

  4、创建containerd服务systemd管理文件

cat > /usr/lib/systemd/system/containerd.service <<EOF
[Unit]
Description=containerd container runtime
Documentation=https://containerd.io
After=network.target local-fs.target

[Service]
ExecStartPre=-/sbin/modprobe overlay
ExecStart=/usr/local/bin/containerd
Type=notify
Delegate=yes
KillMode=process
Restart=always
RestartSec=5
LimitNPROC=infinity
LimitCORE=infinity
LimitNOFILE=infinity
TasksMax=infinity
OOMScoreAdjust=-999

[Install]
WantedBy=multi-user.target
EOF

  5、配置containerd内核模块

cat > /etc/modules-load.d/containerd.conf <<EOF
overlay
br_netfilter
EOF

  6、加载模块配置

systemctl restart systemd-modules-load.service

  7、创建并修改containerd配置文件

mkdir -p /etc/containerd/
containerd config default >  /etc/containerd/config.toml
sed -i "s#SystemdCgroup\ \=\ false#SystemdCgroup\ \=\ true#g" /etc/containerd/config.toml
sed -i 's#registry.k8s.io#k8s.m.daocloud.io#' /etc/containerd/config.toml
sed -i "s#config_path\ \=\ \"\"#config_path\ \=\ \"/etc/containerd/certs.d\"#g" /etc/containerd/config.toml

  8、配置镜像加速

mkdir -p /etc/containerd/certs.d/docker.io
cat > /etc/containerd/certs.d/docker.io/hosts.toml << EOF
server = "https://docker.io"
[host."https://docker.m.daocloud.io"]
  capabilities = ["pull", "resolve"]
EOF

  9、启动containerd服务,并设置为开机启动

systemctl start containerd.service
systemctl enable containerd.service

  10、下载runc

wget https://github.com/opencontainers/runc/releases/download/v1.3.0/runc.amd64

  11、安装runc

install -m 755 runc.amd64 /usr/local/sbin/runc

  12、下载crictl客户端

wget https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.30.1/crictl-v1.30.1-linux-amd64.tar.gz

  13、解压crictl客户端

tar zxf crictl-v1.30.1-linux-amd64.tar.gz -C /usr/bin

  14、配置crictl客户端

cat > /etc/crictl.yaml <<EOF
runtime-endpoint: unix:///run/containerd/containerd.sock
timeout: 5
EOF

  15、重启containerd服务,客户端访问验证

systemctl restart  containerd
crictl info

 

十七、二进制部署k8s

  1、下载k8s二进制包

cd /data/src
wget https://dl.k8s.io/v1.30.2/kubernetes-server-linux-amd64.tar.gz

  2、解压二进制包,复制二进制文件到k8s目录

  master节点

tar zxf kubernetes-server-linux-amd64.tar.gz
cp -a kubernetes/server/bin/kube{let,ctl,-apiserver,-controller-manager,-scheduler,-proxy} /data/k8s/bin/

  node节点

tar zxf kubernetes-server-linux-amd64.tar.gz
cp -a kubernetes/server/bin/kube{let,-proxy} /data/k8s/bin/

  3、配置环境变量

echo "export PATH=/data/k8s/bin:\$PATH" > /etc/profile.d/k8s.sh 
source /etc/profile.d/k8s.sh

 

posted @ 2025-05-13 14:00  难止汗  阅读(275)  评论(0)    收藏  举报