k8s二进制安装01-基础环境设定

设置网卡IP

cat > /etc/sysconfig/network-scripts/ifcfg-eth0 <<EOF
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=static
IPADDR=192.168.10.51
PREFIX=24
GATEWAY=192.168.10.2
DNS1=114.114.114.114
EOF

设置主机名称

hostnamectl set-hostname m01

设定hosts文件，用于主机名解析

cat >> /etc/hosts <<EOF
192.168.10.40 lb-vip
192.168.10.41 lb01
192.168.10.42 lb02
192.168.10.51 m01
192.168.10.52 m02
192.168.10.53 m03
192.168.10.61 w01
192.168.10.62 w02
192.168.10.63 w03
192.168.10.64 w04
192.168.10.90 harbor-vip
192.168.10.91 harbor1
192.168.10.92 harbor2
EOF

安装需要的软件和工具

yum install -y wget tree bash-completion jq psmisc vim net-tools telnet git lrzsz epel-release conntrack ntpdate ntp jq curl

禁止防火墙

systemctl disable --now firewalld

禁止selinux

setenforce 0
sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/selinux/config

禁止swap分区

swapoff -a && sysctl -w vm.swappiness=0

vim /etc/fstab
# /dev/mapper/centos-swap swap                    swap    defaults        0 0

禁止NetworkManager服务并启用network

systemctl disable --now NetworkManager
systemctl start network && systemctl enable network

如果是Centos8，不需要禁用NetworkManager服务

设置ntp服务

## 方法一：ntpdate
## 下载ntp包并安装
rpm -ivh http://mirrors.wlnmp.com/centos/wlnmp-release-centos.noarch.rpm
yum -y install ntpdate

## 同步
ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
echo 'Asia/Shanghai' >/etc/timezone

## 从阿里云同步时间
ntpdate ntp.aliyun.com

## 设定每5分钟同步一次时间
crontab -e
crontab -l
*/5 * * * * ntpdate ntp.aliyun.com

## 方法二：chrony
## 服务端
yum install chrony -y
vim /etc/chrony.conf
cat /etc/chrony.conf | grep -v  "^#" | grep -v "^$"
pool ntp.aliyun.com iburst
driftfile /var/lib/chrony/drift
makestep 1.0 3
rtcsync
allow 192.168.10.0/24
local stratum 10
keyfile /etc/chrony.keys
leapsectz right/UTC
logdir /var/log/chrony

systemctl restart chronyd
systemctl enable chronyd

客户端
yum install chrony -y
vim /etc/chrony.conf
cat /etc/chrony.conf | grep -v  "^#" | grep -v "^$"
pool 192.168.10.51 iburst
driftfile /var/lib/chrony/drift
makestep 1.0 3
rtcsync
keyfile /etc/chrony.keys
leapsectz right/UTC
logdir /var/log/chrony

systemctl restart chronyd
systemctl enable chronyd

## 使用客户端进行验证
chronyc sources -v

配置unlimit

ulimit -SHn 65535

cat <<EOF | sudo tee /etc/security/limits.conf 
* soft nofile 655360
* hard nofile 131072
* soft nproc 655350
* hard nproc 655350
* soft memlock unlimited
* hard memlock unlimited
EOF

配置免密登陆


## 生成秘钥文件，输入以下命令后，直接按2次回车键
ssh-keygen -t rsa

## 将秘钥文件拷贝需要免密登陆的主机
for i in m01 m02 m03 w01;do ssh-copy-id -i ${HOME}/.ssh/id_rsa.pub $i;done

更新系统（跳过内核）

yum update -y --exclude=kernel*

单独升级内核至4.18版本以上

cd /root/
wget http://193.49.22.109/elrepo/kernel/el7/x86_64/RPMS/kernel-ml-4.19.12-1.el7.elrepo.x86_64.rpm
wget http://193.49.22.109/elrepo/kernel/el7/x86_64/RPMS/kernel-ml-devel-4.19.12-1.el7.elrepo.x86_64.rpm

yum -y localinstall kernel-ml*

grub2-set-default 0 && grub2-mkconfig -o /etc/grub2.cfg && grubby --args="user_namespace.enable=1" --update-kernel="$(grubby --default-kernel)"

reboot

uname -r

for i in m01 m02 m03 w01; do \
scp kernel-ml-* $i:/root/; \
done

安装ipvsadmin

yum install -y ipvsadm ipset sysstat conntrack libseccomp

cat > /etc/modules-load.d/ipvs.conf <<EOF
ip_vs
ip_vs_rr
ip_vs_wrr
ip_vs_sh
nf_conntrack
ip_tables
ip_set
xt_set
ipt_set
ipt_rpfilter
ipt_REJECT
ipip
EOF

systemctl enable systemd-modules-load.service --now

lsmod | grep -e ip_vs -e nf_conntrack_ipv4
ip_vs_sh               16384  0
ip_vs_wrr              16384  0
ip_vs_rr               16384  0
ip_vs                 151552  6 ip_vs_rr,ip_vs_sh,ip_vs_wrr
nf_conntrack          143360  1 ip_vs
libcrc32c              16384  3 nf_conntrack,xfs,ip_vs

修改内核参数

cat > /etc/sysctl.d/95-k8s-sysctl.conf <<EOF 
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-arptables = 1
fs.may_detach_mounts = 1
vm.swappiness = 0
vm.overcommit_memory=1
vm.panic_on_oom=0
vm.max_map_count=655360
fs.inotify.max_user_watches=89100
fs.file-max=52706963
fs.nr_open=52706963
net.netfilter.nf_conntrack_max=2310720

net.ipv4.tcp_keepalive_time = 600
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.tcp_keepalive_intvl =15
net.ipv4.tcp_max_tw_buckets = 36000
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_max_orphans = 327680
net.ipv4.tcp_orphan_retries = 3
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.ip_conntrack_max = 65536
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_timestamps = 0
net.core.somaxconn = 16384
EOF

sysctl --system

posted @ 2022-03-21 14:23 大虾米88 阅读(204) 评论(0) 收藏举报

刷新页面返回顶部

Loading

vyunc

k8s二进制安装01-基础环境设定

设置网卡IP

设置主机名称

设定hosts文件，用于主机名解析

安装需要的软件和工具

禁止防火墙

禁止selinux

禁止swap分区

禁止NetworkManager服务并启用network

设置ntp服务

配置unlimit

配置免密登陆

更新系统（跳过内核）

单独升级内核至4.18版本以上

安装ipvsadmin

修改内核参数

公告