生产级K8S基础环境部署配置过程
生产级K8S基础环境部署:
配置本地hosts文件(有多少台,配置多少台)
vim /etc/hosts 192.168.1.5 k8s-master
配置yum源(有自己的yum源更好)
wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
安装基础工具,配置docker源
sudo yum install -y yum-utils device-mapper-persistent-data lvm2 sudo yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo sudo sed -i 's+download.docker.com+mirrors.aliyun.com/docker-ce+' /etc/yum.repos.d/docker-ce.repo sudo yum makecache fast
安装一些必备工具
yum -y install wget jq psmisc vim net-tools telnet yum-utils device-mapper-persistent-data lvm2 git -y
关闭防火墙
systemctl disable --now firewalld
关闭SELinux
setenforce 0 sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/sysconfig/selinux
关闭交换分区
swapoff -a && sysctl -w vm.swappiness=0 cat /etc/fstab # /dev/mapper/centos-swap swap swap defaults 0 0
关闭NetworkManager
systemctl disable --now NetworkManager
进行时间同步(有自己的时间服务器更好)
# 安装 rpm -ivh http://mirrors.wlnmp.com/centos/wlnmp-release-centos.noarch.rpm yum -y install ntpdate # 同步 ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime echo 'Asia/Shanghai' >/etc/timezone ntpdate ntp.aliyun.com crontab -e crontab -l */5 * * * * ntpdate ntp.aliyun.com
配置ulimit
ulimit -SHn 65535 vim /etc/security/limits.conf * soft nofile 655360 * hard nofile 131072 * soft nproc 655350 * hard nproc 655350 * seft memlock unlimited * hard memlock unlimitedd
配置免密登录(从主master向其他节点分发)
ssh-keygen -t rsa ssh-copy-id -i .ssh/id_rsa.pub 其他主机
升级系统到最新(跳过内核)
yum update -y --exclude=kernel*
升级内核至4.18版本以上
cd /root/ wget http://193.49.22.109/elrepo/kernel/el7/x86_64/RPMS/kernel-ml-4.19.12-1.el7.elrepo.x86_64.rpm wget http://193.49.22.109/elrepo/kernel/el7/x86_64/RPMS/kernel-ml-devel-4.19.12-1.el7.elrepo.x86_64.rpm yum -y localinstall kernel-ml* grub2-set-default 0 && grub2-mkconfig -o /etc/grub2.cfg && grubby --args="user_namespace.enable=1" --update-kernel="$(grubby --default-kernel)" reboot uname -r
安装ipvsadm
yum install ipvsadm ipset sysstat conntrack libseccomp –y vim /etc/modules-load.d/ipvs.conf cat /etc/modules-load.d/ipvs.conf ip_vs ip_vs_rr ip_vs_wrr ip_vs_sh nf_conntrack ip_tables ip_set xt_set ipt_set ipt_rpfilter ipt_REJECT ipip systemctl enable --now systemd-modules-load.service lsmod | grep -e ip_vs -e nf_conntrack_ipv4 ip_vs_sh 16384 0 ip_vs_wrr 16384 0 ip_vs_rr 16384 0 ip_vs 151552 6 ip_vs_rr,ip_vs_sh,ip_vs_wrr nf_conntrack 143360 1 ip_vs libcrc32c 16384 3 nf_conntrack,xfs,ip_vs
修改内核参数
cat <<EOF > /etc/sysctl.d/k8s.conf net.ipv4.ip_forward = 1 net.bridge.bridge-nf-call-iptables = 1 fs.may_detach_mounts = 1 vm.overcommit_memory=1 vm.panic_on_oom=0 fs.inotify.max_user_watches=89100 fs.file-max=52706963 fs.nr_open=52706963 net.netfilter.nf_conntrack_max=2310720 net.ipv4.tcp_keepalive_time = 600 net.ipv4.tcp_keepalive_probes = 3 net.ipv4.tcp_keepalive_intvl =15 net.ipv4.tcp_max_tw_buckets = 36000 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_max_orphans = 327680 net.ipv4.tcp_orphan_retries = 3 net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_max_syn_backlog = 16384 net.ipv4.ip_conntrack_max = 65536 net.ipv4.tcp_max_syn_backlog = 16384 net.ipv4.tcp_timestamps = 0 net.core.somaxconn = 16384 EOF sysctl --system
本篇内容只讲K8S部属前的基础环境
以上就是生产级K8S基础环境部署配置过程的详细内容,更多关于生产级K8S环境部署的资料请关注我们其它相关文章!
赞 (0)