Kubernetes 搭建之一初始化环境

☑️ 设置主机名：hostnamectl set-hostname anyu967master1 && bash

☑️ VMware 克隆改 UUID：uuidgen 命令; nmcli connection show; nmcli device show ens33

☑️ 域名解析：vim /etc/hosts

☑️ 配置免密登录：ssh-keygen ssh-copy-id -i ~/.ssh/id_rsa.pub hostname 或者 user@ip

☑️ 关闭 swap：swapoff -a vim /etc/fstab 克隆的虚拟机需删除 UUID

☑️ 修改内核参数：

modprobe br_netfilter lsmod |grep br_netfiltervim /etc/sysctl.d/k8s.confcat > /etc/sysctl.d/k8s.conf <<EOFnet.bridge.bridge-nf-call-ip6tables = 1net.bridge.bridge-nf-call-iptables = 1net.ipv4.ip_forward = 1EOFsysctl -p /etc/sysctl.d/k8s.conf

☑️ 配置防火墙：

systemctl stop firewalld && systemctl disable firewalldsed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config

☑️ 配置 yum 源：

# CentOS-Base.repowget -O /etc/yum.repos.d/CentOS-Base.repo  epel.repowget -O /etc/yum.repos.d/epel.repo  docker-ce.reposudo yum install -y yum-utils device-mapper-persistent-data lvm2sudo yum-config-manager --add-repo  installsudo yum -y install wget net-tools nfs-utils lrzsz gcc gcc-c++ make cmake libxml2-devel \openssl-devel curl curl-devel unzip sudo ntp libaio-devel wget vim ncurses-devel \autoconf automake zlib-devel python-devel epel-release openssh-server socat ipvsadm \conntrack ntpdate yum-utils device-mapper-persistent-data lvm2# kubernetes.repocat <<EOF > /etc/yum.repos.d/kubernetes.repo[kubernetes]name=Kubernetesbaseurl=  0yum install -y kubelet kubeadm kubectlsystemctl enable kubelet && systemctl start kubelet

☑️ 时间同步：yum install ntpdate -y ntpdate cn.pool.ntp.org * */1 * * * /usr/sbin/ntpdate cn.pool.ntp.org

☑️ 开启 ipvs（IP Virtual Server）：

# IPVS基本上是一种高效的Layer-4交换机，它提供负载平衡的功能。#  ipvs 和 iptables 基于netfilter实现的，ipvs采用hash  # 1、ipvs为大型集群提供了更好的可扩展性和性能；  # 2、ipvs 支持比 iptables更复杂的负载均衡算法（rr-轮询调度、lc-最小连接数、dh-目标哈希、sh-源哈希、sed-最短期望延迟、nq-不排队调度）  # 3、ipvs 支持服务器健康检查和连接重试等/etc/sysconfig/modules#!/bin/shipvs_mdules="ip_vs ip_vs_lc ip_vs_wlc ip_vs_rr ip_vs_wrr ip_vs_lblc ip_vs_lblcr ip_vs_dh ip_vs_sh ip_vs_nq ip_vs_sed ip_vs_ftp nf_conntrack"for kernel_module in ${ipvs_modules}; do    /sbin/modinfo -F filename ${kernel_module} >/dev/null 2>&1    if [ 0 -eq 0 ]; then        /sbin/modprobe ${kernel_module}    fidone

☑️ 安装 iptables：yum install iptables-services -y systemctl stop iptables && systemctl disable iptables iptables -F

☑️ 安装 docker 服务：Docker

☑️ CRI（容器运行时）

参考：cri-docker(配置cri-docker使kubernetes1.24以docker作为运行时)：

# [root@anyu967node1 Package]# cp cri-dockerd/cri-dockerd /usr/bin/cat <<EOF > /etc/sysctl.d/k8s.confnet.bridge.bridge-nf-call-ip6tables = 1net.bridge.bridge-nf-call-iptables = 1net.ipv4.ip_forward = 1EOF[root@anyu967node1 Package]# sysctl -p /etc/sysctl.d/k8s.conf# cri-docker.service[root@vms41 ~]# cat /usr/lib/systemd/system/cri-docker.service[Unit]Description=CRI Interface for Docker Application Container EngineDocumentation= firewalld.service docker.serviceWants=network-online.targetRequires=cri-docker.socket[Service]Type=notifyExecStart=/usr/bin/cri-dockerd --network-plugin=cni --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.7ExecReload=/bin/kill -s HUP $MAINPIDTimeoutSec=0RestartSec=2Restart=alwaysStartLimitBurst=3StartLimitInterval=60sLimitNOFILE=infinityLimitNPROC=infinityLimitCORE=infinityTasksMax=infinityDelegate=yesKillMode=process[Install]WantedBy=multi-user.target# cri-docker.socket[root@anyu967node1 Package]# cat /usr/lib/systemd/system/cri-docker.socket[Unit]Description=CRI Docker Socket for the APIPartOf=cri-docker.service[Socket]ListenStream=%t/cri-dockerd.sockSocketMode=0660SocketUser=rootSocketGroup=docker[Install]WantedBy=sockets.target[root@anyu967node1 Package]# kubeadm init --image-repository registry.aliyuncs.com/google_containers --kubernetes-version=v1.24.1 --pod-network-cidr=10.244.0.0/16 --cri-socket /var/run/cri-dockerd.sock

containerd# 安装 containerd[root@anyu967node1 Package]# yum install containerd# 配置 containerd[root@anyu967node1 Package]# containerd config default > /etc/containerd/config.toml[root@anyu967node1 Package]# vim /etc/containerd/config.toml# SystemdCgroup = false 改为 SystemdCgroup = true# sandbox_image = "k8s.gcr.io/pause:3.6" 改为 sandbox_image="registry.aliyuncs.com/google_containers/pause:3.7"cat > /etc/crictl.yaml <<EOFruntime-endpoint: unix:///run/containerd/containerd.sockimage-endpoint: unix:///run/containerd/containerd.socktimeout: 10debug: falseEOF# 配置containerd镜像加速器[root@anyu967node1 Package]# vim /etc/containerd/config.tomlconfig_path = "/etc/containerd/certs.d"[root@anyu967node1 Package]# mkdir /etc/containerd/certs.d/docker.io/ -p[root@anyu967node1 Package]# vim /etc/containerd/certs.d/docker.io/hosts.toml[host.";,host.";]capabilities = ["pull"]