Unlock efficient deployment! Quickly build a Kubernetes cluster to improve team productivity!

1 MacOS

1.1 Download docker-desktop

Download docker-desktop (opens new window) from docker and complete the installation

1.2 Enable k8s cluster

Start docker-desktop and open the preference panel

Switch to the Kubernetes tab, check Enable Kubernetes, and click Apply

2 Linux（CentOS7）

https://kubernetes.io/zh-cn/docs/setup/production-environment/

At least two machines:

k8s master
k8s slave

After setting the hostname of the two hosts, set the configuration file:

2.1 Minimum server configuration requirements

2g memory
2CPU
30g hard disk
Intranet communication (firewall must be closed)

Create at least 2 (one master and one slave) cloud servers according to the above requirements.

2.2 Linux configuration

① Set a different hostname

hostnamectl set-hostname xxx

② Set host and ip binding

Every node has to operate

vim /etc/hosts

## hosts
172.17.32.8 k8s-master
172.17.32.13 k8s-node

③ Close the ﬁrewalld service

systemctl stop firewalldsystemctl disable firewalld

④ Time synchronization

If you are using a cloud server, ignore this step.

Because the time of the local machine and the cloud server may be inconsistent, it is necessary to synchronize the time.

Start the chronyd service

systemctl start chronyd

systemctl enable chronyddate

⑤ Close the selinux security policy

Requires a reboot to take effect!

[root@icv-monitor-platform-dev ~]# sed -i 's/enforcing/disabled/' /etc/selinux/config

[root@icv-monitor-platform-dev ~]# vim /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected. 
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted


# 临时关闭
[root@icv-monitor-platform-dev ~]# setenforce 0

⑥ Close the swap partition

The cloud server does not have this concept, so it does not need to be set.

The swap partition refers to the virtual memory partition. The function is to use up the physical memory, and then virtualize the disk space into memory for use. Enabling the swap device will have a very negative impact on the performance of the system. Therefore, k8s requires each node to disable the swap device.

vi /etc/fstab
# /etc/fstab
# Created by anaconda on Thu May 17 07:47:58 2018
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
UUID=434ab0f6-eed6-49f5-9118-3744d8cbfb7e /                       ext4    defaults        1 1

# 如果有，则注释该⾏
/dev/mapper/centos-swap swap


# 临时关闭
swapoff -a
# 重启
reboot

# 检测  若 total 或者 free 正数，说明你没关闭成功
[root@icv-monitor-platform-dev ~]# free -m
              total        used        free      shared  buff/cache   available
Mem:          16045        7769         961         927        7315        7014
Swap:             0           0           0
[root@icv-monitor-platform-dev ~]#

⑦ Add bridge filtering and address forwarding functions

Forward IPv4 and let iptables see bridged traffic.

cat > /etc/sysctl.d/kubernetes.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF

# 应⽤ sysctl 参数使其⽣效⽽不重新启动
[root@icv-monitor-platform-dev ~]# sysctl --system
* Applying /usr/lib/sysctl.d/00-system.conf ...
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
* Applying /usr/lib/sysctl.d/10-default-yama-scope.conf ...
kernel.yama.ptrace_scope = 0
* Applying /usr/lib/sysctl.d/50-default.conf ...
kernel.sysrq = 16
kernel.core_uses_pid = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.promote_secondaries = 1
net.ipv4.conf.all.promote_secondaries = 1
fs.protected_hardlinks = 1
fs.protected_symlinks = 1
* Applying /etc/sysctl.d/99-sysctl.conf ...
* Applying /etc/sysctl.conf ...
[root@icv-monitor-platform-dev ~]#

basic environment

per server

Install the JDK environment
Install Docker and set it to start automatically at boot

Configure cgroups

vim /etc/docker/daemon.json

{
    
    
  "registry-mirrors": ["https://4t9ixk24.mirror.aliyuncs.com"],
  "exec-opts": ["native.cgroupdriver=systemd"]
}

Make sure k8s and docker use the same systemd.

restart refresh

[root@icv-monitor-platform-dev ~]# systemctl daemon-reload
[root@icv-monitor-platform-dev ~]# systemctl restart docker
# 验证cgroupdriver 是否⽣效，看到systemd就表示OK
[root@icv-monitor-platform-dev ~]# docker info -f {
    
    {.CgroupDriver}}
systemd
[root@icv-monitor-platform-dev ~]# docker info | grep -i cgroup
Cgroup Driver: systemd
WARNING: bridge-nf-call-ip6tables is disabled
Cgroup Version: 1
[root@icv-monitor-platform-dev ~]#

After all the above content is configured, restart. All nodes must perform the above operations! ! !