1 MacOS
1.1 Download docker-desktop
Download docker-desktop (opens new window) from docker and complete the installation
1.2 Enable k8s cluster
Start docker-desktop and open the preference panel
Switch to the Kubernetes tab, check Enable Kubernetes, and click Apply
2 Linux(CentOS7)
https://kubernetes.io/zh-cn/docs/setup/production-environment/
At least two machines:
- k8s master
- k8s slave
After setting the hostname of the two hosts, set the configuration file:
2.1 Minimum server configuration requirements
- 2g memory
- 2CPU
- 30g hard disk
- Intranet communication (firewall must be closed)
Create at least 2 (one master and one slave) cloud servers according to the above requirements.
2.2 Linux configuration
① Set a different hostname
hostnamectl set-hostname xxx
② Set host and ip binding
Every node has to operate
vim /etc/hosts
## hosts
172.17.32.8 k8s-master
172.17.32.13 k8s-node
③ Close the firewalld service
systemctl stop firewalldsystemctl disable firewalld
④ Time synchronization
If you are using a cloud server, ignore this step.
Because the time of the local machine and the cloud server may be inconsistent, it is necessary to synchronize the time.
Start the chronyd service
systemctl start chronyd
systemctl enable chronyddate
⑤ Close the selinux security policy
Requires a reboot to take effect!
[root@icv-monitor-platform-dev ~]# sed -i 's/enforcing/disabled/' /etc/selinux/config
[root@icv-monitor-platform-dev ~]# vim /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
# 临时关闭
[root@icv-monitor-platform-dev ~]# setenforce 0
⑥ Close the swap partition
The cloud server does not have this concept, so it does not need to be set.
The swap partition refers to the virtual memory partition. The function is to use up the physical memory, and then virtualize the disk space into memory for use. Enabling the swap device will have a very negative impact on the performance of the system. Therefore, k8s requires each node to disable the swap device.
vi /etc/fstab
# /etc/fstab
# Created by anaconda on Thu May 17 07:47:58 2018
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
UUID=434ab0f6-eed6-49f5-9118-3744d8cbfb7e / ext4 defaults 1 1
# 如果有,则注释该⾏
/dev/mapper/centos-swap swap
# 临时关闭
swapoff -a
# 重启
reboot
# 检测 若 total 或者 free 正数,说明你没关闭成功
[root@icv-monitor-platform-dev ~]# free -m
total used free shared buff/cache available
Mem: 16045 7769 961 927 7315 7014
Swap: 0 0 0
[root@icv-monitor-platform-dev ~]#
⑦ Add bridge filtering and address forwarding functions
Forward IPv4 and let iptables see bridged traffic.
cat > /etc/sysctl.d/kubernetes.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF
# 应⽤ sysctl 参数使其⽣效⽽不重新启动
[root@icv-monitor-platform-dev ~]# sysctl --system
* Applying /usr/lib/sysctl.d/00-system.conf ...
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
* Applying /usr/lib/sysctl.d/10-default-yama-scope.conf ...
kernel.yama.ptrace_scope = 0
* Applying /usr/lib/sysctl.d/50-default.conf ...
kernel.sysrq = 16
kernel.core_uses_pid = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.promote_secondaries = 1
net.ipv4.conf.all.promote_secondaries = 1
fs.protected_hardlinks = 1
fs.protected_symlinks = 1
* Applying /etc/sysctl.d/99-sysctl.conf ...
* Applying /etc/sysctl.conf ...
[root@icv-monitor-platform-dev ~]#
basic environment
per server
- Install the JDK environment
- Install Docker and set it to start automatically at boot
Configure cgroups
vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://4t9ixk24.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"]
}
Make sure k8s and docker use the same systemd.
restart refresh
[root@icv-monitor-platform-dev ~]# systemctl daemon-reload
[root@icv-monitor-platform-dev ~]# systemctl restart docker
# 验证cgroupdriver 是否⽣效,看到systemd就表示OK
[root@icv-monitor-platform-dev ~]# docker info -f {
{.CgroupDriver}}
systemd
[root@icv-monitor-platform-dev ~]# docker info | grep -i cgroup
Cgroup Driver: systemd
WARNING: bridge-nf-call-ip6tables is disabled
Cgroup Version: 1
[root@icv-monitor-platform-dev ~]#
After all the above content is configured, restart. All nodes must perform the above operations! ! !