Basic services
Based on centos7.5 deployment
planning
|
10.8.28.200
|
master-VIP
|
|
10.8.31.84
|
k8s-test-master-1
|
|
10.8.152.149
|
k8s-test-master-2
|
|
10.8.191.56
|
k8s-test-master-3
|
|
10.8.85.173
|
k8s-test-node-1
|
Will host information into the hosts file
Tuning System
1 # 关闭swap 2 swapoff -a 3 yes | cp /etc/fstab /etc/fstab_bak 4 cat /etc/fstab_bak |grep -v swap > /etc/fstab 5 6 # 关闭selinux 7 setenforce 0 \ 8 && sed -i 's/^SELINUX=.*$/SELINUX=disabled/' /etc/selinux/config \ 9 && getenforce 10 11 # 关闭防火墙 12 systemctl stop firewalld \ 13 && systemctl daemon-reload \ 14 && systemctl disable firewalld \ 15 && systemctl daemon-reload \ 16 && systemctl status firewalld 17 18 yum install -y iptables-services \ 19 && systemctl stop iptables \ 20 && systemctl disable iptables \ 21 && systemctl status iptables 22 23 # 系统参数调优 24 [ ! -e "/etc/sysctl.conf_bk" ] && /bin/mv /etc/sysctl.conf{,_bk} \ 25 && cat > /etc/sysctl.conf << EOF 26 fs.file-max=1000000 27 fs.nr_open=20480000 28 net.ipv4.tcp_max_tw_buckets = 180000 29 net.ipv4.tcp_sack = 1 30 net.ipv4.tcp_window_scaling = 1 31 net.ipv4.tcp_rmem = 4096 87380 4194304 32 net.ipv4.tcp_wmem = 4096 16384 4194304 33 net.ipv4.tcp_max_syn_backlog = 16384 34 net.core.netdev_max_backlog = 32768 35 net.core.somaxconn = 32768 36 net.core.wmem_default = 8388608 37 net.core.rmem_default = 8388608 38 net.core.rmem_max = 16777216 39 net.core.wmem_max = 16777216 40 net.ipv4.tcp_timestamps = 0 41 net.ipv4.tcp_fin_timeout = 20 42 net.ipv4.tcp_synack_retries = 2 43 net.ipv4.tcp_syn_retries = 2 44 net.ipv4.tcp_syncookies = 1 45 #net.ipv4.tcp_tw_len = 1 46 net.ipv4.tcp_tw_reuse = 1 47 net.ipv4.tcp_mem = 94500000 915000000 927000000 48 net.ipv4.tcp_max_orphans = 3276800 49 net.ipv4.ip_local_port_range = 1024 65000 50 #net.nf_conntrack_max = 6553500 51 #net.netfilter.nf_conntrack_max = 6553500 52 #net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60 53 #net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120 54 #net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120 55 #net.netfilter.nf_conntrack_tcp_timeout_established = 3600 56 EOF 57 sysctl -p 58 59 # K8S parameter tuning portion 60 CAT << the EOF> /etc/sysctl.d/ k8s.conf 61 is net.bridge.bridge-NF-Call-the ip6tables = . 1 62 is net.bridge.bridge-NF-Call-iptables = . 1 63 is net.ipv4.ip_nonlocal_bind = . 1 64 is named net.ipv4.ip_forward and = . 1 65 vm.swappiness = 0 66 the EOF 67 sysctl -p /etc/sysctl.d/ k8s.conf 68 69 # open IPVS 70 CAT > / etc / sysconfig / modules / ipvs.modules << the EOF 71 is # / bin /! the bash 72 modprobe -ip_vs 73 is modprobe - ip_vs_rr 74 modprobe - ip_vs_wrr 75 modprobe - ip_vs_sh 76 modprobe - nf_conntrack_ipv4 77 the EOF 78 the chmod 755 /etc/sysconfig/modules/ipvs.modules && && the bash /etc/sysconfig/modules/ipvs.modules the lsmod | grep -e ip_vs - E nf_conntrack_ipv4 79 80 # mirrored (without performing normal mounting) 81 echo " mkdir -p / Data / Docker " >> /etc/rc.d/ the rc.local 82 echo "swapoff -a" >> /etc/rc.d/rc.local
Installation docker
1 # pull rpm file, can be downloaded from domestic sources Ali 2 mkdir -p / the Data / the init / Docker && cd / the Data / the init / Docker 3 wget HTTPS: // download.docker.com/linux/centos/7/x86_64 /stable/Packages/docker-ce-18.09.8-3.el7.x86_64.rpm 4 wget HTTPS: // download.docker.com/linux/centos/7/x86_64/stable/Packages/containerd.io-1.2. 6-3.3.el7.x86_64.rpm 5 wget HTTPS: // download.docker.com/linux/centos/7/x86_64/stable/Packages/docker-ce-cli-18.09.8-3.el7.x86_64.rpm . 6 yum the install -Y containerd.io- 1.2 . . 6 - 3.3.el7.x86_64.rpm docker-ce-cli-18.09.8-3.el7.x86_64.rpm docker-ce-18.09.8-3.el7.x86_64.rpm 7 8 # 创建docker目录,修改docker运行参数 9 mkdir /data/docker 10 cat << EOF >/etc/sysconfig/docker 11 INSECURE_REGISTRY="--insecure-registry=harbor.test123.net" 12 DOCKER_NETWORK_OPTIONS="-H fd:// --containerd=/run/containerd/containerd.sock" 13 DOCKER_STORAGE_OPTIONS="--data-root=/data/docker --storage-driver=overlay2" 14 EOF 15 16 # 编辑system unit文件 17 cat << EOF > /usr/lib/systemd/system/docker.service 18 [Unit] 19 Description=Docker Application Container Engine 20 Documentation=https://docs.docker.com 21 BindsTo=containerd.service 22 After=network-online.target firewalld.service containerd.service 23 Wants=network-online.target 24 Requires=docker.socket 25 26 [Service] 27 Type=notify 28 EnvironmentFile=-/etc/sysconfig/docker 29 ExecStart=/usr/bin/dockerd \\ 30 \$INSECURE_REGISTRY \\ 31 \$DOCKER_STORAGE_OPTIONS \\ 32 \$DOCKER_NETWORK_OPTIONS 33 ExecReload=/bin/kill -s HUP \$MAINPID 34 TimeoutSec=0 35 RestartSec=2 36 Restart=always 37 StartLimitBurst=3 38 StartLimitInterval=60s 39 LimitNOFILE=infinity 40 LimitNPROC=infinity 41 LimitCORE=infinity 42 TasksMax=infinity 43 Delegate=yes 44 KillMode=process 45 46 [Install] 47 WantedBy=multi-user.target 48 49 EOF 50 51 # 启动docker 52 systemctl daemon-reload 53 systemctl restart docker.service 54 systemctl enable docker.service 55 56 # 验证 57 docker info 58 docker version
Installation kubeadm / kubelet / kubectl (optional)
1 cat <<EOF > /etc/yum.repos.d/kubernetes.repo 2 [kubernetes] 3 name=Kubernetes 4 baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64 5 enabled=1 6 gpgcheck=1 7 repo_gpgcheck=1 8 gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg 9 EOF 10 11 yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes 12 13 systemctl enable --now kubelet
Pre-Download Mirror
1 kubeadm config images pull 2 [config/images] Pulled k8s.gcr.io/kube-apiserver:v1.15.1 3 [config/images] Pulled k8s.gcr.io/kube-controller-manager:v1.15.1 4 [config/images] Pulled k8s.gcr.io/kube-scheduler:v1.15.1 5 [config/images] Pulled k8s.gcr.io/kube-proxy:v1.15.1 6 [config/images] Pulled k8s.gcr.io/pause:3.1 7 [config/images] Pulled k8s.gcr.io/etcd:3.3.10 8 [config/images] Pulled k8s.gcr.io/coredns:1.3.1
master-1 adhesion to other master Free
1 # master-1执行 2 ssh-keygen 3 ssh-copy-id -i /root/.ssh/id_rsa.pub -p 8022 root@k8s-test-master-2 4 ssh-copy-id -i /root/.ssh/id_rsa.pub -p 8022 root@k8s-test-master-3