系统优化及安装docker和kubeadm/kubeclt/kubelet
一、系统优化
1、最小化安装系统,并修改主机名和IP地址:
yum install bash-completion curl wget vim net-tools
hostnamectl set-hostname xxx
nmcli connection modify eth0 ipv4.method manual ipv4.gateway xx.xx.xx.xx ipv4.dns xx.xx.xx.xx ipv4.addresses xx.xx.xx.xx/24
sed -i '/^ONBOOT/s/.*/ONBOOT=yes/g' /etc/sysconfig/network-scripts/ifcfg-eth0
nmcli connection up eth0
2、添加hosts解析
# cat /etc/hosts
... ...
10.128.25.230 harbor.example.com
10.128.25.231 k8s-01
10.128.25.232 k8s-02
10.128.25.233 k8s-03
10.128.25.234 k8s-04
10.128.25.235 k8s-05
10.128.25.236 k8s-06
3、配置阿里源:
rm -rf /etc/yum.repos.d/*
curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo
curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
4、优化系统:
cat <<EOE > one-int.sh
#!/bin/bash
# 禁用selinux
setenforce 0
sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
# 禁用防火墙
systemctl stop firewalld ; systemctl disable firewalld
# 启用br_netfilter内核模块
modprobe br_netfilter
echo '1' > /proc/sys/net/bridge/bridge-nf-call-iptables
# 修改内核参数
cat > /etc/sysctl.d/k8s.conf<<EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_nonlocal_bind = 1
net.ipv4.ip_forward = 1
vm.swappiness=0
EOF
sysctl --system
# 加载ipvs模块
yum -y install ipset ipvsadm
cat > /etc/sysconfig/modules/ipvs.modules <<EOF
#!/bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4
EOF
chmod +x /etc/sysconfig/modules/ipvs.modules
source /etc/sysconfig/modules/ipvs.modules
lsmod | grep -e ip_vs -e nf_conntrack_ipv4
cut -f1 -d " " /proc/modules | grep -e ip_vs -e nf_conntrack_ipv4
# 禁用SWAP
swapoff -a
sed -i '/swap/s/.*/#&/g' /etc/fstab
# 优化ssh禁用DNS解析
sed -i '/UseDNS/s/.*/UseDNS no/g' /etc/ssh/sshd_config
systemctl restart sshd
EOE
bash one-int.sh
二、安装dokcer
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum makecache fast
yum list docker-ce.x86_64 --showduplicates |sort -r
yum -y install docker-ce-19.03.9-3.el7
配置镜像加速器
mkdir /etc/docker
cat > /etc/docker/daemon.json <<EOF
{
"registry-mirrors": ["https://i9utjj72.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2",
"storage-opts": [
"overlay2.override_kernel_check=true"
]
}
EOF
systemctl enable docker --now && systemctl status docker
# docker info | grep -i cgroup
Cgroup Driver: systemd
三、安装kubeadm、kubelet、kubectl
cat > /etc/yum.repos.d/kubernetes.repo<<EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
yum install -y kubelet-1.20.1 kubeadm-1.20.1 kubectl-1.20.1
# vim /etc/sysconfig/kubelet
KUBELET_CGROUP_ARGS="--cgroup-driver=systemd"
KUBELET_EXTRA_ARGS="--fail-swap-on=false"
systemctl enable kubelet --now && systemctl status kubelet