Rocky Linux 9.5 基于kubeadm部署k8s
部署说明
| 操作系统 | https://mirrors.aliyun.com/rockylinux/9.5/isos/x86_64/Rocky-9.5-x86_64-minimal.iso |
| 主机名 | IP地址 | 配置 |
|---|---|---|
| k8s- master | 192.168.1.141 | 2颗CPU 4G内存 100G硬盘 |
| k8s- node-1 | 192.168.1.142 | 2颗CPU 4G内存 100G硬盘 |
| k8s- node-2 | 192.168.1.143 | 2颗CPU 4G内存 100G硬盘 |
一:主机准备(同时操作)
1.yum源搭建
替换默认源
sed -e 's|^mirrorlist=|#mirrorlist=|g' \-e 's|^#baseurl=http://dl.rockylinux.org/$contentdir|baseurl=https://mirrors.aliyun.com/rockylinux|g' \-i.bak \/etc/yum.repos.d/rocky*.repodnf config-manager --set-enabled crb
dnf install epel-release备份
cp /etc/yum.repos.d/epel.repo /etc/yum.repos.d/epel.repo.backup
cp /etc/yum.repos.d/epel-testing.repo /etc/yum.repos.d/epel-testing.repo.backup
cp /etc/yum.repos.d/epel-cisco-openh264.repo /etc/yum.repos.d/epel-cisco-openh264.repo.backup将 repo 配置中的地址替换为阿里云镜像站地址
执行下面语句,它会替换epel.repo、eple-testing.repo中的网址,不会修改epel-cisco-openh264.repo,可以正常使用。sed -e 's!^metalink=!#metalink=!g' \-e 's!^#baseurl=!baseurl=!g' \-e 's!https\?://download\.fedoraproject\.org/pub/epel!https://mirrors.aliyun.com/epel!g' \-e 's!https\?://download\.example/pub/epel!https://mirrors.aliyun.com/epel!g' \-i /etc/yum.repos.d/epel{,-testing}.repodnf clean all
dnf makecache
2.配置主机名
[root@localhost ~]#hostnamectl set-hostname k8s-master01
[root@localhost ~]#hostnamectl set-hostname k8s-node01
[root@localhost ~]#hostnamectl set-hostname k8s-node023.配置hosts解析
cat >> /etc/hosts << EOF
192.168.1.141 k8s-master01
192.168.1.142 k8s-node01
192.168.1.143 k8s-node02配置远程登录(只在master上操作)
[root@k8s-master01 ~]# ssh-keygen -f ~/.ssh/id_rsa -N '' -q
点拷贝秘钥到其他 2 台节点
[root@k8s-master01 ~]# ssh-copy-id k8s-node01
[root@k8s-master01 ~]# ssh-copy-id k8s-node02
4.防火墙和selinux
systemctl disable --now firewalld
sed -i '/^SELINUX=/ c SELINUX=disabled' /etc/selinux/config
setenforce 05.时间同步配置
# dnf install -y chrony
# 修改同步服务器
sed -i '/^pool/ c pool ntp1.aliyun.com iburst' /etc/chrony.conf
systemctl restart chronyd
systemctl enable chronyd# chronyc sources
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 118.31.3.89 2 6 17 9 +477us[+3551us] +/- 23ms
6.配置内核转发及网桥过滤
添加网桥过滤及内核转发配置文件
# cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
vm.swappiness = 0
EOF加载br_netfilter模块
# modprobe br_netfilter查看是否加载
# lsmod | grep br_netfilter
br_netfilter 36864 0
bridge 417792 1 br_netfilter使用新添加配置文件生效
sysctl -p /etc/sysctl.d/k8s.conf
7.关闭swap
临时关闭# swapoff -a
[root@k8s-master01 ~]# free -mtotal used free shared buff/cache available
Mem: 3626 477 3031 8 343 3148
Swap: 0 0 0
8.启用ipvs
cat >> /etc/modules-load.d/ipvs.conf << EOF
br_netfilter
ip_conntrack
ip_vs
ip_vs_lc
ip_vs_wlc
ip_vs_rr
ip_vs_wrr
ip_vs_lblc
ip_vs_lblcr
ip_vs_dh
ip_vs_sh
ip_vs_fo
ip_vs_nq
ip_vs_sed
ip_vs_ftp
ip_vs_sh
nf_conntrack
ip_tables
ip_set
xt_set
ipt_set
ipt_rpfilter
ipt_REJECT
ipip
EOFdnf install ipvsadm ipset sysstat conntrack libseccomp -y
9.句柄数最大
ulimit -SHn 65535
cat >> /etc/security/limits.conf <<EOF
* soft nofile 655360
* hard nofile 131072
* soft nproc 655350
* hard nproc 655350
* seft memlock unlimited
* hard memlock unlimitedd
EOF
查看修改结果
ulimit -a10.系统优化
cat > /etc/sysctl.d/k8s_better.conf << EOF
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1
net.ipv4.ip_forward=1
vm.swappiness=0
vm.overcommit_memory=1
vm.panic_on_oom=0
fs.inotify.max_user_instances=8192
fs.inotify.max_user_watches=1048576
fs.file-max=52706963
fs.nr_open=52706963
net.ipv6.conf.all.disable_ipv6=1
net.netfilter.nf_conntrack_max=2310720
EOFmodprobe br_netfilter
lsmod |grep conntrack
modprobe ip_conntrack
sysctl -p /etc/sysctl.d/k8s_better.conf
二:容器运行时工具安装及运行
1.安装docker
# Step 1: 安装依赖
yum install -y yum-utils device-mapper-persistent-data lvm2# Step 2: 添加软件源信息
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/rhel/docker-ce.repo# Step 3: 更新并安装Docker-CE
yum makecache fast
yum -y install docker-ce# 设置国内镜像加速
mkdir -p /etc/docker/
cat >> /etc/docker/daemon.json << EOF
{"registry-mirrors":["https://p3kgr6db.mirror.aliyuncs.com","https://docker.m.daocloud.io","https://your_id.mirror.aliyuncs.com","https://docker.nju.edu.cn/","https://docker.anyhub.us.kg","https://dockerhub.jobcher.com","https://dockerhub.icu","https://docker.ckyl.me","https://cr.console.aliyun.com"],
"exec-opts": ["native.cgroupdriver=systemd"]
}
EOF设置docker开机启动并启动
# systemctl enable --now docker查看docker版本
# docker version