K8S 二进制安装文档（ k8s 1.17.3 docker 19.03.4）之一 -环境准备

365技术文档

已于 2022-04-22 18:12:36 修改

阅读量1.2k

点赞数

文章标签： kubernetes docker centos 运维 tensorflow

于 2020-03-31 16:03:37 首次发布

本文链接：https://blog.youkuaiyun.com/sonsunny/article/details/105224690

版权

本文详细介绍了一种基于CentOS 7.6的Kubernetes集群搭建流程，包括环境准备、关闭防火墙与SELinux、禁用swap、修改内核参数、设置阿里源及K8S源、内核模块加载、内存参数调整、免密登录配置等关键步骤。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

一、环境准备

主机名	Centos版本	ip	ETCD version	docker version	flannel version	主机配置	备注
k8smaster01	7.6.1810	10.111.69.240	3.4.4	19.03.7	v0.11.0	4C4G	control plane
k8smaster02	7.6.1810	10.111.83.165	3.4.4	19.03.7	v0.11.0	4C4G	control plane
k8smaster03	7.6.1810	10.111.127.129	3.4.4	19.03.7	v0.11.0	4C4G	control plane
k8snode01	7.6.1810	10.111.70.155		19.03.7	/	4C4G	worker nodes
k8snode02	7.6.1810	10.111.112.126		19.03.7	/	4C4G	worker nodes
k8snode-gpu	7.6.1810	10.111.82.35		19.03.7	/	4C4G	worker nodes
Service cluster ip：172.18.0.0/16
Flannel ip（Pod IP）：172.19.0.0/16
API Server cluster IP:10.111.104.172

集群ETCD

集群介绍：

ETCD集群：

k8smaster01、k8smaster02、k8smaster03

kube-apiserver 集群（keepalived+haproxy）：

k8smaster01、k8smaster02、k8smaster03

kube-controller-manager集群（k8s leader-elect ）：

k8smaster01、k8smaster02、k8smaster03

kube-scheduler集群（k8s leader-elect ）：

k8smaster01、k8smaster02、k8smaster03

1.1 关闭firewalld

systemctl stop firewalldsystemctl disable firewalld

1.2关闭selinux

vi /etc/selinux/configSELINUX=disabled

  setenforce 0

1.3 K8S集群中所有服务器编辑hosts文件

cat  >> /etc/hosts <<EOF

10.111.69.240  k8smaster01

10.111.83.165  k8smaster02

10.111.127.129 k8smaster03

10.111.70.155  k8snode01

10.111.112.126 k8snode02

10.111.82.35   k8snode-gpu

EOF

1.4 禁用swap

 临时禁用：swapoff -a

永久禁用：sed -i.bak '/swap/s/^/#/' /etc/fstab

1.5 修改阿里源BASE和K8S源

#mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.bak

#wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo

新增K8S源

cat <<EOF > /etc/yum.repos.d/kubernetes.repo

[kubernetes]

name=Kubernetes

baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/

enabled=1

gpgcheck=1

repo_gpgcheck=1

gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg

EOF

# yum clean all

# yum makecache

1.6内核参数修改

添加br_netfilter mod

临时添加

[root@k8smaster01 ~]# lsmod |grep br_netfilter [root@k8smaster01 ~]# modprobe br_netfilter [root@k8smaster01 ~]# lsmod |grep br_netfilter br_netfilter           22256  0  bridge                151336  1 br_netfilter

永久添加

# cat > /etc/rc.sysinit << EOF

#!/bin/bash

for file in /etc/sysconfig/modules/*.modules ; do

[ -x $file ] && $file

done

EOF

# cat > /etc/sysconfig/modules/br_netfilter.modules << EOF

modprobe br_netfilter

EOF

# chmod 755 /etc/sysconfig/modules/br_netfilter.modules

#reboot

内存参数net.bridge.bridge-nf-call-iptables修改

临时修改

[root@k8smaster01 ~]# sysctl net.bridge.bridge-nf-call-iptables=1net.bridge.bridge-nf-call-iptables = 1 [root@k8smaster01 ~]# sysctl net.bridge.bridge-nf-call-ip6tables=1net.bridge.bridge-nf-call-ip6tables = 1

永久修改

[root@k8smaster01 ~]# cat <<EOF >  /etc/sysctl.d/k8s.conf

net.bridge.bridge-nf-call-ip6tables = 1

net.bridge.bridge-nf-call-iptables = 1

EOF

[root@k8smaster01 ~]# sysctl -p /etc/sysctl.d/k8s.conf

net.bridge.bridge-nf-call-ip6tables = 1

net.bridge.bridge-nf-call-iptables = 1

1.7 免密登录

配置k8smaster01到k8smaster02、k8smaster03以及node的免密登录，本步骤只在master01上执行

[root@k8smaster01 ~]# ssh-keygen -t rsa

for i in {k8smaster02,k8smaster03,k8snode01,k8snode02,k8snode-gpu}

 do  

 ssh-copy-id -i /root/.ssh/id_rsa.pub root:root123@$i  

done