CentOS 8.2 k8s 基础环境配置
一、基础环境配置1 IP 修改
机器克隆后 IP 修改,使Xshell连接上
https://img2022.cnblogs.com/blog/2412541/202210/2412541-20221014220431271-647704870.png
# vi /etc/sysconfig/network-scripts/ifcfg-ens160
TYPE="Ethernet"
PROXY_METHOD="none"
BROWSER_ONLY="no"
BOOTPROTO="static" # 配置静态IP,防止修改
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
IPV6_ADDR_GEN_MODE="stable-privacy"
NAME="ens160"
UUID="d20c4f2e-c799-46e6-9a7a-0579c1791c27"
DEVICE="ens160"
ONBOOT="yes"
IPADDR="192.168.192.10" # 修改ip地址
PREFIX="24"
GATEWAY="192.168.192.2" # 修改网关地址
IPV6_PRIVACY="no"
DNS1=114.114.114.114 # DSN配置上,不然使用域名会找不到的
DNS2=8.8.8.8 重启网卡,并测试好不好使
# nmcli c reload ens160
# nmcli c up ens160
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/5)
# 重启完后测试
# ping 114.114.114.114
PING 114.114.114.114 (114.114.114.114) 56(84) bytes of data.
64 bytes from 114.114.114.114: icmp_seq=1 ttl=128 time=30.8 ms
64 bytes from 114.114.114.114: icmp_seq=2 ttl=128 time=30.6 ms
64 bytes from 114.114.114.114: icmp_seq=3 ttl=128 time=28.10 ms
64 bytes from 114.114.114.114: icmp_seq=4 ttl=128 time=30.1 ms
64 bytes from 114.114.114.114: icmp_seq=5 ttl=128 time=34.4 ms
^C
--- 114.114.114.114 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 14ms
rtt min/avg/max/mdev = 28.999/30.978/34.430/1.841 ms
2 设置主机名
hostnamectl set-hostname kube-master01
hostnamectl set-hostname kube-node01
hostnamectl set-hostname kube-node02
hostnamectl set-hostname kube-vip
3 配置hosts本地解析
cat > /etc/hosts <<EOF
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.192.10 kube-master01
192.168.192.20 kube-node01
192.168.192.30 kube-node02
192.168.192.40 kube-vip
EOF
5 YUM 源配置
本地或者自建服务器都需要配置 YUM 源,如果是云服务器由于本身就有对应云的 YUM 源,不需要配置
# 关闭防火墙
# systemctl stop firewalld
# systemctl disable firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
# 关闭Selinux
# 永久关闭
# sed -i "s#^SELINUX=.*#SELINUX=disabled#g" /etc/selinux/config
# 临时关闭
# setenforce 0
# 检查
# /usr/sbin/sestatus -v
SELinux status: enabled
# 先查看 Swap有没有
# free -m
total used free sharedbuff/cache available
Mem: 1800 1208 122 15 469 417
Swap: 2047 15 2032
# 关闭 Swap 分区,Swap 会影响性能
# swapoff -a && sysctl -w vm.swappiness=0
vm.swappiness = 0
# sed -ri '/^[^#]*swap/s@^@#@' /etc/fstab
# 在确认下 [查看swap一行全是0就正确]
# free -m
total used free sharedbuff/cache available
Mem: 1800 1210 110 25 479 406
Swap: 0 0 0
# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
# 主机名解析
# echo "127.0.0.1 $(hostname)" >> /etc/hosts
# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
127.0.0.1 localhost.localdomain
6 基础依赖安装
由于服务器最小化安装,需要安装一些常用的依赖和工具,否则后面安装可能会报错
# 备份旧的 yum 源
cd /etc/yum.repos.d/
mkdir backup-$(date +%F)
mv *repo backup-$(date +%F)
# 上面看不懂,这有简单的
# mkdir /etc/yum.repos.d.bak
# cp /etc/yum.repos.d/* /etc/yum.repos.d.bak/
# ls /etc/yum.repos.d.bak/
# 添加阿里云 yum 源
# curl http://mirrors.aliyun.com/repo/Centos-7.repo -o ali.repo
% Total % Received % XferdAverage Speed Time Time TimeCurrent
DloadUpload Total Spent LeftSpeed
10025231002523 0 013637 0 --:--:-- --:--:-- --:--:-- 13637注意:yum 安装出错,看最后一个报错标题里面找。
7 配置时间同步
本地或者自建服务器都需要配置时间同步,如果是云服务器由于本身就有对应云的时间同步机制,不需要配置
# 安装 epel 源
# yum -y install epel-release
# yum clean all
33 files removed
# yum makecache
# 安装常用依赖
yum -y install gcc glibc gcc-c++ make cmake net-tools screen vim lrzsz tree dos2unix lsof \
tcpdump bash-completion wget openssl openssl-devel bind-utils traceroute \
bash-completion glib2 glib2-devel unzip bzip2 bzip2-devel libevent libevent-devel \
expect pcre pcre-devel zlib zlib-devel jq psmisc tcping yum-utils device-mapper-persistent-data \
lvm2 git device-mapper-persistent-data bridge-utils container-selinux binutils-devel \
ncurses ncurses-devel elfutils-libelf-devel ack
# 升级服务器
yum -y update
9 互相免密
Master 节点执行以下操作
echo "# 互联网时间同步" >> /var/spool/cron/root
echo "*/5 * * * * /usr/sbin/ntpdate time2.aliyun.com >/dev/null 2>&1" >> /var/spool/cron/root
10 内核升级
在 Kubernetes 的 Github 仓库中:
[*]https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.25.md
有提到关于内核版本的问题:
[*]Faster mount detection for linux kernel 5.10+ using openat2 speeding up pod churn rates. On Kernel versions less 5.10, it will fallback to using the original way of detecting mount points i.e by parsing /proc/mounts.
[*]这意味着内核 5.10 版本以后会使用 openat2 进行更快的挂载检测,所有可以将内核升级到 5.10 以后,但没必要最新。
[*]这里使用的是 5.11.16 版本,更新于 2021 年 4 月。如果想安装其它版本可以去下面网站下载:http://193.49.22.109/elrepo/kernel/el7/x86_64/RPMS/
创建用于存放安装包并下载
ssh-keygen -t rsa
# 定义 master 列表
MASTER_LIST=(
192.168.192.10
192.168.192.30
)
# 配置免密登录
for i in ${MASTER_LIST[@]};do
ssh-copy-id -i /root/.ssh/id_rsa.pub root@$i
done
# yes
# 输入密码执行安装
mkdir -p /opt/software/kernel
cd /opt/software/kernel
wget http://193.49.22.109/elrepo/kernel/el7/x86_64/RPMS/kernel-ml-5.11.14-1.el7.elrepo.x86_64.rpm
wget http://193.49.22.109/elrepo/kernel/el7/x86_64/RPMS/kernel-ml-devel-5.11.14-1.el7.elrepo.x86_64.rpm注意:CentOS 8.2 对以上内核升级需要安装各种依赖。
CentOS 7.9 升级内核 kernel-ml-5.6.14版本:https://www.cnblogs.com/huaxiayuyi/p/16788084.html
Centos 8.2 升级内核通过elrepo源:https://www.cnblogs.com/huaxiayuyi/p/16794239.html
8 系统优化
对系统打开文件数进行修改,提升性能
cat >> /etc/security/limits.conf/etc/modules-load.d/ipvs.conf > /etc/sysctl.d/user.conf
页:
[1]