实践展示openEuler部署Kubernetes 1.29.4版本集群

不到断气不罢休  金牌会员 | 2024-5-18 01:00:26 | 显示全部楼层 | 阅读模式
打印 上一主题 下一主题
楼主

主题 996|帖子 996|积分 2988

马上注册,结交更多好友,享用更多功能,让你轻松玩转社区。

您需要 登录 才可以下载或查看,没有账号?立即注册

x
本文分享自华为云社区《openEuler部署Kubernetes 1.29.4版本集群》,作者:江晚正愁余。
一、Kubernetes集群节点准备

1.1 主机操作系统说明

序号 操作系统及版本 备注
1 CentOS7u9或 OpenEuler2203
1.2 主机硬件设置说明

需求 CPU 内存 硬盘 脚色 主机名
值 8C 8G 1024GB master k8s-master01
值 8C 16G 1024GB worker(node) k8s-worker01
值 8C 16G 1024GB worker(node) k8s-worker02
1.3 主机设置

1.3.1 主机名设置

由于本次利用3台主机完成kubernetes集群部署,其中1台为master节点,名称为k8s-master01;其中2台为worker节点,名称分别为:k8s-worker01及k8s-worker02
  1. # master节点
  3. hostnamectl set-hostname k8s-master01
  5. #worker01节点
  6. hostnamectl set-hostname k8s-worker01
  8. #worker02节点
  9. hostnamectl set-hostname k8s-worker02
复制代码
1.3.2 IP地址,名称解析与互信
  1. #IP配置这里不再讲解
  3. #下面是名称解析配置
  4. [root@k8s-master01 ~]# cat /etc/hosts
  5. 127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
  6. ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
  7. 192.168.0.11 k8s-master01
  8. 192.168.0.12 k8s-worker01
  9. 192.168.0.13 k8s-worker02
  11. #主机互信配置  
  12. [root@k8s-master01 ~]# ssh-keygen
  13. Generating public/private rsa key pair.
  14. Enter file in which to save the key (/root/.ssh/id_rsa):
  15. Enter passphrase (empty for no passphrase):
  16. Enter same passphrase again:
  17. Your identification has been saved in /root/.ssh/id_rsa
  18. Your public key has been saved in /root/.ssh/id_rsa.pub
  19. The key fingerprint is:
  20. SHA256:Rr6W4rdnY350fzMeszeWFR/jUJt0VOZ3yZECp5VJJQA root@k8s-master01
  21. The key's randomart image is:
  22. +---[RSA 3072]----+
  23. |         E.o+=++*|
  24. |            ++o*+|
  25. |        .  .  +oB|
  26. |       o     . *o|
  27. |        S     o =|
  28. |       . o  . ..o|
  29. |      . +  . . +o|
  30. |     . o. = .  *B|
  31. |      ...*.o  oo*|
  32. +----[SHA256]-----+
  33. [root@k8s-master01 ~]# for i in {11..13};do ssh-copy-id 192.168.0.${i};done
  35. /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
  36. The authenticity of host '192.168.0.11 (192.168.0.11)' can't be established.
  37. ED25519 key fingerprint is SHA256:s2R582xDIla4wyNozHa/HEmRR7LOU4WAciEcAw57U/Q.
  38. This key is not known by any other names
  39. Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
  40. /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
  41. /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
  43. Authorized users only. All activities may be monitored and reported.
  44. root@192.168.0.11's password:
  46. Number of key(s) added: 1
复制代码
1.3.4 防火墙设置

所有主机均需要操作。
关闭现有防火墙firewalld
  1. # systemctl disable firewalld
  3. # systemctl stop firewalld
复制代码
  1. systemctl disable --now firewalld
复制代码
查看firewalld状态
  1. # firewall-cmd --state
  3. not running
复制代码
参考运行下令:
  1. [root@k8s-master01 ~]# for i in {11..13};do ssh  192.168.0.${i} 'systemctl disable --now firewalld' ;done
  3. Authorized users only. All activities may be monitored and reported.
  5. Authorized users only. All activities may be monitored and reported.
  7. Authorized users only. All activities may be monitored and reported.
  8. [root@k8s-master01 ~]# for i in {11..13};do ssh  192.168.0.${i} 'firewall-cmd --state' ;done
  10. Authorized users only. All activities may be monitored and reported.
  11. not running
  13. Authorized users only. All activities may be monitored and reported.
  14. not running
  16. Authorized users only. All activities may be monitored and reported.
  17. not running
复制代码
1.3.5 SELINUX设置

所有主机均需要操作。修改SELinux设置需要重启操作系统。
  1. # sed -ri 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
  2. # sestatus
复制代码
参考运行下令:
  1. [root@k8s-master01 ~]# for i in {11..13};do ssh  192.168.0.${i} 'sed -ri 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config' ;done
  3. Authorized users only. All activities may be monitored and reported.
  5. Authorized users only. All activities may be monitored and reported.
  7. Authorized users only. All activities may be monitored and reported.
  9. [root@k8s-master01 ~]# for i in {11..13};do ssh  192.168.0.${i} 'sestatus' ;done
  11. Authorized users only. All activities may be monitored and reported.
  12. SELinux status:                 disabled
  14. Authorized users only. All activities may be monitored and reported.
  15. SELinux status:                 disabled
  17. Authorized users only. All activities may be monitored and reported.
  18. SELinux status:                 disabled
复制代码
1.3.6 时间同步设置

所有主机均需要操作。最小化安装系统需要安装ntpdate软件。
  1. # crontab -l
  3. 0 */1 * * * /usr/sbin/ntpdate time1.aliyun.com
  4. for i in {11..13};do ssh  192.168.0.${i} ' echo '0 */1 * * * /usr/sbin/ntpdate time1.aliyun.com' >> /etc/crontab' ;done
  5. #设置上海时区,东八区
  7. timedatectl set-timezone Asia/Shanghai
  9. for i in {11..13};do ssh  192.168.0.${i} ' timedatectl set-timezone Asia/Shanghai' ;done
复制代码
1.3.7 升级操作系统内核

centos系统需要升级内容,详细百度,OpenEuler2203不需要
1.3.8 设置内核路由转发及网桥过滤

所有主机均需要操作。
添加网桥过滤及内核转发设置文件
[code]sed -i 's/net.ipv4.ip_forward=0/net.ipv4.ip_forward=1/g' /etc/sysctl.conf# cat > /etc/sysctl.d/k8s.conf
回复

使用道具 举报

0 个回复

倒序浏览
返回列表

快速回复

高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 or 立即注册

本版积分规则

不到断气不罢休

金牌会员
这个人很懒什么都没写!

楼主热帖

标签云

AI 运维 CIO 存储 服务器
微信订阅号
微信服务号
微信客服
小程序
H5
关于我们 商务合作 网站地图
©Copyright 2022-2024 杭州祥升科技有限公司 版权所有 浙ICP备20004199号
快速回复 返回顶部 返回列表