k8s的搭建1.18(一)
阿新 • • 發佈:2022-03-03
1. 初始化系統
yum install net-tools vim wget lrzsz git -y
2. 關閉防火牆和selinux
systemctl stop firewalld systemctl disable firewalld sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config reboot
3.設定時區
\cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime -rf
4. 關閉交換分割槽
swapoff -a sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
5.設定時間同步
yum install -y ntpdate ntpdate -u ntp.api.bz echo "*/5 * * * * ntpdate time7.aliyun.com >/dev/null 2>&1" >> /etc/crontab systemctl restart crond
systemctl enable crond
7. 設定hosts解析
10.0.0.51 master51 10.0.0.52 master52 10.0.0.53 node53 10.0.0.54 node54 10.0.0.55 node55
8.免金鑰(省略)
9.優化核心引數
cat >/etc/sysctl.d/kubernetes.conf <<EOF net.bridge.bridge-nf-call-iptables=1 net.bridge.bridge-nf-call-ip6tables=1 net.ipv4.ip_forward=1 vm.swappiness=0 fs.file-max=52706963 fs.nr_open=52706963 EOF sysctl -p
10. 安裝keepalivyum install -y keepalived
cat >/etc/keepalived/keepalived.conf <<EOL global_defs { router_id KUB_LVS } vrrp_script CheckMaster { script"curl -k https://10.0.0.100:6443" interval 3 timeout 9 fall 2 rise 2 } vrrp_instance VI_1 { state MASTER interface ens33 virtual_router_id 61 priority 100 advert_int 1 nopreempt authentication { auth_type PASS auth_pass 111111 } virtual_ipaddress { 10.0.0.100/24 dev ens33 } track_script { CheckMaster } } EOL #SLAVE #修改state為slave, priority 為 90 systemctl enable keepalived && systemctl restart keepalived service keepalived status
11. 下載建立證書工具
mkdir /soft && cd /soft wget https://pkg.cfssl.org/R1.2/cfssl_linux-amd64 wget https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64 wget https://pkg.cfssl.org/R1.2/cfssl-certinfo_linux-amd64 chmod +x cfssl_linux-amd64 cfssljson_linux-amd64 cfssl-certinfo_linux-amd64 mv cfssl_linux-amd64 /usr/local/bin/cfssl mv cfssljson_linux-amd64 /usr/local/bin/cfssljson mv cfssl-certinfo_linux-amd64 /usr/bin/cfssl-certinfo