K8S從入門到放棄系列-(1)環境初始化
阿新 • • 發佈:2020-08-18
一、系統規劃
| 主機名 | IP | 元件 |
| k8s-master01 | 192.168.1.225 | etcd、kube-apiserver、kube-controller-manager、kube-scheduler |
| k8s-node01 | 192.168.1.226 | kubelet、kube-proxy、docker、dns、calico |
| k8s-node02 | 192.168.1.227 | kubelet、kube-proxy、docker、dns、calico |
二、初始化系統基礎環境
系統初始化時由於5臺機器大部分操作都相同,我這裡在配置過程中,在一臺主機上進行配置檔案建立,然後使用ansible進行分發,當然你也可以直接在對應主機上進行操作。
在五臺機器分別執行對應設定主機名的命令
hostnamectl set-hostname k8s-master01 hostnamectl set-hostname k8s-node01 hostnamectl set-hostname k8s-node022)配置免金鑰登陸
以k8s-master01為主機,對另外4臺機器進行免金鑰登陸
ssh-keygen ##一路回車進行公鑰私鑰建立 ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected] ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected] ssh3、建議安裝ansible(可以不安裝,把生成檔案或者命令在各節點執行即可)-copy-id -i ~/.ssh/id_rsa.pub [email protected]
這裡只需在master01節點安裝即可,後續一些操作均在此機器上執行,然後把生成的檔案分發至對應節點
yum -y install epel-release yum -y install ansible ansible --version
定義主機組
vim /etc/ansible/hosts [k8s-all] 192.168.1.228 192.168.1.229 192.168.1.230 [k8s-master] 192.168.1.228 [k8s-node] 192.168.1.229 192.168.1.230 [k8s-etcd] 192.168.1.228 192.168.1.229 192.168.1.230 #測試ansible是否正常 ansible k8s-all -m ping
4、關閉防火牆、selinux(5臺機器都執行,我這裡使用ansible)
##如果你不使用ansible,在各個機器執行一下命令 systemctl stop firewalld systemctl disable firewalld setenforce 0 sed -i "s/^SELINUX=enforcing/SELINUX=disabled/g" /etc/sysconfig/selinux sed -i "s/^SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
[root@k8s-master01 ~]# ansible k8s-all -m shell -a 'systemctl stop firewalld' [root@k8s-master01 ~]# ansible k8s-all -m shell -a 'systemctl disable firewalld' [root@k8s-master01 ~]# ansible k8s-all -m shell -a 'setenforce 0' [root@k8s-master01 ~]# ansible k8s-all -m replace -a 'path=/etc/sysconfig/selinux regexp="SELINUX=enforcing" replace=SELINUX=disabled' [root@k8s-master01 ~]# ansible k8s-all -m replace -a 'path=/etc/selinux/config regexp="SELINUX=enforcing" replace=SELINUX=disabled'
5、配置host主機域名解析
[root@k8s-master01 ~]# vim /etc/hosts 192.168.1.228 k8s-master01 192.168.1.229 k8s-node01 192.168.1.230 k8s-node02 [root@k8s-master01 ~]# ansible k8s-all -m copy -a "src=/etc/hosts dest=/etc/hosts" ##檔案分發
6、設定核心,阿里雲主機可不設定
[root@k8s-master01 ~]# vim /etc/sysctl.d/k8s.conf net.ipv4.ip_forward = 1 net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 [root@k8s-master01 ~]# ansible k8s-all -m copy -a "src=/etc/sysctl.d/k8s.conf dest=/etc/sysctl.d/k8s.conf" [root@k8s-master01 ~]# ansible k8s-all -m shell -a 'modprobe br_netfilter' [root@k8s-master01 ~]# ansible k8s-all -m shell -a 'sysctl -p /etc/sysctl.d/k8s.conf'
7、時間同步,阿里雲主機可不設定
[root@k8s-master01 ~]# ansible k8s-all -m yum -a "name=ntpdate state=latest" [root@k8s-master01 ~]# ansible k8s-all -m cron -a "name='k8s cluster crontab' minute=*/30 hour=* day=* month=* weekday=* job='ntpdate time7.aliyun.com >/dev/null 2>&1'" [root@k8s-master01 ~]# ansible k8s-all -m shell -a "ntpdate time7.aliyun.com"8、建立叢集目錄
在叢集元件部署之前,先進行對應的目錄建立## 所有節點所需目錄 [root@k8s-master01 ~]# ansible k8s-all -m file -a 'path=/etc/kubernetes/ssl state=directory' [root@k8s-master01 ~]# ansible k8s-all -m file -a 'path=/etc/kubernetes/config state=directory' ## k8s-master01節點所需目錄 [root@k8s-master01 ~]# mkdir -p /opt/k8s/{certs,cfg,unit}