Centos7.6 使用kubeadm部署Kubernetes1.15集群

系統運維

一、環(huán)境準備

172.16.8.101    k8s-master01
172.16.8.102    k8s-master02
172.16.8.103    k8s-master03
172.16.8.104    k8s-master04
172.16.8.105    k8s-master05
172.16.8.106    k8s-master06
#harbor
172.16.8.201    k8s-node01

1、升級內核

CentOS 7.x 系統自帶的 3.10.x 內核存在一些 Bugs，導致運行的 docker、Kubernetes 不穩定，例如：
高版本的 docker(1.13 以后) 啟用了 3.10 kernel 實(shí)驗支持的 kernel memory account 功能(無(wú)法關(guān)閉)，當節點(diǎn)壓力大如頻繁啟動(dòng)和停止容器時(shí)會(huì )導致 cgroup memory leak；
網(wǎng)絡(luò )設備引用計數泄漏，會(huì )導致類(lèi)似于報錯：kernel:unregister_netdevice: waiting for eth0 to become free. Usage count = 1;
http://wap.friendlycc.com.cn/host/
http://wap.friendlycc.com.cn/host/ 
2、設置/etc/hosts
 
cat >> /etc/hosts<<EOF
172.16.8.101    k8s-master01
172.16.8.102    k8s-master02
172.16.8.103    k8s-master03
172.16.8.104    k8s-master04
172.16.8.105    k8s-master05
172.16.8.106    k8s-master06
#harbor
172.16.8.201    k8s-node01
EOF
 
3、關(guān)閉防火墻及SELINUX
 
http://wap.friendlycc.com.cn/host/ 
4、關(guān)閉swap分區
 
swapoff -a
sed -i \'/ swap / s/^\\(.*\\)$/#\\1/g\' /etc/fstab 
 
5、Kernel性能調優(yōu)
 
必須關(guān)閉 tcp_tw_recycle，否則和NAT 沖突，會(huì )導致服務(wù)不通；
關(guān)閉 IPV6，防止觸發(fā) docker BUG；
 
cat > /etc/sysctl.d/k8s.conf <<EOF
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1
net.ipv4.ip_forward=1
net.ipv4.tcp_tw_recycle=0
vm.swappiness=0 
vm.overcommit_memory=1 
vm.panic_on_oom=0 
fs.inotify.max_user_instances=8192
fs.inotify.max_user_watches=1048576
fs.file-max=52706963
fs.nr_open=52706963
net.ipv6.conf.all.disable_ipv6=1
net.netfilter.nf_conntrack_max=2310720
EOF

sysctl -p /etc/sysctl.d/k8s.conf
 
6、加載內核模塊
 
modprobe ip_vs_rr
modprobe br_netfilter
 
7、設置系統時(shí)區
 
調整系統 TimeZone
timedatectl set-timezone Asia/Shanghai

將當前的 UTC 時(shí)間寫(xiě)入硬件時(shí)鐘
timedatectl set-local-rtc 0

重啟依賴(lài)于系統時(shí)間的服務(wù)
systemctl restart rsyslog 
systemctl restart crond
 
yum install -y conntrack ntpdate ntp ipvsadm ipset jq iptables curl sysstat libseccomp wget
yum install -y yum-utils device-mapper-persistent-data lvm2
 
使用阿里云Docker Yum源
yum-config-manager –add-repo http://wap.friendlycc.com.cn/host/ 
選擇安裝的版本
 
yum list docker-ce –showduplicates | sort -r
 
已加載插件：fastestmirror, langpacks
可安裝的軟件包
Loading mirror speeds from cached hostfile
 
epel: mirror01.idc.hinet.net
 elrepo: mirror.rackspace.com
docker-ce.x86_64 3:19.03.1-3.el7 docker-ce-stable
docker-ce.x86_64 3:19.03.0-3.el7 docker-ce-stable
docker-ce.x86_64 3:18.09.8-3.el7 docker-ce-stable
docker-ce.x86_64 3:18.09.7-3.el7 docker-ce-stable
docker-ce.x86_64 3:18.09.6-3.el7 docker-ce-stable
docker-ce.x86_64 3:18.09.5-3.el7 docker-ce-stable
docker-ce.x86_64 3:18.09.4-3.el7 docker-ce-stable
docker-ce.x86_64 3:18.09.3-3.el7 docker-ce-stable
docker-ce.x86_64 3:18.09.2-3.el7 docker-ce-stable
docker-ce.x86_64 3:18.09.1-3.el7 docker-ce-stable
docker-ce.x86_64 3:18.09.0-3.el7 docker-ce-stable
docker-ce.x86_64 18.06.3.ce-3.el7 docker-ce-stable
docker-ce.x86_64 18.06.2.ce-3.el7 docker-ce-stable
docker-ce.x86_64 18.06.1.ce-3.el7 docker-ce-stable
docker-ce.x86_64 18.06.0.ce-3.el7 docker-ce-stable
docker-ce.x86_64 18.03.1.ce-1.el7.centos docker-ce-stable
docker-ce.x86_64 18.03.0.ce-1.el7.centos docker-ce-stable
docker-ce.x86_64 17.12.1.ce-1.el7.centos docker-ce-stable
docker-ce.x86_64 17.12.0.ce-1.el7.centos docker-ce-stable
docker-ce.x86_64 17.09.1.ce-1.el7.centos docker-ce-stable
docker-ce.x86_64 17.09.0.ce-1.el7.centos docker-ce-stable
docker-ce.x86_64 17.06.2.ce-1.el7.centos docker-ce-stable
docker-ce.x86_64 17.06.1.ce-1.el7.centos docker-ce-stable
docker-ce.x86_64 17.06.0.ce-1.el7.centos docker-ce-stable
docker-ce.x86_64 17.03.3.ce-1.el7 docker-ce-stable
docker-ce.x86_64 17.03.2.ce-1.el7.centos docker-ce-stable
docker-ce.x86_64 17.03.1.ce-1.el7.centos docker-ce-stable
docker-ce.x86_64 17.03.0.ce-1.el7.centos docker-ce-stable
 
yum install docker-ce-18.09.8-3.el7 -y
 
啟動(dòng)DOcker
systemctl start docker
systemctl enable docker
 
cat > /etc/docker/daemon.json<<EOF
{
"exec-opts": ["native.cgroupdriver=systemd"],
"registry-mirrors" : [
"http://wap.friendlycc.com.cn/host/ restart docker
 
查看Docker信息
[root@k8s-master01 ~]# docker info
Client:
Debug Mode: false
 
Server:
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 0
Server Version: 18.09.8
Storage Driver: overlay2
Backing Filesystem: xfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: systemd
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 894b81a4b802e4eb2a91d1ce216b8817763c29fb
runc version: 425e105d5a03fabd737a126ad93d62a9eeede87f
init version: fec3683
Security Options:
seccomp
Profile: default
Kernel Version: 4.4.183-1.el7.elrepo.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 1.936GiB
Name: k8s-master01
ID: YZ5Q:2IUX:THW4:Z7DF:GK43:QG4O:D2M2:DVUL:3YI3:G3Y3:J4QE:5A64
Docker Root Dir: /var/lib/docker
Debug Mode: false
Registry: http://wap.friendlycc.com.cn/host/ false
Insecure Registries:
127.0.0.0/8
Registry Mirrors:
http://wap.friendlycc.com.cn/host/ Restore Enabled: false
Product License: Community Engine
 
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=http://wap.friendlycc.com.cn/host/ 
yum install -y kubelet kubeadm kubectl –disableexcludes=kubernetes
 
 更多關(guān)于云服務(wù)器，域名注冊，虛擬主機的問(wèn)題，請訪(fǎng)問(wèn)特網(wǎng)科技官網(wǎng)：wap.friendlycc.com.cn