1.設(shè)置主機名以及host文件

hostnamectl set-hostname k8s-master01

hostnamectl set-hostname k8s-node01

hostnamectl set-hostname k8s-node02

2安裝依賴包

yum install -y conntrack ntpdate ntp ipvsadm ipset jq iptables curl sysstat libseccomp wget wim net-tools git

3設(shè)置防火墻為Iptables 并設(shè)置空規(guī)則

systemctl stop firewalld && systemctl disable firewalld

yum -y install iptables-services && systemctl start iptables && systemctl enable iptables && iptables -F && service iptables save

4關(guān)閉虛擬內(nèi)存分區(qū)

swapoff -a

5調(diào)整內(nèi)核參數(shù)

cat>kubernetes.conf <<EOF

net.bridge.bridge-nf-call-iptables=1

net.bridge.bridge-nf-call-ip6tables=1

net.ipv4.ip_forward=1

vm.swappiness=0

vm.overcommit_memory=1

vm.panic_on_oom=0

fs.inotify.max_user_instances=8192

fs.file-max=52706963

fs.nr_open=52706963

net.ipv6.conf.all.disable_ipv6=1

net.netfilter.nf_conntrack_max=2310720

EOF

cp kubernetes.conf /etc/sysctl.d/kubernetes.conf

sysctl -p /etc/sysctl.d/kubernetes.conf

6調(diào)整系統(tǒng)時區(qū)

timedatectl set-timezone Asia/Shanghai

timedatectl set-local-rtc 0

systemctl restart rsyslog

systemctl restart crond

7設(shè)置日志保存方案

mkdir /var/log/journal

mkdir /etc/systemd/journald.conf.d

cat> /etc/systemd/journald.conf.d/99-prophet.conf <<EOF

[journal]

Storage=persistent

Compress=yes

SyncIntervalSec=5m

RateLimitInterval=30s

RateLimitBurst=1000

SystemMaxUse=10G

SystemMaxFileSize=200M

MaxRetentionSec=2week

ForwardToSyslog=no

EOF

systemctl restart systemd-journald

8安裝最新linux內(nèi)核

uname -a

yum -y update

rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org #導(dǎo)入elrepo公共秘鑰

rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm

yum --disablerepo="*" --enablerepo="elrepo-kernel" list available #查看可用內(nèi)核版本

yum --enablerepo=elrepo-kernel install kernel-ml #安裝內(nèi)核

sudo awk -F\' '$1=="menuentry " {print i++ " : " $2}' /etc/grub2.cfg? #查看系統(tǒng)上所有內(nèi)核

grub2-set-default 0 #設(shè)置默認內(nèi)核0

grub2-mkconfig -o /boot/grub2/grub.cfg #生成配置文件

reboot #重啟

9kube-proxy開啟ipvs的前置條件

modprobe br_netfilter

cat > /etc/sysconfig/modules/ipvs.modules <<EOF

#!/bin/bash

modprobe -- ip_vs

modprobe -- ip_vs_rr

modprobe -- ip_vs_wrr

modprobe -- ip_vs_sh

EOF

#modprobe -- nf_conntrack_ipv4?

chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep -e ip_vs -e nf_conntrack_ipv4

9安裝docker軟件

yum install -y yum-utils device-mapper-persistent-data lvm2

#導(dǎo)入阿里源

yum-config-manager \

--add-repo \

http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

yum update -y && yum install -y docker-ce #安裝docker

#配置 daemon并添加阿里加速器

cat > /etc/docker/daemon.json <<EOF

{

? "exec-opts":["native.cgroupdriver=systemd"],

? "log-driver":"json-file",

? "log-opts":{

? ? ? "max-size":"100m"

}

}

EOF

mkdir -p /etc/systemd/system/docker.service.d

systemctl daemon-reload && systemctl restart docker && systemctl enable docker

安裝Kubeadm(主從配置)

cat <<EOF >/etc/yum.repos.d/kubernetes.repo

[kubernetes]

name=Kubernetes

baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64

enabled=1

gpgcheck=0

repo_gpgcheck=0

gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg

http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg

EOF

yum -y install kubeadm-1.15.1 kubectl-1.15.1 kubelet-1.15.1

systemctl enable kubelet.service