1 hostname
1
| hostnamectl set-hostname knode1
|
2 /etc/hosts
1 2 3
| 172.31.27.5 knode1 172.31.23.162 knode2 172.31.21.12 knode3
|
3 禁用systemd-resolved
1 2 3 4 5 6 7
| systemctl disable systemd-resolved.service systemctl stop systemd-resolved.service rm -rf /etc/resolv.conf ; touch /etc/resolv.conf cat << EOF > /etc/resolv.conf nameserver 8.8.8.8 nameserver 114.114.114.114 EOF
|
4 关闭防火墙(不建议)
5 修改时区和语言
1 2
| ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime sudo echo 'LANG="en_US.UTF-8"' >> /etc/profile;source /etc/profile
|
6 关闭swap
1
| swapoff -a && sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
|
7 kernel性能调优
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
| cat >> /etc/sysctl.conf<<EOF net.ipv4.ip_forward=1 watchdog_thresh=30 net.bridge.bridge-nf-call-iptables=1 net.ipv4.neigh.default.gc_thresh1=4096 net.ipv4.neigh.default.gc_thresh2=6144 net.ipv4.neigh.default.gc_thresh3=8192 net.bridge.bridge-nf-call-ip6tables=1 net.ipv4.tcp_tw_recycle=0 vm.swappiness=0 vm.overcommit_memory=1 vm.panic_on_oom=0 fs.inotify.max_user_instances=8192 fs.inotify.max_user_watches=1048576 fs.file-max=52706963 fs.nr_open=52706963 net.ipv6.conf.all.disable_ipv6=1 net.netfilter.nf_conntrack_max=2310720 EOF sysctl -p
|
8 安装docker
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44
| 国内源 sudo cp /etc/apt/sources.list /etc/apt/sources.list.bak cat > /etc/apt/sources.list << EOF deb http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse deb-src http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse deb http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse deb-src http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse deb http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse deb-src http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse deb http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse deb-src http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse deb http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse deb-src http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse EOF sudo curl -fsSL http://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo apt-key add - sudo add-apt-repository "deb [arch=amd64] http://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable" sudo apt-get -y update sudo apt-get -y install docker-ce=${install_version} docker-ce-cli=${install_version} --allow-downgrades; systemctl start docker systemctl enable docker sudo apt-mark hold docker-ce docker-ce-cli
国外
sudo apt-get remove docker docker-engine docker.io containerd runc
sudo apt-get install apt-transport-https ca-certificates curl gnupg-agent software-properties-common ifupdown -y
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
sudo apt-get update sudo apt-get install docker-ce docker-ce-cli containerd.io -y
systemctl start docker systemctl enable docker
sudo apt-mark hold docker-ce docker-ce-cli
apt-cache madison docker-ce sudo apt-get install docker-ce=<VERSION_STRING> docker-ce-cli=<VERSION_STRING> containerd.io
|
国内镜像加速
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
| cat > /etc/docker/daemon.json <<EOF { "exec-opts": ["native.cgroupdriver=systemd"], "log-driver": "json-file", "log-opts": { "max-size": "100m", "max-file": "3" }, "storage-driver": "overlay2", "storage-opts": [ "overlay2.override_kernel_check=true" ], "registry-mirrors": ["https://uyah70su.mirror.aliyuncs.com"] } EOF
|
9 解决ubuntu警告No swap limit support
Ubuntu\Debian系统下,默认cgroups未开启swap account功能,这样会导致设置容器内存或者swap资源限制不生效。可以通过以下命令解决:
1 2 3
| sudo sed -i 's/en[[:alnum:]]*/eth0/g' /etc/network/interfaces; sudo sed -i 's/GRUB_CMDLINE_LINUX="\(.*\)"/GRUB_CMDLINE_LINUX="net.ifnames=0 cgroup_enable=memory swapaccount=1 biosdevname=0 \1"/g' /etc/default/grub; sudo update-grub;
|
10 安装kubeadm
1 2 3 4 5 6 7 8
| sudo apt-get update && sudo apt-get install -y apt-transport-https curl curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add - cat <<EOF | sudo tee /etc/apt/sources.list.d/kubernetes.list deb https://apt.kubernetes.io/ kubernetes-xenial main EOF sudo apt-get update sudo apt-get install -y kubelet kubeadm kubectl sudo apt-mark hold kubelet kubeadm kubectl
|
如果网络比较慢,可以使用阿里的源
1 2 3 4 5 6 7 8 9 10
| apt-get update && apt-get install -y apt-transport-https curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add - cat <<EOF >/etc/apt/sources.list.d/kubernetes.list deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main EOF apt-get update
apt policy kubeadm
apt-get install -y kubelet kubeadm kubectl
|
11 Master安装
1 2 3 4 5 6 7
| kubeadm init --apiserver-advertise-address=172.31.27.5 --service-cidr=10.96.0.0/12 --pod-network-cidr=10.244.0.0/16 ## 使用阿里源 --image-repository registry.aliyuncs.com/google_containers mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config
## kubeadm token create --print-join-command
|
12 Node节点注册
1 2
| kubeadm join 172.31.27.5:6443 --token m9luq4.92yahwonslm8b6xj \ --discovery-token-ca-cert-hash sha256:cb705c09703f492af8db0ec9576737567aec78dcc4fac27a46bad08d6e46ced4
|
13 网络插件安装
1 2 3 4 5 6
| # 二选一 # 1 flannel kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
# 2 calico kubectl apply -f https://docs.projectcalico.org/manifests/calico.yaml
|
14 部署Dashboard
1 2 3 4
| kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta8/aio/deploy/recommended.yaml
# 修改NodePort
|