1 MacOS
1.1 下载 docker-desktop
从 docker 下载 docker-desktop (opens new window),并完成安装
1.2 启用 k8s 集群
启动 docker-desktop,打开preference 面板
切换到 Kubernetes 标签页,并勾选启动 Enable Kubernetes,点击 Apply
2 Linux(CentOS7)
https://kubernetes.io/zh-cn/docs/setup/production-environment/
至少两台机器:
- k8s master
- k8s slave
设置好两个主机的 hostname 后,设置配置文件:
2.1 服务器配置最低要求
- 2g内存
- 2CPU
- 30g硬盘
- 内网互通(防火墙务必关闭)
按照上面的要求创建至少2台(一主一从)云服务器。
2.2 Linux配置
① 设置不同的hostname
hostnamectl set-hostname xxx
② 设置host与ip绑定
每个节点都要操作
vim /etc/hosts
## hosts
172.17.32.8 k8s-master
172.17.32.13 k8s-node
③ 关闭firewalld服务
systemctl stop firewalldsystemctl disable firewalld
④ 时间同步
若使用的云服务器,则忽略此步。
因为本地机器和云服务器时间可能不一致,所以需要同步时间。
启动chronyd服务
systemctl start chronyd
systemctl enable chronyddate
⑤ 关闭 selinux 安全策略
需要重启后生效!
[root@icv-monitor-platform-dev ~]# sed -i 's/enforcing/disabled/' /etc/selinux/config
[root@icv-monitor-platform-dev ~]# vim /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
# 临时关闭
[root@icv-monitor-platform-dev ~]# setenforce 0
⑥ 关闭 swap 分区
云服务器没有这个概念,可以不设置。
swap分区指虚拟内存分区,作用是物理内存使用完,之后将磁盘空间虚拟成内存来使用,启用swap设备会对系统的性能产生非常负面的影响,因此k8s要求每个节点都要禁用swap设备。
vi /etc/fstab
# /etc/fstab
# Created by anaconda on Thu May 17 07:47:58 2018
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
UUID=434ab0f6-eed6-49f5-9118-3744d8cbfb7e / ext4 defaults 1 1
# 如果有,则注释该⾏
/dev/mapper/centos-swap swap
# 临时关闭
swapoff -a
# 重启
reboot
# 检测 若 total 或者 free 正数,说明你没关闭成功
[root@icv-monitor-platform-dev ~]# free -m
total used free shared buff/cache available
Mem: 16045 7769 961 927 7315 7014
Swap: 0 0 0
[root@icv-monitor-platform-dev ~]#
⑦ 添加网桥过滤和地址转发功能
转发 IPv4 并让 iptables 看到桥接流量。
cat > /etc/sysctl.d/kubernetes.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF
# 应⽤ sysctl 参数使其⽣效⽽不重新启动
[root@icv-monitor-platform-dev ~]# sysctl --system
* Applying /usr/lib/sysctl.d/00-system.conf ...
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
* Applying /usr/lib/sysctl.d/10-default-yama-scope.conf ...
kernel.yama.ptrace_scope = 0
* Applying /usr/lib/sysctl.d/50-default.conf ...
kernel.sysrq = 16
kernel.core_uses_pid = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.promote_secondaries = 1
net.ipv4.conf.all.promote_secondaries = 1
fs.protected_hardlinks = 1
fs.protected_symlinks = 1
* Applying /etc/sysctl.d/99-sysctl.conf ...
* Applying /etc/sysctl.conf ...
[root@icv-monitor-platform-dev ~]#
基础环境
每台服务器
- 安装JDK环境
- 安装Docker,设置开机自启动
配置cgroup
vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://4t9ixk24.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"]
}
保证 k8s 和 docker 使用同一个systemd。
重启刷新
[root@icv-monitor-platform-dev ~]# systemctl daemon-reload
[root@icv-monitor-platform-dev ~]# systemctl restart docker
# 验证cgroupdriver 是否⽣效,看到systemd就表示OK
[root@icv-monitor-platform-dev ~]# docker info -f {{.CgroupDriver}}
systemd
[root@icv-monitor-platform-dev ~]# docker info | grep -i cgroup
Cgroup Driver: systemd
WARNING: bridge-nf-call-ip6tables is disabled
Cgroup Version: 1
[root@icv-monitor-platform-dev ~]#
以上内容全部配置好以后,重启 。所有节点都要执行以上操作!!!
