下载掌阅APP,畅读海量书库
立即打开
4.3 配置基础环境 |
|
由于Kubernetes集群对基础环境有要求,下面介绍如何在集群中的所有节点上完成Kubernetes集群的配置。
1)关闭防火墙和SELinux:
#关闭防火墙 $ sudo systemctl stop firewalld $ sudo systemctl disable firewalld #临时关闭SELinux $ sudo setenforce 0 #关闭开机启用SELinux $ sudo sed -i 's/SELINUX=permissive/SELINUX=disabled/' /etc/sysconfig/selinux
2)关闭Swap:
#临时关闭Swap $ sudo swapoff -a #关闭开机自动挂载Swap分区 $ sudo sed -ri 's@(^/.*swap.*)@#\1@g' /etc/fstab #查看内存情况,Swap为0表示已经关闭成功 $ free -m total used free shared buff/cache available Mem: 1839 162 653 16 1022 1453 Swap: 0 0 0
3)加载IPVS相关内核模块:
$ sudo modprobe ip_vs $ sudo modprobe ip_vs_rr $ sudo modprobe ip_vs_wrr $ sudo modprobe ip_vs_sh $ sudo modprobe nf_conntrack_ipv4 #查看IPVS相关内核模块是否导入成功 $ sudo lsmod | grep ip_vs ip_vs_sh 12688 0 ip_vs_wrr 12697 0 ip_vs_rr 12600 0 ip_vs 141092 6 ip_vs_rr,ip_vs_sh,ip_vs_wrr nf_conntrack 133387 7 ip_vs,nf_nat,nf_nat_ipv4,xt_conntrack,nf_nat_ masquerade_ipv4,nf_conntrack_netlink,nf_conntrack_ipv4 libcrc32c 12644 4 xfs,ip_vs,nf_nat,nf_conntrack #配置开机自动导入IPVS相关内核模块 $ sudo tee /etc/modules-load.d/k8s-ipvs.conf <<-'EOF' ip_vs ip_vs_rr ip_vs_wrr ip_vs_sh nf_conntrack_ipv4 EOF #查看IPVS相关内核模块配置 $ sudo cat /etc/modules-load.d/k8s-ipvs.conf ip_vs ip_vs_rr ip_vs_wrr ip_vs_sh nf_conntrack_ipv4
4)RHEL/CentOS 7需要的特殊配置:
$ sudo tee /etc/sysctl.d/k8s.conf <<-'EOF'
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
vm.swappiness=0
EOF
#使配置生效
$ sudo sysctl --system
...
* Applying /etc/sysctl.d/k8s.conf ...
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
vm.swappiness = 0
* Applying /etc/sysctl.conf ...
5)开启Forward。Docker从1.13版本开始调整了默认的防火墙规则,禁用了iptables filter表中FOWARD链,这可能会引起Kubernetes集群中跨Node的Pod无法正常通信,本次实验并没执行此步骤,如果碰到上述问题,可以使用如下方式开启:
$ sudo iptables -P FORWARD ACCEPT
$ sudo sed -i '/ExecStart/a ExecStartPost=/sbin/iptables -P FORWARD ACCEPT' /
usr/lib/systemd/system/docker.service
$ sudo systemctl daemon-reload
6)配置Hosts解析:
#配置Hosts解析 $ sudo tee /etc/hosts <<-'EOF' 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 11.11.11.111 lab1 11.11.11.112 lab2 11.11.11.113 lab3 EOF #解析测试 $ ping -c2 lab1 PING lab1 (11.11.11.111) 56(84) bytes of data. 64 bytes from lab1 (11.11.11.111): icmp_seq=1 ttl=64 time=0.034 ms 64 bytes from lab1 (11.11.11.111): icmp_seq=2 ttl=64 time=0.068 ms --- lab1 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 999ms rtt min/avg/max/mdev = 0.034/0.051/0.068/0.017 ms $ ping -c2 lab2 PING lab2 (11.11.11.112) 56(84) bytes of data. 64 bytes from lab2 (11.11.11.112): icmp_seq=1 ttl=64 time=2.00 ms 64 bytes from lab2 (11.11.11.112): icmp_seq=2 ttl=64 time=1.09 ms --- lab2 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1002ms rtt min/avg/max/mdev = 1.094/1.549/2.005/0.457 ms $ ping -c2 lab3 PING lab3 (11.11.11.113) 56(84) bytes of data. 64 bytes from lab3 (11.11.11.113): icmp_seq=1 ttl=64 time=0.100 ms 64 bytes from lab3 (11.11.11.113): icmp_seq=2 ttl=64 time=0.031 ms --- lab3 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1000ms
7)配置Kubelet:
$ DOCKER_CGROUPS=$(sudo docker info | grep 'Cgroup' | cut -d' ' -f3)
$ echo $DOCKER_CGROUPS
$ sudo tee /etc/sysconfig/kubelet <<-EOF
KUBELET_EXTRA_ARGS="--cgroup-driver=$DOCKER_CGROUPS --pod-infra-container-
image=registry.cn-hangzhou.aliyuncs.com/google_containers/pause-amd64:3.1"
EOF
#查看配置
$ sudo cat /etc/sysconfig/kubelet
KUBELET_EXTRA_ARGS="--cgroup-driver=cgroupfs --pod-infra-container-image=registry.
cn-hangzhou.aliyuncs.com/google_containers/pause-amd64:3.1"
#重新加载配置
$ sudo systemctl daemon-reload