k8s集群部署-集群部署前准备

前言：本文章为个人测试环境记录，实验环境可能有所不同，cv请谨慎。

虚拟机IP规划：

• 10.220.180.120    k8s-server             master节点
• 10.220.180.130    k8s-client-01         node节点1
• 10.220.180.131    k8s-client-02         node节点2

服务器要求：

• 建议最小硬件配置：2核CPU、2G内存、20G硬盘
• 服务器最好可以访问外网，会有从网上拉取镜像需求，如果服务器不能上网，需要提前下载对应镜像并导入节点

软件环境：

• 系统版本：Linux 3.10.0-1160.el7.x86_64
• k8s版本：v1.23.0
• docker版本：24.0.7

Kubernetes部署前准备(所有节点都需操作)

# 关闭防火墙（虚拟机自己玩可以关闭防火墙，ECS注意端口）

[root@k8s-master ~]# systemctl stop firewalld
[root@k8s-master ~]# systemctl enable firewalld
Created symlink from /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service to /usr/lib/systemd/system/firewalld.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/firewalld.service to /usr/lib/systemd/system/firewalld.service.

# 关闭selinux

[root@k8s-master ~]# sed -i 's/enforcing/disabled/' /etc/selinux/config   # 永久
[root@k8s-master ~]# setenforce 0 # 临时

# 关闭swap

[root@k8s-master ~]# swapoff -a # 临时
[root@k8s-master ~]# sed -ri 's/.*swap.*/#&/' /etc/fstab # 永久

# 根据规划设置主机名

hostnamectl set-hostname <hostname>
master节点：k8s-master
node1节点：k8s-node1    
node2节点：k8s-node2

# 在所有节点添加hosts

[root@k8s-master ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.120.180.120 k8s-master 
10.120.180.130 k8s-node1 
10.120.180.131 k8s-node2

[root@k8s-node1 ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.120.180.120 k8s-master 
10.120.180.130 k8s-node1 
10.120.180.131 k8s-node2

[root@k8s-node2 ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.120.180.120 k8s-master 
10.120.180.130 k8s-node1 
10.120.180.131 k8s-node2

# 将桥接的IPv4流量传递到iptables

[root@k8s-master ~]# cat /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
[root@k8s-master ~]# sysctl --system # 生效

# 时间同步

[root@k8s-master ~]# vim /etc/chrony.conf
1 # Use public servers from the pool.ntp.org project.
2 # Please consider joining the pool (http://www.pool.ntp.org/join.html).
3 server ntp.aliyun.com    ##阿里的时间同步服务器
4 server ntp1.aliyun.com
5 
6 # Record the rate at which the system clock gains/losses time.
[root@k8s-master ~]# systemctl restart chronyd.service  ##重启生效
[root@k8s-master ~]# chronyc sources -v
210 Number of sources = 2

.-- Source mode '^' = server, '=' = peer, '#' = local clock.
/ .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| / '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
|| .- xxxx [ yyyy ] +/- zzzz
|| Reachability register (octal) -. | xxxx = adjusted offset,
|| Log2(Polling interval) --. | | yyyy = measured offset,
|| \ | | zzzz = estimated error.
|| | | \
MS Name/IP address Stratum Poll Reach LastRx Last sample 
===============================================================================
^* 203.107.6.88 2 6 7 5 +308us[+3854us] +/- 30ms
^+ 120.25.115.20 2 6 5 4 -15ms[ -15ms] +/- 31ms

##同步本地时间

[root@k8s-master ~]# date
Thu Feb 1 19:16:58 PST 2024
[root@k8s-master ~]# unlink /etc/localtime 
[root@k8s-master ~]# ln -s /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
[root@k8s-master ~]# date
Fri Feb 2 11:18:22 CST 2024

部署docker引擎部分

[root@k8s-master ~]# cat /etc/yum.repos.d/docker-ce.repo 
[docker-ce-stable]
name=Docker CE Stable - $basearch
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/$basearch/stable
enabled=1
gpgcheck=0

[root@k8s-master ~]#  yum install -y docker-ce docker-ce-cli
[root@k8s-master ~]# systemctl enable --now docker.service