v3.8.313
736 字
4 分钟
离线K8s_3)环境调优
本文主要针对CentOS7环境部署K8s所需的前置操作进行汇总
配置本地解析器
nano /etc/hosts # 修改解析器配置文件10.0.0.1 m01 # 4C4G 计划分配Master节点10.0.0.2 w01 # 2C2G 工作节点110.0.0.3 w02 # 2C2G 工作节点210.0.0.4 w03 # 2C2G 工作节点3nano /etc/hostname # 修改主机名m01 # 定义Master节点关闭Master节点交换分区与SELinux工具
swapoff -a && sed -i 's/.*swap.*/#&/g' /etc/fstab # 永久关闭节点交换分区setenforce 0 && sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config # 永久关闭SELinux调整Master节点防火墙策略
firewall-cmd --zone=public --add-port=2379/tcp --permanent # Etcd使用端口firewall-cmd --zone=public --add-port=2380/tcp --permanent # Etcd使用端口firewall-cmd --zone=public --add-port=4789/udp --permanent # Vxlan使用端口firewall-cmd --zone=public --add-port=5473/tcp --permanent # Cni使用端口firewall-cmd --zone=public --add-port=6443/tcp --permanent # Apiserver使用端口firewall-cmd --zone=public --add-port=6445/tcp --permanent # 自定义端口firewall-cmd --zone=public --add-port=6666/tcp --permanent # 自定义端口firewall-cmd --zone=public --add-port=9099/tcp --permanent # Calico网络插件使用端口firewall-cmd --zone=public --add-port=179/tcp --permanent # Bgp使用端口firewall-cmd --zone=public --add-port=30000-32767/tcp --permanent # Node使用端口firewall-cmd --zone=public --add-port=10250-10258/tcp --permanent # Master使用端口firewall-cmd --zone=public --add-port=53/tcp --permanent # Dns使用端口firewall-cmd --zone=public --add-port=53/udp --permanent # Dns使用端口firewall-cmd --zone=public --add-port=8443/tcp --permanent # Metrics-server使用端口firewall-cmd --zone=public --add-port=5000/tcp --permanent # Local-registry使用端口firewall-cmd --zone=public --add-port=5080/tcp --permanent # Local-apt使用端口firewall-cmd --zone=public --add-port=111/tcp --permanent # Rpcbind使用端口# 更新防火墙策略systemctl restart firewalld && firewall-cmd --zone=public --list-ports创建前置内核模组ipvs
cat > /etc/sysconfig/modules/ipvs.modules << EOF#!/bin/bashmodprobe -- ip_vsmodprobe -- ip_vs_rrmodprobe -- ip_vs_wrrmodprobe -- ip_vs_shmodprobe -- nf_conntrack_ipv4EOF# 授权生效chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep -e ip_vs -e nf_conntrack_ipv4确保内核已经加载了相应模块
# 如果 lsmod | grep ip_vs 并未出现 ip_vs_rr 等模块则成功cat > /etc/sysconfig/modules/ipvs.modules << EOF#!/bin/bashipvs_modules="ip_vs ip_vs_lc ip_vs_wlc ip_vs_rr ip_vs_wrr ip_vs_lblc ip_vs_lblcr ip_vs_dh ip_vs_sh ip_vs_fo ip_vs_nq ip_vs_sed ip_vs_ftp nf_conntrack_ipv4"for kernel_module in \\${ipvs_modules}; do /sbin/modinfo -F filename \\${kernel_module} > /dev/null 2>&1 if [ $? -eq 0 ]; then /sbin/modprobe \\${kernel_module} fidoneEOF# 授权生效chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep ip_vs增加桥接配置文件
cat > /etc/sysctl.d/k8s.conf << EOFnet.bridge.bridge-nf-call-ip6tables = 1net.bridge.bridge-nf-call-iptables = 1EOF# 关闭非必要服务组件systemctl stop postfix && systemctl disable postfix同步时间服务器及更换国内镜像源
# 同步时间服务器yum install -y ntpdate && ntpdate ntp2.aliyun.com
# 设置阿里云K8s镜像源cat > /etc/yum.repos.d/kubernetes.repo << EOF[kubernetes]name=Kubernetesbaseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/enabled=1gpgcheck=0repo_gpgcheck=1gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg<https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg>EOF
# 设置阿里云Docker镜像源cat > /etc/yum.repos.d/docker-ce.repo << EOF[docker-ce-stable]name=Docker CE Stable - $basearchbaseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/$basearch/stableenabled=1gpgcheck=1gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
[docker-ce-stable-debuginfo]name=Docker CE Stable - Debuginfo $basearchbaseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/debug-$basearch/stableenabled=0gpgcheck=1gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
[docker-ce-stable-source]name=Docker CE Stable - Sourcesbaseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/source/stableenabled=0gpgcheck=1gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
[docker-ce-test]name=Docker CE Test - $basearchbaseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/$basearch/testenabled=0gpgcheck=1gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
[docker-ce-test-debuginfo]name=Docker CE Test - Debuginfo $basearchbaseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/debug-$basearch/testenabled=0gpgcheck=1gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
[docker-ce-test-source]name=Docker CE Test - Sourcesbaseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/source/testenabled=0gpgcheck=1gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
[docker-ce-nightly]name=Docker CE Nightly - $basearchbaseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/$basearch/nightlyenabled=0gpgcheck=1gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
[docker-ce-nightly-debuginfo]name=Docker CE Nightly - Debuginfo $basearchbaseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/debug-$basearch/nightlyenabled=0gpgcheck=1gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
[docker-ce-nightly-source]name=Docker CE Nightly - Sourcesbaseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/source/nightlyenabled=0gpgcheck=1gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpgEOF
# 设置Master节点的阿里云系统镜像源wget -O /etc/yum.repos.d/CentOS-Base.repo <http://mirrors.aliyun.com/repo/Centos-7.repo>
# 刷新Listyum makecache && yum update -y注意:如果是完全离线的状态,镜像源改不改无所谓
以上便是本章节全部内容
离线K8s_3)环境调优
https://cyber-mobile.net/posts/离线k8s_3环境调优/