K8S搭建之基础环境搭建(PART 1)

Read

一、系统内核

[root@<span class='keyword-inner'><a href="https://note.t4x.org/kubernetes/" title="K8S,kubernetes" target="_blank">K8S</a></span>-master01 ~]# uname -a
Linux k8s-master01 5.14.0-176.el9.x86_64 #1 SMP PREEMPT_DYNAMIC Wed Oct 12 08:12:48 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux

0 1	[root@k8s-master01 ~]# uname -a Linux k8s-master01 5.14.0-176.el9.x86_64 #1 SMP PREEMPT_DYNAMIC Wed Oct 12 08:12:48 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux

二、HOSTS

[root@k8s-master01 ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.31.11 k8s-master01
192.168.31.12 k8s-master02
192.168.31.13 k8s-master03
192.168.31.21 k8s-node01
192.168.31.22 k8s-node02
192.168.31.23 k8s-node03
192.168.31.100 k8s-lb

[root@k8s-master01 ~]# cat /etc/hosts

127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4

::1 localhost localhost.localdomain localhost6 localhost6.localdomain6

192.168.31.11 k8s-master01

192.168.31.12 k8s-master02

192.168.31.13 k8s-master03

192.168.31.21 k8s-node01

192.168.31.22 k8s-node02

192.168.31.23 k8s-node03

192.168.31.100 k8s-lb

SourceByrd's Weblog-https://note.t4x.org/Kubernetes/k8s-base-info/

三、基本工具

[root@k8s-master01 ~]# dnf install wget jq psmisc vim net-tools telnet yum-utils device-mapper-persistent-data lvm2 git -y

0	[root@k8s-master01 ~]# dnf install wget jq psmisc vim net-tools telnet yum-utils device-mapper-persistent-data lvm2 git -y

SourceByrd's Weblog-https://note.t4x.org/kubernetes/k8s-base-info/

四、关闭不必要的服务

[root@k8s-master01 ~]# systemctl disable --now firewalld
Removed "/etc/systemd/system/multi-user.target.wants/firewalld.service".
Removed "/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service".
[root@k8s-master01 ~]# \cp /etc/selinux/config /etc/selinux/config_$(date +%F)
[root@k8s-master01 ~]# setenforce 0
[root@k8s-master01 ~]# \cp /etc/sysconfig/selinux /etc/sysconfig/selinux_$(date +%F)
[root@k8s-master01 ~]# sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/sysconfig/selinux
[root@k8s-master01 ~]# sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/selinux/config
[root@k8s-master01 ~]# vim /etc/sysconfig/selinux
[root@k8s-master01 ~]# vim /etc/selinux/config
[root@k8s-master01 ~]# swapoff -a && sysctl -w vm.swappiness=0
vm.swappiness = 0
[root@k8s-master01 ~]# sed -ri '/^[^#]*swap/s@^@#@' /etc/fstab
[root@k8s-master01 ~]# netstat -tunpl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1142/sshd: /usr/sbi
tcp6       0      0 :::22                   :::*                    LISTEN      1142/sshd: /usr/sbi
udp        0      0 127.0.0.1:323           0.0.0.0:*                           648/chronyd
udp6       0      0 ::1:323                 :::*                                648/chronyd
[root@k8s-master01 ~]# date
Tue Oct 25 02:39:37 PM CST 2022
[root@k8s-master01 ~]# ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime

[root@k8s-master01 ~]# systemctl disable --now firewalld

Removed "/etc/systemd/system/multi-user.target.wants/firewalld.service".

Removed "/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service".

[root@k8s-master01 ~]# \cp /etc/selinux/config /etc/selinux/config_$(date +%F)

[root@k8s-master01 ~]# setenforce 0

[root@k8s-master01 ~]# \cp /etc/sysconfig/selinux /etc/sysconfig/selinux_$(date +%F)

[root@k8s-master01 ~]# sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/sysconfig/selinux

[root@k8s-master01 ~]# sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/selinux/config

[root@k8s-master01 ~]# vim /etc/sysconfig/selinux

[root@k8s-master01 ~]# vim /etc/selinux/config

[root@k8s-master01 ~]# swapoff -a && sysctl -w vm.swappiness=0

vm.swappiness = 0

[root@k8s-master01 ~]# sed -ri '/^[^#]*swap/s@^@#@' /etc/fstab

[root@k8s-master01 ~]# netstat -tunpl

Active Internet connections (only servers)

Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name

tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1142/sshd: /usr/sbi

tcp6 0 0 :::22 :::* LISTEN 1142/sshd: /usr/sbi

udp 0 0 127.0.0.1:323 0.0.0.0:* 648/chronyd

udp6 0 0 ::1:323 :::* 648/chronyd

[root@k8s-master01 ~]# date

Tue Oct 25 02:39:37 PM CST 2022

[root@k8s-master01 ~]# ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime

SourceByrd's Weblog-https://note.t4x.org/kubernetes/k8s-base-info/

五、基本优化

[root@k8s-master01 ~]# tail -7 /etc/security/limits.conf
# End of file
*                soft    nofile           65535
*                soft    nproc            65535
*                hard    nofile           131072
*                hard    nproc            655350
*                soft    memlock          unlimited
*                hard    memlock          unlimited