kubernetes安装教程: 集群规划和环境准备
1.集群规划
2.环境
关闭seLinux
vim /etc/selinux/config
his file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
关闭防火墙
systemctl stop firewalld
systemctl disable firewalld
systemctl stop iptables
systemctl disable iptables
官方文档对防火墙的说明:
什么意思呢?其实我也就半懂。大意是某些版本的Linux中,iptables使用的是nftables的后端,但nftables与kubeadm不兼容,会产生重复的防火墙规则,影响Kube-proxy,所以要切换到iptables为旧版模式,在debian 10 , Ubuntu 19.04 Fedora 29 中必须要切换。RHEL8不支持切换,所以不要使用Centos 8 rh8系统。centos的iptables是旧版模式,不用切换。但在centos中如果你一定要开启防火墙,那么千万别用firewalld。
我是内部集群,直接关闭firewalld和iptables
这是官网列出的应该开放的端口列表,如果你要使用防火墙,请规划好要安装的服务及所使用的端口,尽量在集群布署前设置好防火墙。比如ingress 的80 443 端口等。
关闭swap
swapoff -a
注掉自动挂载swap分区的配置项
vim /etc/fstab
# /etc/fstab
# Created by anaconda on Fri Sep 6 22:54:48 2019
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/centos-root / xfs defaults 0 0
UUID=821c700b-e16d-4fb1-b4c3-3191459bf92d /boot xfs defaults 0 0
/dev/mapper/centos-data /data xfs defaults 0 0
/dev/mapper/centos-home /home xfs defaults 0 0
#/dev/mapper/centos-swap swap swap defaults 0 0
配置系统参数
先查看是否已经加载br_netfilter模块
lsmod | grep br_netfilter
如果没有加载,手动加载
modprobe br_netfilter
之后配置下面一项系统参数
cat /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system
注:以上需要在所有主机上配置
本文来自投稿,不代表本人立场,如若转载,请注明出处:http://www.sosokankan.com/article/1767601.html