# 基础环境设置 Kubernetes 需要一定的环境来保证正常运行,如各个节点时间同步,主机名称解析,关闭防火墙等等。 **主机名称解析** 分布式系统环境中的多主机通信通常基于主机名称进行,这在 IP 地址存在变化的可能 性时为主机提供了固定的访问人口,因此一般需要有专用的 DNS 服务负责解决各节点主机 不过,考虑到此处部署的是测试集群,因此为了降低系复杂度,这里将基于 hosts 的文件进行主机名称解析。 **修改hosts** 分别进入你的,服务器,进入 /etc/hosts 进行编辑 ``` vim /etc/hosts 192.168.1.100 master.k8s.io k8s-vip 192.168.1.101 master01.k8s.io k8s-master-01 192.168.1.102 master02.k8s.io k8s-master-02 192.168.1.103 node01.k8s.io k8s-node-01 192.168.1.104 node02.k8s.io k8s-node-02 192.168.1.105 harbor.k8s.io k8s-harbo ``` **修改hostname** 分别进入不同的服务器修改 hostname 名称 ``` # 修改 192.168.1.101 服务器 hostnamectl set-hostname k8s-master-01 # 修改 192.168.1.102 服务器 hostnamectl set-hostname k8s-master-02 # 修改 192.168.1.103 服务器 hostnamectl set-hostname k8s-node-01 # 修改 192.168.1.104 服务器 hostnamectl set-hostname k8s-node-02 ``` **主机时间同步** 将各个服务器的时间同步,并设置开机启动同步时间服务 **关闭防火墙服务** > 停止并禁用防火墙 ``` systemctl start chronyd.service systemctl enable chronyd.service systemctl stop firewalld systemctl disable firewalld ``` **关闭并禁用SELinux** ``` # 若当前启用了 SELinux 则需要临时设置其当前状态为 permissive setenforce 0 # 编辑/etc/sysconfig selinux 文件,以彻底禁用 SELinux sed -i 's/^SELINUX=enforcing$/SELINUX=disabled/' /etc/selinux/config # 查看selinux状态 getenforce ``` > 如果为permissive,则执行reboot重新启动即可 **禁用 Swap 设备** kubeadm 默认会预先检当前主机是否禁用了 Swap 设备,并在未用时强制止部署 过程因此,在主机内存资惊充裕的条件下,需要禁用所有的 Swap 设备 ``` # 关闭当前已启用的所有 Swap 设备 swapoff -a && sysctl -w vm.swappiness=0 # 编辑 fstab 配置文件,注释掉标识为 Swap 设备的所有行 sed -i 's/.*swap.*/#&/' /etc/fstab cat /etc/fstab ``` **设置系统参数** > 设置允许路由转发,不对bridge的数据进行处理 创建 /etc/sysctl.d/k8s.conf 文件 ``` vim /etc/sysctl.d/k8s.conf net.ipv4.ip_forward = 1 net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 ``` 启用br\_netfilter, ``` modprobe br_netfilter sysctl -p /etc/sysctl.d/k8s.conf ls /proc/sys/net/bridge ``` **资源配置文件** /etc/security/limits.conf 是 Linux 资源使用配置文件,用来限制用户对系统资源的使用 ``` echo "* soft nofile 65536" >> /etc/security/limits.conf echo "* hard nofile 65536" >> /etc/security/limits.conf echo "* soft nproc 65536" >> /etc/security/limits.conf echo "* hard nproc 65536" >> /etc/security/limits.conf echo "* soft memlock unlimited" >> /etc/security/limits.conf echo "* hard memlock unlimited" >> /etc/security/limits.conf ``` > 自centos7.3 以后,普通用户登录,会被/etc/security/limits.d/20-nproc.conf文件覆盖,需要在修改一下此文件 > > ``` > echo "* soft nofile 65536" >> /etc/security/limits.d/20-nproc.conf > echo "* hard nofile 65536" >> /etc/security/limits.d/20-nproc.conf > echo "* soft nproc 65536" >> /etc/security/limits.d/20-nproc.conf > echo "* hard nproc 65536" >> /etc/security/limits.d/20-nproc.conf > echo "* soft memlock unlimited" >> /etc/security/limits.d/20-nproc.conf > echo "* hard memlock unlimited" >> /etc/security/limits.d/20-nproc.conf > ``` **安装依赖包以及相关工具** ``` yum install -y epel-release yum install -y yum-utils device-mapper-persistent-data lvm2 net-tools conntrack-tools wget vim ntpdate libseccomp libtool-ltdl ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.k8stech.net/kubeadm-an-zhuang-kubernetes1.13.10/ji-chu-huan-jing-she-zhi.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.