系统要求 centos 7

杂项

hostnamectl set-hostname $(ifconfig | grep 192 | awk '{print $2}' | awk -F '.' '{print "k8s-server-"$3"-"$4}')
sed -i 's/SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config
systemctl  stop firewalld
systemctl  disable firewalld
echo nameserver 192.168.150.129 > /etc/resolv.conf
yum -y install net-tools vim lrzsz wget telnet nmap
sed -i '/swap/d' /etc/fstab

ssh免登

mkdir /root/.ssh/
cat > /root/.ssh/authorized_keys << EOF
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDxAmHRgzhoBseu6DPevMvWvXg4F0Mrg064z+1Kk0P3ruglLqBMTB8l7ahsrfOKhY2aZgfFhIM/gsP7kGuN5xuRBbsAJC7G0+4Id5d6/KnOhxAlIkJzyfeDJkWR+4/7+o7nmGUfbJVVnWZpE/vGJpl0/x0xwW1dIUyrhvbk34Coo+o4gzN3yMFiEMHmkZCemD75c6b+Tu4JPZQxO0wdU1QCcPI1yH1sm0T2E8OFusclcnltLaqecSSamJ9/Yved3EnOV61ulHO92Syfa93T3bM5jZbG9oNcQz23R573Cr/8AwOarCISOO5kQcaMEnPp3aAcNNRMn1ijeee97257Mnb6b root@xx
EOF
chmod 700 /root/.ssh
chmod 600 /root/.ssh/authorized_keys
sed -i 's/PasswordAuthentication.*/PasswordAuthentication no/g' /etc/ssh/sshd_config
systemctl  reload sshd

useradd ansible
mkdir -p /home/ansible/.ssh
echo 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDxy4CRGCVBrLFxaIr+4thJN+XCn3CFFcD6SALO3J3G8v2E5jTYIrqZi2pctClPL7tkBLSzCtbq3KAG5AWY3kdJChOra+CxHxaqRMJTurkQuhuiyW4LiHlufGK0xiF8hDBj04SGvowZft3yIm/3eDQ7njKZDXCZkoYrddv323Z6Nrxw4YtEZTaJOdBWVfm1uyaNsiTI3c6N5jcSXUsszL8GUIw9tF0CjcLx7RrdtJ80TGj7dcK6PbFK62QuPy096OrdD2nYjTj9xn9LTxhGnnpYahhagBWgK98ki1Fx3X3WwcQdur0LpCBQ2kyOf9qxr+3I4OcYMt2myGHYIGWokQCC2j ansible@localhost.localdomain' >/home/ansible/.ssh/authorized_keys
chmod 700 /home/ansible/.ssh
chmod 600 /home/ansible/.ssh/authorized_keys
echo '%ansible ALL=(ALL) NOPASSWD:ALL' >>/etc/sudoers

安装docker

wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo
yum -y install docker-ce
systemctl enable docker && systemctl start docker

harbor login & download base image

#!/bin/bash
images="xx"
docker login harbor.xx.com --username=admin --password=asd
chattr +i /root/.docker/config.json
for image in ${images}
do
    docker pull ${image} &
done

安装kubernetes

cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
yum -y install kubeadm-1.18.8 kubelet-1.18.8 kubectl-1.18.8 ipvsadm
systemctl enable kubelet && systemctl start kubelet

cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF

调整参数

cat > /etc/sysconfig/kubelet << EOF
KUBELET_EXTRA_ARGS="--fail-swap-on=false --max-pods=100"
EOF


cat > /etc/security/limits.conf << EOF
* soft nofile 655350
* hard nofile 655350
* soft nproc 655350
* hard nproc 655350
EOF

echo fs.file-max = 6553600 >> /etc/sysct.conf
echo fs.nr_open = 6553600 >> /etc/sysct.conf

安装 glusterfs client

yum install -y glusterfs glusterfs-fuse rsync
echo 192.168.150.155 node1 >> /etc/hosts
echo 192.168.150.157 node2 >> /etc/hosts

安装ilogtail（已使用daemonset部署）

wget http://logtail-release-cn-hangzhou.oss-cn-hangzhou.aliyuncs.com/linux64/logtail.sh -O logtail.sh; chmod 755 logtail.sh; ./logtail.sh install cn-hangzhou-internet
echo yqn-office-k8s-log-qa > /etc/ilogtail/user_defined_id
touch /etc/ilogtail/users/1272341559673249

下载共享资源包

mkdir -p /opt/share/jacoco
cd /opt/share/jacoco
wget https://sss.oss-cn-hangzhou.aliyuncs.com/jacoco/jacocoagent.jar

升级内核

yum install https://www.elrepo.org/elrepo-release-7.el7.elrepo.noarch.rpm -y
yum --enablerepo=elrepo-kernel install -y  kernel-ml-devel kernel-ml
grub2-set-default 0
reboot

加入至kubernetes节点

ssh 192.168.150.183 " kubeadm token create --print-join-command"
获取信息后复制命令并执行，demo如下
kubeadm join 192.168.150.183:6444 --token jckflq.k6mbdw4owkvsg3or     --discovery-token-ca-cert-hash sha256:a9f69edb26ad9e849a0afaf4b2d53ewad319bc28eaf3047d08beba3d9f03634b