生产环境关键性配置 17.1、关键性配置请参考视频,不要直接配置!
所有节点都改
vim /etc/docker/daemon.json
{ "registry-mirrors": [
"https://registry.docker-cn.com",
"http://hub-mirror.c.163.com",
"https://docker.mirrors.ustc.edu.cn"
],
"exec-opts": ["native.cgroupdriver=systemd"],
"max-concurrent-downloads": 10, "max-concurrent-uploads": 5, "log-opts": { "max-size": "300m", "max-file": "2" }, "live-restore": true }
max-concurrent-downloads # 下载并发数
max-concurrent-uploads # 上传并发数
max-size # 日志文件最大到多少切割 (此处是300m)
max-file # 日志文件保留个数 (此处是2个)
live-restore # 开启这个参数,重启docker不会影响上面的参数
# 所有节点改完重启docker
systemctl daemon-reload && systemctl restart docker
vim /usr/lib/systemd/system/kube-controller-manager.service
# 找个位置加上,在三个master节点
--experimental-cluster-signing-duration=876000h0m0s \
# 改完重启
systemctl daemon-reload && systemctl restart kube-controller-manager
# 所有节点,更换成以下的配置文件
[root@k8s-node02 ~]# cat /etc/systemd/system/kubelet.service.d/10-kubelet.conf
[Service]
Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.kubeconfig --kubeconfig=/etc/kubernetes/kubelet.kubeconfig"
Environment="KUBELET_SYSTEM_ARGS=--network-plugin=cni --cni-conf-dir=/etc/cni/net.d --cni-bin-dir=/opt/cni/bin"
Environment="KUBELET_CONFIG_ARGS=--config=/etc/kubernetes/kubelet-conf.yml --pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google_containers/pause-amd64:3.2"
Environment="KUBELET_EXTRA_ARGS=--node-labels=node.kubernetes.io/node='' --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 --image-pull-progress-deadline=30m "
ExecStart=
ExecStart=/usr/local/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_SYSTEM_ARGS $KUBELET_EXTRA_ARGS
# 所有节点、添加如下配置----- 注意请更具生成环境配置
vim /etc/kubernetes/kubelet-conf.yml
rotateServerCertificates: true
allowedUnsafeSysctls:
- "net.core*"
- "net.ipv4.*"
kubeReserved:
cpu: "10m"
memory: 10Mi
ephemeral-storage: 10Mi
systemReserved:
cpu: "1"
memory: 20Mi
ephemeral-storage: 1Gi
# 改完重启
systemctl daemon-reload && systemctl restart kubelet
# 查看日志没报错就行
[root@k8s-master01 ~]# tail -f /var/log/messages
# 角色名字更改
[root@k8s-master01 ~]# kubectl label node k8s-master01 node-role.kubernetes.io/matser=''
node/k8s-master01 labeled
[root@k8s-master01 ~]# kubectl get node
NAME STATUS ROLES AGE VERSION
k8s-master01 Ready matser 129m v1.20.0 # 成功更改
k8s-master02 Ready <none> 129m v1.20.0
k8s-master03 Ready <none> 129m v1.20.0
k8s-node01 Ready <none> 129m v1.20.0
k8s-node02 Ready <none> 129m v1.20.0
18、安装总结
1、 kubeadm
2、 二进制
3、 自动化安装
a) Ansible
i. Master节点安装不需要写自动化。
ii. 添加Node节点,playbook。
4、 安装需要注意的细节
a) 上面的细节配置
b) 生产环境中etcd一定要和系统盘分开,一定要用ssd硬盘。
c) Docker数据盘也要和系统盘分开,有条件的话可以使用ssd硬盘