pve 制作euler系统模板
-
安装配置cloud-init和qemu-guest-agent
-
安装cloud-init
便于后续管理,比如创建虚拟机的时候分配IP,创建用户,后续磁盘扩容等
yum install cloud-init cloud-utils -y相应的在PVE上添加cloud-init硬件,就一个CD-ROM,随便指定一个共享的存储位置即可
-
安装qemu-guest-agent
可以在虚拟机的概要界面直接看到IP地址,也可以通过它获取或修改虚拟机配置
yum install qemu-guest-agent -y
-
修改和清理配置
修改cloud-init的配置文件/etc/cloud/cloud.cfg,允许ssh密码登录,禁止修改网卡vim /etc/cloud/cloud.cfg ssh_pwauth 1 #添加一个network network: config: disabled cloud_init_modules: .... - network
-
-
安装 docker1
-
安装ipset及ipvsadm
yum -y install ipset ipvsadm #配置ipvsadm模块加载方式.添加需要加载的模块 cat > /etc/sysconfig/modules/ipvs.module <<EOF modprobe -- ip_vs modprobe -- ip_vs_sh modprobe -- ip_vs_rr modprobe -- ip_vs_wrr modprobe -- nf_conntrack EOF 授权、运行、检查是否加载 chmod 755 /etc/sysconfig/modules/ipvs.module && /etc/sysconfig/modules/ipvs.module 查看对应的模块是否加载成功 # lsmod | grep -e ip_vs -e nf_conntrack_ipv4 -
关闭SWAP分区
#临时关闭 swapoff -a #永远关闭swap分区,需要重启操作系统 sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab -
关闭防火墙
#关闭现有防火墙firewalld systemctl disable firewalld systemctl stop firewalld firewall-cmd --state not running -
关闭selinux
#临时关闭 setenforce 0 #永久生效 sed -ri 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config -
配置内核转发及网桥过滤
#开启内核路由转发 sed -i 's/net.ipv4.ip_forward=0/net.ipv4.ip_forward=1/g' /etc/sysctl.conf #添加网桥过滤及内核转发配置文件 cat <<EOF >/etc/sysctl.d/k8s.conf net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 vm.swappiness = 0 EOF 配置加载br_netfilter模块 cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf overlay br_netfilter EOF #加载br_netfilter overlay模块 modprobe br_netfilter modprobe overlay #查看是否加载 lsmod | grep br_netfilter br_netfilter 22256 0 使用默认配置文件生效 sysctl -p #使用新添加配置文件生效 sysctl -p /etc/sysctl.d/k8s.conf -
安装container 容器
-
使用containerd 作为容器,下载 containerd 包
wget https://github.com/containerd/containerd/releases/download/v1.6.6/cri-containerd-cni-1.7.22-linux-amd64.tar.gz 这里需要制定解压目录为【/】,包自带结构。 tar zxvf cri-containerd-cni-1.6.6-linux-amd64.tar.gz -C / -
创建容器目录
mkdir /etc/containerd -
生成容器配置文件
containerd config default >> /etc/containerd/config.toml -
配置systemdcgroup 驱动程序
vim /etc/containerd/config.toml [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc] ... [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options] SystemdCgroup = true [plugins."io.containerd.grpc.v1.cri"] sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.2" #删除32的disabled_plugins disabled_plugins = [] #修改disabled_plugins = ["cri"] disabled_plugins = ["io.containerd.cri.v1"] -
更新runc,因为cri-containerd-cni-1.6.6-linux-amd64.tar.gz的runc二进制文件有问题,最后说明。这一步很重要 ✰ ✰ ✰ ✰ ✰ ✰ ✰ ✰ ✰ ✰ ✰ ✰
wget https://github.com/opencontainers/runc/releases/download/v1.1.3/runc.amd64 mv runc.amd64 /usr/local/sbin/runc chmod +x /usr/local/sbin/runc -
启动containerd服务
systemctl start containerd systemctl enable containerd
-
-
安装cri-dockerd
# 下载 wget https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.3/cri-dockerd-0.3.3.amd64.tgz tar -xf cri-dockerd-0.3.3.amd64.tgz cp cri-dockerd/cri-dockerd /usr/bin/ chmod +x /usr/bin/cri-dockerd # 配置启动文件 cat <<"EOF" > /usr/lib/systemd/system/cri-docker.service [Unit] Description=CRI Interface for Docker Application Container Engine Documentation=https://docs.mirantis.com After=network-online.target firewalld.service docker.service Wants=network-online.target Requires=cri-docker.socket [Service] Type=notify ExecStart=/usr/bin/cri-dockerd --network-plugin=cni --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.7 ExecReload=/bin/kill -s HUP $MAINPID TimeoutSec=0 RestartSec=2 Restart=always StartLimitBurst=3 StartLimitInterval=60s LimitNOFILE=infinity LimitNPROC=infinity LimitCORE=infinity TasksMax=infinity Delegate=yes KillMode=process [Install] WantedBy=multi-user.target EOF # 生成socket 文件 cat <<"EOF" > /usr/lib/systemd/system/cri-docker.socket [Unit] Description=CRI Docker Socket for the API PartOf=cri-docker.service [Socket] ListenStream=%t/cri-dockerd.sock SocketMode=0660 SocketUser=root SocketGroup=docker [Install] WantedBy=sockets.target EOF # 启动CRI-DOCKER systemctl daemon-reload systemctl start cri-docker systemctl enable cri-docker systemctl is-active cri-docker -
kubernetes YUM源准备
cat >/etc/yum.repos.d/kubernetes.repo << EOF [kubernetes] name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64 enabled=1 gpgcheck=0 repo_gpgcheck=0 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg EOF yum clean all && yum makecache #安装kubernetes # 查看所有的可用版本 yum list kubeadm kubelet kubectl --showduplicates | sort -r yum install kubelet-1.24.2 kubeadm-1.24.2 kubectl-1.24.2 -y #安装后查看版本 kubeadm version kubeadm version: &version.Info{Major:"1", Minor:"24", GitVersion:"v1.24.2", GitCommit:"f66044f4361b9f1f96f0053dd46cb7dce5e990a8", GitTreeState:"clean", BuildDate:"2022-06-15T14:20:54Z", GoVersion:"go1.18.3", Compiler:"gc", Platform:"linux/amd64"} 设置kubelet为开机自启动即可,由于没有生成配置文件,集群初始化后自动启动 systemctl enable kubelet --now #此时kubelet状态是activating的,不是active的 systemctl is-active kubelet -
配置kubelet
为了实现docker使用的cgroupdriver与kubelet使用的cgroup的一致性,建议修改如下文件内容。cat <<EOF > /etc/sysconfig/kubelet KUBELET_EXTRA_ARGS="--cgroup-driver=systemd" EOF -
清理文件和关机
yum clean all > /etc/machine-id rm -f /etc/ssh/ssh_host_* rm -rf /root/.ssh/ rm -f /root/anaconda-ks.cfg rm -f /var/log/boot.log rm -f /var/log/cron rm -f /var/log/dmesg rm -f /var/log/grubby rm -f /var/log/lastlog rm -f /var/log/maillog rm -f /var/log/messages rm -f /var/log/secure rm -f /var/log/spooler rm -f /var/log/tallylog rm -f /var/log/wpa_supplicant.log rm -f /var/log/wtmp rm -f /var/log/yum.log rm -f /var/log/audit/audit.log rm -f /var/log/ovirt-guest-agent/ovirt-guest-agent.log rm -f /var/log/tuned/tuned.log rm -f /etc/udev/rules/70-persistent-*-rules rm -f /root/.bash_history history -c init 0
安装docker
以22.sp2为例 ↩