生产级K8S基础环境部署-20210917

cat /etc/fstab

/dev/mapper/centos-swap swap swap defaults 0 0

• 关闭NetworkManager 🐏

systemctl disable --now NetworkManager

• 进行时间同步（有自己的时间服务器更好）🐒

安装

rpm -ivh http://mirrors.wlnmp.com/centos/wlnmp-release-centos.noarch.rpm

yum -y install ntpdate

同步

ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime

echo ‘Asia/Shanghai’ >/etc/timezone

ntpdate ntp.aliyun.com

crontab -e

crontab -l

*/5 * * * * ntpdate ntp.aliyun.com

• 配置ulimit 🐓

ulimit -SHn 65535

vim /etc/security/limits.conf

• soft nofile 655360

• hard nofile 131072

• soft nproc 655350

• hard nproc 655350

• seft memlock unlimited

• hard memlock unlimitedd

• 配置免密登录（从主master向其他节点分发）🐕

ssh-keygen -t rsa

ssh-copy-id -i .ssh/id_rsa.pub 其他主机

• 升级系统到最新（跳过内核）🐖

yum update -y --exclude=kernel*

• 升级内核至4.18版本以上 o(=•ェ•=)m🐱

cd /root/

wget http://193.49.22.109/elrepo/kernel/el7/x86_64/RPMS/kernel-ml-4.19.12-1.el7.elrepo.x86_64.rpm

wget http://193.49.22.109/elrepo/kernel/el7/x86_64/RPMS/kernel-ml-devel-4.19.12-1.el7.elrepo.x86_64.rpm

yum -y localinstall kernel-ml*

grub2-set-default 0 && grub2-mkconfig -o /etc/grub2.cfg && grubby --args=“user_namespace.enable=1” --update-kernel=“$(grubby --default-kernel)”

reboot

uname -r

• 安装ipvsadm 🦊

yum install ipvsadm ipset sysstat conntrack libseccomp –y

vim /etc/modules-load.d/ipvs.conf

cat /etc/modules-load.d/ipvs.conf

ip_vs

ip_vs_rr

ip_vs_wrr

ip_vs_sh

nf_conntrack

ip_tables

ip_set

xt_set

ipt_set

ipt_rpfilter

ipt_REJECT

ipip

systemctl enable --now systemd-modules-load.service

lsmod | grep -e ip_vs -e nf_conntrack_ipv4

ip_vs_sh 16384 0

ip_vs_wrr 16384 0

ip_vs_rr 16384 0

ip_vs 151552 6 ip_vs_rr,ip_vs_sh,ip_vs_wrr

nf_conntrack 143360 1 ip_vs

libcrc32c 16384 3 nf_conntrack,xfs,ip_vs

• 修改内核参数 🐻

cat < /etc/sysctl.d/k8s.conf

net.ipv4.ip_forward = 1

net.bridge.bridge-nf-call-iptables = 1

fs.may_detach_mounts = 1

vm.overcommit_memory=1

vm.panic_on_oom=0

fs.inotify.max_user_watches=89100

fs.file-max=52706963

fs.nr_open=52706963

net.netfilter.nf_conntrack_max=2310720

net.ipv4.tcp_keepalive_time = 600

net.ipv4.tcp_keepalive_probes = 3

net.ipv4.tcp_keepalive_intvl =15

net.ipv4.tcp_max_tw_buckets = 36000

net.ipv4.tcp_tw_reuse = 1

net.ipv4.tcp_max_orphans = 327680

net.ipv4.tcp_orphan_retries = 3

net.ipv4.tcp_syncookies = 1

net.ipv4.tcp_max_syn_backlog = 16384

net.ipv4.ip_conntrack_max = 65536

net.ipv4.tcp_max_syn_backlog = 16384

net.ipv4.tcp_timestamps = 0

net.core.somaxconn = 16384

EOF

读者福利

由于篇幅过长，就不展示所有面试题了，感兴趣的小伙伴

更多笔记分享

net.core.somaxconn = 16384

EOF

读者福利

由于篇幅过长，就不展示所有面试题了，感兴趣的小伙伴

[外链图片转存中…(img-HW3Xv8E9-1721194682933)]

[外链图片转存中…(img-DyIIXgWj-1721194682934)]

[外链图片转存中…(img-CbVgfsbc-1721194682934)]

更多笔记分享

[外链图片转存中…(img-f9bRBhPO-1721194682935)]