(一)kubernetes1.29.4离线部署之-安装文件准备
(二)kubernetes1.29.4离线部署之-镜像文件准备
(三)kubernetes1.29.4离线部署之-环境初始化
(四)kubernetes1.29.4离线部署之-组件安装
(五)kubernetes1.29.4离线部署之-初始化第一个控制平面
(六)kubernetes1.29.4离线部署之-加入Node节点
(七)kubernetes1.29.4离线部署之-网络插件
(八)kubernetes1.29.4离线部署之-测试验证
备注: 完整版请参阅 【k8s】Kubernetes 1.29.4离线安装部署(总)
离线镜像文件准备
**注意: **离线安装需要准备大量的镜像,这一步千万要仔细否则会出现各种意想不到的问题
需要准备的镜像文件
- kube-apiserver
- kube-controller-manager
- kube-scheduler
- kube-proxy
- kube-proxy
- coredns
- pause
- etcd
以上镜像文件可以从: registry.cn-hangzhou.aliyuncs.com/google_containers下载
- calico/node
- calico/kube-controllers
- calico/node
- calico/typha
- calico/node-driver-registrar
- calico/csi
- calico/cni
- calico/ctl
- calico/pod2daemon-flexvol
- calico/apiserver
以上可以直接从docker.io下载即可
注意: 以上所有的镜像文件务必准备到位。本文脚本中的几个版本便令注意修改到位:
KUBERNETES_VERSION=${KUBERNETES_VERSION:-“v1.29.4”}
COREDNS_VERSION=${COREDNS_VERSION:-‘v1.11.1’}
PAUSE_VERSION=${PAUSE_VERSION:-‘3.9’}
ETCD_VERSION=${ETCD_VERSION:-‘3.5.12-0’}
REGISTRY_VERSION=${REGISTRY_VERSION:-‘2.8.3’}
CALICO_VERSION=${CALICO_VERSION:-‘v3.27.3’}
完整的镜像下载脚本
#!/bin/bash
ENV_CFG=./env.cfg
if [ -f ${ENV_CFG} ] ; then
chmod 777 ${ENV_CFG}
source ${ENV_CFG}
fi
image_list="${IMAGE_DOMAIN}/${IMAGE_NAMESPACE}/kube-apiserver:${KUBERNETES_VERSION}
${IMAGE_DOMAIN}/${IMAGE_NAMESPACE}/kube-controller-manager:${KUBERNETES_VERSION}
${IMAGE_DOMAIN}/${IMAGE_NAMESPACE}/kube-scheduler:${KUBERNETES_VERSION}
${IMAGE_DOMAIN}/${IMAGE_NAMESPACE}/kube-proxy:${KUBERNETES_VERSION}
${IMAGE_DOMAIN}/${IMAGE_NAMESPACE}/coredns:${COREDNS_VERSION}
${IMAGE_DOMAIN}/${IMAGE_NAMESPACE}/pause:${PAUSE_VERSION}
${IMAGE_DOMAIN}/${IMAGE_NAMESPACE}/etcd:${ETCD_VERSION}
calico/node:${CALICO_VERSION}
calico/kube-controllers:${CALICO_VERSION}
calico/node:${CALICO_VERSION}
calico/typha:${CALICO_VERSION}
calico/node-driver-registrar:${CALICO_VERSION}
calico/csi:${CALICO_VERSION}
calico/cni:${CALICO_VERSION}
calico/ctl:${CALICO_VERSION}
calico/pod2daemon-flexvol:${CALICO_VERSION}
calico/apiserver:${CALICO_VERSION}
"
#${IMAGE_DOMAIN}/${IMAGE_NAMESPACE}/registry:${REGISTRY_VERSION}
newimage_list=()
for image in ${image_list}; do
docker pull "${image}"
newimage=$(echo $image | sed -e "s/calico/${LOCAL_IMAGE_DOMAIN}\/calico/")
newimage=$(echo $newimage | sed -e "s/${IMAGE_DOMAIN}\/${IMAGE_NAMESPACE}/${LOCAL_IMAGE_DOMAIN}\/${LOCAL_IMAGE_NAMESPACE}/")
newimage_list+="${newimage} "
docker tag $image $newimage
docker push $newimage
done
docker save -o qinghub-kube-"${VERSION}".tar ${newimage_list}
轻云官方下载
https:/qingplus.cn/pkg/kubernetes/v1.29.4/qinghub-kube-v1.29.4.tar
下载完成后再手动导入所有的镜像即可。详细过程不在细说。
环境初始化
检查步骤
- 关闭防火墙
- 关闭 swap partition permanently
- 配置检查时间同步
- 配置安装时间同步组件
- 配置检查 nfs-utils kubeadmin方式安装不需要检查
- 配置检查内核版本
- 配置检查资源情况
- 配置检查SSH
- 配置检查系统配置
- 配置检查转发 IPv4
- 配置检查Docker用户并添加ssh免密认证<authoirzed_keys> (建议手动执行)
- 配置检查Docker (容器运行时为Containerd时,不需要检查)
- 配置检查Docker用户权限 (容器运行时为Containerd时,不需要检查)
- 配置检查网络
完整的初始化脚本
#!/bin/bash
###############################################
# QingHub K8S Install 版本: $VERSION
# 架构: $ARCH_TYPE 目前版本主要支持amd64,其他待敬请期待
# 操作系统: $os_type
# QingHub Studio官网: https://qinghub.net
# 如过您安装遇到问题,请到官网查找官方联系方式或加支持群:
# https://qinghub.net
###############################################
ENV_CFG=./env.cfg
if [ -f ${ENV_CFG} ] ; then
chmod 777 ${ENV_CFG}
source ${ENV_CFG}
fi
export CONSOLE=${CONSOLE:-false}
os_type=$(cat /etc/os-release | grep "^ID=" | awk -F= '{print $2}' | tr -d [:punct:])
os_version_id=$(cat /etc/os-release | grep "VERSION_ID=" | awk -F= '{print $2}' | tr -d [:punct:])
if [ "$EUID" -ne 0 ]; then
if [ "$LANG" == "zh_CN.UTF-8" ]; then
echo -e "${RED}[ERROR] 当前用户不是 root 用户,请切换到 root 用户执行该脚本.${NC}"
exit 1
else
echo -e "${RED}[ERROR] Current user is not root user, please switch to root user to execute the script.${NC}"
exit 1
fi
fi
if [ -z "$SSH_RSA" ]; then
if [ "$LANG" == "zh_CN.UTF-8" ]; then
echo -e "${RED}[ERROR] 请设置环境变量 SSH_RSA, 该变量为 SSH 公钥.${NC}"
exit 1
else
echo -e "${RED}[ERROR] Please set the environment variable SSH_RSA, the variable is SSH public key.${NC}"
exit 1
fi
fi
###############################################
# 新增ubuntu 用户
# QingHub Studio官网: https://qinghub.net
# 如过您安装遇到问题,请到官网查找官方联系方式或加支持群:
# https://qinghub.net
###############################################
function add_user_in_ubuntu() {
useradd --create-home -s /bin/bash -g root "$1"
echo "$1":"$2" | chpasswd
if [ "$LANG" == "zh_CN.UTF-8" ]; then
echo -e "${GREEN}[INFO] 用户 $1 已经创建.${NC}"
else
echo -e "${GREEN}[INFO] User $1 has been created.${NC}"
fi
}
###############################################
# 新增redhat 用户
# QingHub Studio官网: https://qinghub.net
# 如过您安装遇到问题,请到官网查找官方联系方式或加支持群:
# https://qinghub.net
###############################################
function add_user_in_redhat() {
adduser -g root "$1"
echo "$1":"$2" | chpasswd
if [ "$LANG" == "zh_CN.UTF-8" ]; then
echo -e "${GREEN}[INFO] 用户 $1 已经创建.${NC}"
else
echo -e "${GREEN}[INFO] User $1 has been created.${NC}"
fi
}
###############################################
# 描述: 检查并新增用户, 有些版本可以不用检查,请使用时根据
# 情况自行注释掉
# QingHub Studio官网: https://qinghub.net
# 如过您安装遇到问题,请到官网查找官方联系方式或加支持群:
# https://qinghub.net
###############################################
function check_user() {
if ! grep -q docker /etc/group; then
groupadd --force docker
fi
if id -u "${DOCKER_USER}" >/dev/null 2>&1; then
if ! id -nG "${DOCKER_USER}" | grep -qw "docker"; then
gpasswd -a "${DOCKER_USER}" docker
fi
if [ "$LANG" == "zh_CN.UTF-8" ]; then
echo -e "${GREEN}[INFO] 用户 ${DOCKER_USER} 已经存在.${NC}"
else
echo -e "${GREEN}[INFO] User ${DOCKER_USER} already exists.${NC}"
fi
else
case $os_type in
centos|redhat|euleros|fusionos|anolis|kylin|rhel|rocky|fedora|openEuler)
add_user_in_redhat "${DOCKER_USER}" "${DOCKER_PASS}"
;;
ubuntu|debian)
add_user_in_ubuntu "${DOCKER_USER}" "${DOCKER_PASS}"
;;
*)
if [ "$LANG" == "zh_CN.UTF-8" ]; then
echo -e "${RED}[ERROR] 暂不支持 $os_type 操作系统.${NC}"
exit 1
else
echo -e "${RED}[ERROR] The $os_type operating system is temporarily not supported.${NC}"
exit 1
fi
;;
esac
fi
$CONSOLE
$CONSOLE || add_ssh_rsa "${DOCKER_USER}"
}
function add_ssh_rsa() {
if id -u "$user" >/dev/null 2>&1; then
if [ ! -d "/home/$1/.ssh" ]; then
if [ "$LANG" == "zh_CN.UTF-8" ]; then
echo -e "${GREEN}[INFO] 创建 /home/$1/.ssh 目录.${NC}"
else
echo -e "${GREEN}[INFO] Create /home/$1/.ssh directory.${NC}"
fi
mkdir -p /home/"$1"/.ssh
fi
if [ -f "/home/$1/.ssh/authorized_keys" ]; then
if [ "$LANG" == "zh_CN.UTF-8" ]; then
echo -e "${GREEN}[INFO] /home/$1/.ssh/authorized_keys 已经存在.${NC}"
else
echo -e "${GREEN}[INFO] /home/$1/.ssh/authorized_keys already exists.${NC}"
fi
chmod 777 /home/"$1"/.ssh/authorized_keys
if ! < /home/"$1"/.ssh/authorized_keys grep -q "$SSH_RSA"; then
echo "$SSH_RSA" >> /home/"$1"/.ssh/authorized_keys
fi
else
if [ "$LANG" == "zh_CN.UTF-8" ]; then
echo -e "${GREEN}[INFO] 创建 /home/$1/.ssh/authorized_keys.${NC}"
else
echo -e "${GREEN}[INFO] Create /home/$1/.ssh/authorized_keys.${NC}"
fi
touch /home/"$1"/.ssh/authorized_keys
chmod 777 /home/"$1"/.ssh/authorized_keys
echo "$SSH_RSA" > /home/"$1"/.ssh/authorized_keys
fi
if < /home/"$1"/.ssh/authorized_keys grep -q "$SSH_RSA"; then
if [ "$LANG" == "zh_CN.UTF-8" ]; then
echo -e "${GREEN}[INFO] 成功将 SSH 公钥添加到 /home/$1/.ssh/authorized_keys.${NC}"
else
echo -e "${GREEN}[INFO] Successfully added ssh public key to /home/$1/.ssh/authorized_keys.${NC}"
fi
else
if [ "$LANG" == "zh_CN.UTF-8" ]; then
echo -e "${RED}[ERROR] 将 SSH 公钥添加到 /home/$1/.ssh/authorized_keys 失败.${NC}"
exit 1
else
echo -e "${RED}[ERROR] Add ssh public key to /home/$1/.ssh/authorized_keys failed.${NC}"
exit 1
fi
fi
chmod 600 /home/"$1"/.ssh/authorized_keys
chown -R "$1":"$1" /home/"$1"/.ssh
fi
}
function check_user_permission(){
if su ${DOCKER_USER} -c "docker ps" >/dev/null 2>&1; then
if [ "$LANG" == "zh_CN.UTF-8" ]; then
echo -e "${GREEN}[INFO] Docker 用户有权限执行 docker 命令.${NC}"
else
echo -e "${GREEN}[INFO] Docker users have the permission to execute docker commands.${NC}"
fi
else
if [ "$LANG" == "zh_CN.UTF-8" ]; then
echo -e "${RED}[ERROR] Docker 用户无权限执行 docker 命令, 请尝试重启docker 'systemctl restart docker'. 重启 docker 后, 再次执行该脚本.${NC}"
exit 1
else
echo -e "${RED}[ERROR] Docker users have no permission to execute docker commands, Please try to restart docker 'systemctl restart docker'. After restarting docker, execute the script again.${NC}"
exit 1
fi
fi
}
###############################################
# 描述: 关闭防火墙
# QingHub Studio官网: https://qinghub.net
# 如过您安装遇到问题,请到官网查找官方联系方式或加支持群:
# https://qinghub.net
###############################################
function disable_firewalld() {
if systemctl status firewalld | grep Active | grep -q running >/dev/null 2>&1; then
systemctl stop firewalld >/dev/null 2>&1
systemctl disable firewalld >/dev/null 2>&1
if [ "$LANG" == "zh_CN.UTF-8" ]; then
echo -e "${GREEN}[INFO] 检测到 Firewalld 服务已启动,正在将 Firewalld 服务关闭并禁用.${NC}"
else
echo -e "${GREEN}[INFO] The Firewalld service has been started, Firewalld service is being turned off and disabled.${NC}"
fi
else
if [ "$LANG" == "zh_CN.UTF-8" ]; then
echo -e "${GREEN}[INFO] Firewalld 服务已经停止或未安装.${NC}"
else
echo -e "${GREEN}[INFO] Firewalld service is not installed.${NC}"
fi
fi
}
###############################################
# 描述: 关闭swap
# QingHub Studio官网: https://qinghub.net
# 如过您安装遇到问题,请到官网查找官方联系方式或加支持群:
# https://qinghub.net
###############################################
function disable_swap() {
if swapoff -a; then
sed -i '/swap/s/^/#/' /etc/fstab
if [ "$LANG" == "zh_CN.UTF-8" ]; then
echo -e "${GREEN}[INFO] swap 已经禁用.${NC}"
else
echo -e "${GREEN}[INFO] swap has been disabled.${NC}"
fi
fi
}
function check_time_sync() {
if timedatectl status | grep "NTP synchronized" | grep -q "yes" >/dev/null 2>&1 || timedatectl show | grep "NTPSynchronized=yes" >/dev/null 2>&1; then
if [ "$LANG" == "zh_CN.UTF-8" ]; then
echo -e "${GREEN}[INFO] NTP 时间同步已经启用.${NC}"
else
echo -e "${GREEN}[INFO] NTP time synchronization has been enabled.${NC}"
fi
else
if [ "$LANG" == "zh_CN.UTF-8" ]; then
echo -e "${YELLOW}[WARN] NTP 时间同步未启用.${NC}"
else
echo -e "${YELLOW}[WARN] NTP time synchronization is not enabled.${NC}"
fi
fi
}
###############################################
# 描述: 安装时钟同步,请酌情修改并安装
# QingHub Studio官网: https://qinghub.net
# 如过您安装遇到问题,请到官网查找官方联系方式或加支持群:
# https://qinghub.net
###############################################
install_chrony(){
case $os_type in
ubuntu|debian)
if dpkg -l | grep -q chrony >/dev/null 2>&1; then
echo -e "${GREEN}[INFO] chrony 已经安装在主机上.${NC}"
else
echo -e "${YELLOW}[WARN] chrony 未安装在主机上, 请执行命令安装 'apt -y install chrony'.${NC}"
apt -y install chrony &> /dev/null;
systemctl restart chronyd && systemctl enable --now chronyd &> /dev/null
systemctl is-active chronyd &> /dev/null
fi
;;
*)
if rpm -qa | grep -q chrony >/dev/null 2>&1; then
if [ "$LANG" == "zh_CN.UTF-8" ]; then
echo -e "${GREEN}[INFO] chrony 已经安装在主机上.${NC}"
else
echo -e "${GREEN}[INFO] chrony has been installed on the host.${NC}"
fi
else
if [ "$LANG" == "zh_CN.UTF-8" ]; then
echo -e "${YELLOW}[WARN] chrony 未安装在主机上, 请执行命令安装 'yum -y install chrony'.${NC}"
else
echo -e "${YELLOW}[WARN] chrony is not installed on the host, please execute the command install 'yum -y install chrony'.${NC}"
fi
yum -y install chrony
fi
;;
esac
if [ "${CHRONY_TYPE}" == 'server' ]; then
sudo bash -c 'cat > /etc/chrony.conf << EOF
pool ntp.aliyun.com iburst
driftfile /var/lib/chrony/drift
makestep 1.0 3
rtcsync
allow 10.0.0.0/24
local stratum 10
keyfile /etc/chrony.keys
leapsectz right/UTC
logdir /var/log/chrony
EOF'
else
sudo bash -c 'cat > /etc/chrony.conf << EOF
pool ${CHRONY_SERVER} iburst
driftfile /var/lib/chrony/drift
makestep 1.0 3
rtcsync
keyfile /etc/chrony.keys
leapsectz right/UTC
logdir /var/log/chrony
EOF'
fi
systemctl restart chronyd && systemctl enable --now chronyd &> /dev/null
systemctl is-active chronyd &> /dev/null
if [ "$LANG" == "zh_CN.UTF-8" ]; then
echo -e "${GREEN}[INFO] chrony 完成配置在主机上.${NC}"
else
echo -e "${GREEN}[INFO] chrony has been configured on the host.${NC}"
fi
}
###############################################
# 描述: 优化配置forwarding_ipv4
# QingHub Studio官网: https://qinghub.net
# 如过您安装遇到问题,请到官网查找官方联系方式或加支持群:
# https://qinghub.net
###############################################
function check_forwarding_ipv4() {
sudo bash -c 'cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
overlay
br_netfilter
EOF'
sudo modprobe overlay
sudo modprobe br_netfilter
sudo bash -c 'cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
EOF'
sudo sysctl --system
#加载ipvs模块
sudo bash -c 'cat <<EOF | sudo tee /etc/modules-load.d/ipvs.conf <<EOF
ip_vs
ip_vs_rr
ip_vs_wrr
ip_vs_sh
nf_conntrack
ip_tables
ip_set
xt_set
ipt_set
ipt_rpfilter
ipt_REJECT
ipip
EOF'
systemctl restart systemd-modules-load.service
}
###############################################
# 描述: 检查服务器资源状况
# QingHub Studio官网: https://qinghub.net
# 如过您安装遇到问题,请到官网查找官方联系方式或加支持群:
# https://qinghub.net
###############################################
function check_resource(){
cpu=$(grep -c 'processor' /proc/cpuinfo)
mem=$(free -g | awk '/^Mem/{print $2}')
DISK_SPACE=$(df /|sed -n '2p'|awk '{print $2}')
# check cpu
if [ "${cpu}" -lt 2 ]; then
if [ "$LANG" == "zh_CN.UTF-8" ]; then
echo -e "${YELLOW}[WARN] CPU核数建议至少为2核.${NC}"
else
echo -e "${YELLOW}[WARN] The cpu is recommended to be at least 2C.${NC}"
fi
fi
# check memory
if [ "${mem}" -lt 3 ]; then
if [ "$LANG" == "zh_CN.UTF-8" ]; then
echo -e "${YELLOW}[WARN] 内存建议至少为8G.${NC}"
else
echo -e "${YELLOW}[WARN] The Memory is recommended to be at least 8G.${NC}"
fi
fi
# check disk space
if [ "${DISK_SPACE}" -lt 47185920 ];then
if [ "$LANG" == "zh_CN.UTF-8" ]; then
echo -e "${YELLOW}[WARN] 根分区空间需大于 50G.${NC}"
else
echo -e "${YELLOW}[WARN] The root partition space must be greater than 50G.${NC}"
fi
fi
}
###############################################
# 描述: 检查内核版本
# QingHub Studio官网: https://qinghub.net
# 如过您安装遇到问题,请到官网查找官方联系方式或加支持群:
# https://qinghub.net
###############################################
function check_kernel() {
kernel_version=$(uname -r | awk -F. '{print $1}')
if [ "$kernel_version" -lt "4" ]; then
if [ "$LANG" == "zh_CN.UTF-8" ]; then
echo -e "${YELLOW}[WARN] 内核版本必须高于4.0, 请尽快升级内核到4.0+.${NC}"
else
echo -e "${YELLOW}[WARN] Kernel version must be higher than 4.0, Please upgrade the kernel to 4.0+ as soon as possible.${NC}"
fi
fi
}
###############################################
# 描述: 检查 nfs是否安装,这里并未自动安装
# QingHub Studio官网: https://qinghub.net
# 如过您安装遇到问题,请到官网查找官方联系方式或加支持群:
# https://qinghub.net
###############################################
function check_nfscli(){
case $os_type in
ubuntu|debian)
if dpkg -l | grep -q nfs-common >/dev/null 2>&1; then
if [ "$LANG" == "zh_CN.UTF-8" ]; then
echo -e "${GREEN}[INFO] nfs-common 已经安装在主机上.${NC}"
else
echo -e "${GREEN}[INFO] nfs-common has been installed on the host.${NC}"
fi
else
if [ "$LANG" == "zh_CN.UTF-8" ]; then
echo -e "${YELLOW}[WARN] nfs-common 未安装在主机上, 请执行命令安装 'apt -y install nfs-common'.${NC}"
else
echo -e "${YELLOW}[WARN] nfs-common is not installed on the host, please execute the command install 'apt-get update && apt -y install nfs-common'.${NC}"
fi
fi
;;
*)
if rpm -qa | grep -q nfs-utils >/dev/null 2>&1; then
if [ "$LANG" == "zh_CN.UTF-8" ]; then
echo -e "${GREEN}[INFO] nfs-utils 已经安装在主机上.${NC}"
else
echo -e "${GREEN}[INFO] nfs-utils has been installed on the host.${NC}"
fi
else
if [ "$LANG" == "zh_CN.UTF-8" ]; then
echo -e "${YELLOW}[WARN] nfs-utils 未安装在主机上, 请执行命令安装 'yum -y install nfs-utils'.${NC}"
else
echo -e "${YELLOW}[WARN] nfs-utils is not installed on the host, please execute the command install 'yum -y install nfs-utils'.${NC}"
fi
fi
;;
esac
}
function check_openssh(){
if ssh -V >/dev/null 2>&1; then
OPENSSH_VERSION=$(ssh -V |& awk -F[_.] '{print $2}')
if [ "${OPENSSH_VERSION}" -lt "7" ];then
if [ "$LANG" == "zh_CN.UTF-8" ]; then
echo -e "${YELLOW}[WARN] Openssh 版本必须高于 7.0.${NC}"
else
echo -e "${YELLOW}[WARN] Openssh version must be higher than 7.0 ${NC}"
fi
fi
else
if [ "$LANG" == "zh_CN.UTF-8" ]; then
echo -e "${RED}[ERROR] 需要安装 7.0+ 版本的openssh.${NC}"
exit 1
else
echo -e "${RED}[ERROR] Need to install 7.0+ version of openssh.${NC}"
exit 1
fi
fi
if grep -v "^\s*#" /etc/ssh/sshd_config | grep "AllowTcpForwarding yes" >/dev/null 2>&1; then
if [ "$LANG" == "zh_CN.UTF-8" ]; then
echo -e "${GREEN}[INFO] /etc/ssh/sshd_config 已经配置 AllowTcpForwarding yes.${NC}"
else
echo -e "${GREEN}[INFO] /etc/ssh/sshd_config has been configured AllowTcpForwarding yes.${NC}"
fi
else
if grep "AllowTcpForwarding no" /etc/ssh/sshd_config >/dev/null 2>&1; then
sed -i '/AllowTcpForwarding/s/^/#/' /etc/ssh/sshd_config
sed -i '$a\AllowTcpForwarding yes' /etc/ssh/sshd_config
else
sed -i '$a\AllowTcpForwarding yes' /etc/ssh/sshd_config
fi
if [ "$LANG" == "zh_CN.UTF-8" ]; then
echo -e "${YELLOW}[WARN] /etc/ssh/sshd_config 配置 AllowTcpForwarding yes 成功, 请执行命令重启 sshd 服务生效, 'systemctl restart sshd'.${NC}"
else
echo -e "${YELLOW}[WARN] /etc/ssh/sshd_config AllowTcpForwarding yes is successfully configured, Run the following command to restart the sshd service to take effect, 'systemctl restart sshd'.${NC}"
fi
fi
}
###############################################
# 描述: 优化参数
# QingHub Studio官网: https://qinghub.net
# 如过您安装遇到问题,请到官网查找官方联系方式或加支持群:
# https://qinghub.net
###############################################
function optimize_linux() {
sudo bash -c 'cat > /etc/sysctl.conf << EOF
net.bridge.bridge-nf-call-ip6tables=1
net.bridge.bridge-nf-call-iptables=1
net.ipv4.ip_forward=1
net.ipv4.conf.all.forwarding=1
net.ipv4.neigh.default.gc_thresh1=4096
net.ipv4.neigh.default.gc_thresh2=6144
net.ipv4.neigh.default.gc_thresh3=8192
net.ipv4.neigh.default.gc_interval=60
net.ipv4.neigh.default.gc_stale_time=120
kernel.perf_event_paranoid=-1
#sysctls for k8s node config
net.ipv4.tcp_slow_start_after_idle=0
net.core.rmem_max=16777216
fs.inotify.max_user_watches=524288
kernel.softlockup_all_cpu_backtrace=1
kernel.softlockup_panic=0
kernel.watchdog_thresh=30
fs.file-max=2097152
fs.inotify.max_user_instances=8192
fs.inotify.max_queued_events=16384
vm.max_map_count=262144
fs.may_detach_mounts=1
net.core.netdev_max_backlog=16384
net.ipv4.tcp_wmem=4096 12582912 16777216
net.core.wmem_max=16777216
net.core.somaxconn=32768
net.ipv4.ip_forward=1
net.ipv4.tcp_max_syn_backlog=8096
net.ipv4.tcp_rmem=4096 12582912 16777216
net.ipv6.conf.all.disable_ipv6=1
net.ipv6.conf.default.disable_ipv6=1
net.ipv6.conf.lo.disable_ipv6=1
kernel.yama.ptrace_scope=0
vm.swappiness=0
kernel.core_uses_pid=1
# Do not accept source routing
net.ipv4.conf.default.accept_source_route=0
net.ipv4.conf.all.accept_source_route=0
# Promote secondary addresses when the primary address is removed
net.ipv4.conf.default.promote_secondaries=1
net.ipv4.conf.all.promote_secondaries=1
# Enable hard and soft link protection
fs.protected_hardlinks=1
fs.protected_symlinks=1
net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_announce=2
net.ipv4.conf.all.arp_announce=2
net.ipv4.tcp_max_tw_buckets=5000
net.ipv4.tcp_syncookies=1
net.ipv4.tcp_fin_timeout=30
net.ipv4.tcp_synack_retries=2
kernel.sysrq=1
EOF'
sudo sysctl -p >/dev/null 2>&1
echo -e "${GREEN}[INFO] 优化kernel参数成功${NC}"
}
function optimize_limits() {
sudo bash -c 'cat >> /etc/security/limits.conf <<EOF
* soft nofile 1024000
* hard nofile 1024000
EOF'
echo -e "${GREEN}[INFO] 优化limits参数成功${NC}"
}
function check_syscfg(){
sudo chmod 777 /etc/sysctl.conf
sudo chmod 777 /sbin/sysctl
sudo chmod 777 /etc/security/limits.conf
optimize_linux
optimize_limits
sudo chmod 644 /etc/sysctl.conf
sudo chmod 755 /sbin/sysctl
sudo chmod 644 /etc/security/limits.conf
}
###############################################
# 描述: calico 网络配置初始化
# QingHub Studio官网: https://qinghub.net
# 如过您安装遇到问题,请到官网查找官方联系方式或加支持群:
# https://qinghub.net
###############################################
function check_network() {
sudo bash -c 'cat >> /etc/NetworkManager/conf.d/calico.conf << EOF
[keyfile]
unmanaged-devices=interface-name:cali*;interface-name:tunl*
unmanaged-devices=interface-name:cali*;interface-name:tunl*;interface-name:vxlan.calico;interface-name:wireguard.cali
EOF'
systemctl restart NetworkManager
}
###############################################
# 描述: 主入口函数
# QingHub Studio官网: https://qinghub.net
# 如过您安装遇到问题,请到官网查找官方联系方式或加支持群:
# https://qinghub.net
###############################################
function main {
echo -e "${GREEN}[INFO] ==========开始检查并配置初始化========= ${NC}"
# 停止 friewalld
disable_firewalld
# 关闭 swap partition permanently
disable_swap
# 配置检查时间同步
check_time_sync
# 配置安装时间同步组件
install_chrony
# 配置检查 nfs-utils kubeadmin方式安装不需要检查
#check_nfscli
# 配置检查内核版本
check_kernel
# 配置检查资源情况
check_resource
# 配置检查SSH
check_openssh
# 配置检查系统配置
check_syscfg
# 转发 IPv4
check_forwarding_ipv4
# 配置检查Docker用户并添加ssh免密认证<authoirzed_keys>
check_user
# 配置检查Docker 容器运行时为Containerd时,不需要检查
#check_docker
# 配置检查Docker用户权限 容器运行时为Containerd时,不需要检查
#check_user_permission
# 配置检查网络
check_network
echo -e "${GREEN}[INFO] ==========成功完成检查并配置初始化========= ${NC}"
}
main
你可以通过【QingHub Studio】) 套件直接安装部署,也可以手动按如下文档操作,该项目已经全面开源,完整的脚本可以从如下开源地址获取:
开源地址: https://gitee.com/qingplus/qingcloud-platform
【QingHub Studio集成开发套件】
8822
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
