1、禁止系统防火墙 disable iptables and ufw
iptables -F
systemctl disable iptables
systemctl disable ufw
2. 增加主机名解释 /etc/hosts
192.168.3.209 oci-node03
192.168.3.186 oci-node02
192.168.3.245 oci-node01
3. 关闭虚拟内存
swapoff -a
4. 优化哪和参数 /etc/sysctl.conf
vm.swappiness = 0
vm.overcommit_memory = 1
vm.max_map_count = 655360
vm.panic_on_oom=0
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.unknown_nmi_panic = 0
kernel.sysrq = 1
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
kernel.pid_max = 4194303
net.core.netdev_max_backlog = 32768
net.core.rmem_default = 8388608
net.core.rmem_max= 16777216
net.core.wmem_max= 16777216
net.core.somaxconn = 32768
net.core.wmem_default = 8388608
net.core.bpf_jit_enable=1
net.core.bpf_jit_harden=1
net.core.bpf_jit_kallsyms=1
net.core.dev_weight_tx_bias=1
net.ipv4.conf.all.arp_ignore = 0
net.ipv4.conf.lo.arp_announce = 0
net.ipv4.conf.lo.arp_ignore = 0
net.ipv4.ip_local_port_range = 5000 65000
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_intvl = 30
net.ipv4.tcp_keepalive_probes = 10
net.ipv4.tcp_keepalive_time = 600
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_max_syn_backlog = 65536
net.ipv4.tcp_max_tw_buckets = 32768
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle= 1
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.default.secure_redirects = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.neigh.default.gc_thresh1 = 2048
net.ipv4.neigh.default.gc_thresh2 = 4096
net.ipv4.neigh.default.gc_thresh3 = 8192
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.all.disable_ipv6=1
net.ipv6.conf.default.disable_ipv6=1
net.ipv6.conf.lo.disable_ipv6=1
net.nf_conntrack_max = 1000000
net.netfilter.nf_conntrack_max= 10485760
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 30
net.netfilter.nf_conntrack_tcp_timeout_established=300
net.netfilter.nf_conntrack_buckets=655360
net.bridge.bridge-nf-call-ip6tables=1
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-arptables=1
fs.inotify.max_user_instances=8192
fs.inotify.max_user_watches=524288
fs.inotify.max_queued_events = 327679
fs.file-max = 2097152
5. 安装docker引擎
apt install docker.io
docker --version
systemctl enable docker
systemctl start docker
sudo usermod -a -G docker ${USER}
newgrp docker
6. 升级操作系统补丁包
apt-get update && apt-get install -y apt-transport-https
7. 重启操作系统
reboot
8 安装rancher v2.5.16
docker run --privileged -d --restart=unless-stopped -p 80:80 -p 443:443 rancher/rancher:v2.5.16
等待rancher安装完毕,admin登录
9、部署K8s
sudo docker run -d --privileged --restart=unless-stopped --net=host -v /etc/kubernetes:/etc/kubernetes -v /var/run:/var/run rancher/rancher-agent:v2.5.16 --server https://168.138.203.138 --token 8w88rt6jgpf2kgxbksd4gjfvl6gpng8vhxpsfgp5xjj6hkgnwxxbnr --ca-checksum 3bc2afb3f0b13529a5dde1d2be630520a370f2391addc6bc4feb6bf4a6d66542 --worker
10、安装kubectl命令工具
curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl
11. 禁止Ubuntu自动更新
/etc/apt/apt.conf.d/10periodic 和 /etc/apt/apt.conf.d/20auto-upgrades
$ sudo systemctl stop apt-daily.service
$ sudo systemctl stop apt-daily.timer
$ sudo systemctl stop apt-daily-upgrade.service
$ sudo systemctl stop apt-daily-upgrade.timer
$ sudo systemctl disable apt-daily.service
$ sudo systemctl disable apt-daily.timer
$ sudo systemctl disable apt-daily-upgrade.service
$ sudo systemctl disable apt-daily-upgrade.timer
12. 禁止docker自动更新
apt-mark hold docker-io