1、主机情况
| ip | 主机名 | 节点 |
| 192.168.23.100 | k8smaster | master |
| 192.168.23.101 | k8snode01 | node |
| 192.168.23.102 | k8snode02 | node |
2、修改/etc/hosts
cat >> /etc/hosts << EOF
192.168.23.100 k8smaster
192.168.23.101 k8snode01
192.168.23.102 k8snode02
EOF
[root@k8smaster ~]# cat >> /etc/hosts << EOF
> 192.168.23.100 k8smaster
> 192.168.23.101 k8snode01
> 192.168.23.102 k8snode02
> EOF
[root@k8smaster ~]#
3、安装依赖
yum install -y conntrack ntpdate ntp ipvsadm ipset iptables curl sysstat libseccomp wget vim net-tools git iproute lrzsz bash-completion tree bridge-utils unzip bind-utils gcc
yum -y remove conntrack
yum -y remove ntpdate
yum -y remove ntp
yum -y remove ipvsadm
yum -y remove ipset
yum -y remove iptables
yum -y remove curl
yum -y remove sysstat
yum -y remove libseccomp
yum -y remove wget
yum -y remove vim
yum -y remove net-tools
yum -y remove git
yum -y remove iproute
yum -y remove lrzsz
yum -y remove bash-completion
yum -y remove tree
yum -y remove bridge-utils
yum -y remove unzip
yum -y remove bind-utils
yum -y remove gcc
4、关闭selinux
setenforce 0 && sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config
5、关闭防火墙,设置防火墙为iptables并设置空规则
#关闭firewalld并取消自启动
systemctl stop firewalld && systemctl disable firewalld
#安装iptables,启动iptables,设置开机自启,清空iptables规则,保存当前规则到默认规则
yum -y install iptables-services && systemctl start iptables && systemctl enable iptables && iptables -F && service iptables save
centos系统中,如果/sbin目录下没有service这个命令,就会出现
-bash: service: command not found
yum install initscripts
6、关闭swap分区
#关闭swap分区【虚拟内存】并且永久关闭虚拟内存。
swapoff -a && sed -i '11s/\/dev/# \/dev/g' /etc/fstab
**kubeadm初始化Kubernetes时的过程中会检测swap分区到底有没有关闭,因为如果开启虚拟内存的话,kubernetes的容器【pod】就有可能会运行在虚拟内存上,会大大的降低容器的工作效率,因此Kubernetes会要求强制关闭,可以通过kubelet的启动参数--fail-swap-on=false更改这个限制。推荐关闭以防止容器运行在虚拟内存的情况出现。
7、配置内核参数,对于k8s
cat > kubernetes.conf <<EOF
#开启网桥模式【重要】
net.bridge.bridge-nf-call-iptables=1
#开启网桥模式【重要】
net.bridge.bridge-nf-call-ip6tables=1
net.ipv4.ip_forward=1
net.ipv4.tcp_tw_recycle=0
#禁止使用swap空间,只有当系统OOM时才允许使用它
vm.swappiness=0
#不检查物理内存是否够用
vm.overcommit_memory=1
#开启OOM
vm.panic_on_oom=0
fs.inotify.max_user_instances=8192
fs.inotify.max_user_watches=1048576
fs.file-max=52706963
fs.nr_open=52706963
#关闭ipv6【重要】
net.ipv6.conf.all.disable_ipv6=1
net.netfilter.nf_conntrack_max=2310720
EOF
#将优化内核文件拷贝到/etc/sysctl.d/文件夹下,这样优化文件开机的时候能够被调用
cp kubernetes.conf /etc/sysctl.d/kubernetes.conf
#手动刷新,让优化文件立即生效
sysctl -p /etc/sysctl.d/kubernetes.conf
***非Linux4的内核下,将会弹出“sysctl:cannot stat /proc/sys/net/netfilter/nf_conntrack_max:没有那个文件或目录”,无视即可。
[root@k8smaster k8s]# more kubernetes.conf
#开启网桥模式【重要】
net.bridge.bridge-nf-call-iptables=1
#开启网桥模式【重要】
net.bridge.bridge-nf-call-ip6tables=1
net.ipv4.ip_forward=1
net.ipv4.tcp_tw_recycle=0
#禁止使用swap空间,只有当系统OOM时才允许使用它
vm.swappiness=0
#不检查物理内存是否够用
vm.overcommit_memory=1
#开启OOM
vm.panic_on_oom=0
fs.inotify.max_user_instances=8192
fs.inotify.max_user_watches=1048576
fs.file-max=52706963
fs.nr_open=52706963
#关闭ipv6【重要】
net.ipv6.conf.all.disable_ipv6=1
net.netfilter.nf_conntrack_max=2310720
[root@k8smaster k8s]# cp kubernetes.conf /etc/sysctl.d/kubernetes.conf
[root@k8smaster k8s]# sysctl -p /etc/sysctl.d/kubernetes.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
net.ipv4.tcp_tw_recycle = 0
vm.swappiness = 0
vm.overcommit_memory = 1
vm.panic_on_oom = 0
fs.inotify.max_user_instances = 8192
fs.inotify.max_user_watches = 1048576
fs.file-max = 52706963
fs.nr_open = 52706963
net.ipv6.conf.all.disable_ipv6 = 1
net.netfilter.nf_conntrack_max = 2310720
[root@k8smaster k8s]# scp kubernetes.conf 192.168.23.101:/etc/sysctl.d/kubernetes.conf
root@192.168.23.101's password:
kubernetes.conf 100% 575 165.1KB/s 00:00
[root@k8smaster k8s]# scp kubernetes.conf 192.168.23.102:/etc/sysctl.d/kubernetes.conf
root@192.168.23.102's password:
kubernetes.conf 100% 575 176.7KB/s 00:00
[root@k8smaster k8s]#
8、调整系统时区
#设置系统时区为中国/上海
timedatectl set-timezone Asia/Shanghai
#将当前的 UTC 时间写入硬件时钟
timedatectl set-local-rtc 0
#重启依赖于系统时间的服务
systemctl restart rsyslog
systemctl restart crond
[root@k8smaster k8s]# timedatectl set-timezone Asia/Shanghai
[root@k8smaster k8s]# timedatectl set-local-rtc 0
[root@k8smaster k8s]# systemctl restart rsyslog
[root@k8smaster k8s]# systemctl restart crond
9、关闭系统不需要的服务
#关闭及禁用邮件服务
systemctl stop postfix && systemctl disable postfix
[root@k8smaster k8s]# systemctl stop postfix && systemctl disable postfix
Removed symlink /etc/systemd/system/multi-user.target.wants/postfix.service.
[root@k8smaster k8s]#
10、设置日志的保存方式
在Centos7以后,因为引导方式改为了system.d,所以有两个日志系统同时在工作,默认的是rsyslogd,以及systemd journald
使用systemd journald更好一些,因此我们更改默认为systemd journald,只保留一个日志的保存方式。
1).创建保存日志的目录
mkdir /var/log/journal
2).创建配置文件存放目录
mkdir /etc/systemd/journald.conf.d
3).创建配置文件
cat > /etc/systemd/journald.conf.d/99-prophet.conf <<EOF
[Journal]
#持久化保存到磁盘
Storage=persistent
#压缩历史日志
Compress=yes
SyncIntervalSec=5m
RateLimitInterval=30s
RateLimitBurst=1000
#最大占用空间10G
SystemMaxUse=10G
#单日志文件最大200M
SystemMaxFileSize=200M
#日志保存时间2周
MaxRetentionSec=2week
#不将日志转发到syslog
ForwardToSyslog=no
EOF
4).重启systemd journald的配置
systemctl restart systemd-journald
[root@k8smaster k8s]# mkdir /var/log/journal
[root@k8smaster k8s]# mkdir /etc/systemd/journald.conf.d
[root@k8smaster k8s]# cat > /etc/systemd/journald.conf.d/99-prophet.conf <<EOF
> [Journal]
> #持久化保存到磁盘
> Storage=persistent
> #压缩历史日志
> Compress=yes
> SyncIntervalSec=5m
> RateLimitInterval=30s
> RateLimitBurst=1000
> #最大占用空间10G
> SystemMaxUse=10G
> #单日志文件最大200M
> SystemMaxFileSize=200M
> #日志保存时间2周
> MaxRetentionSec=2week
> #不将日志转发到syslog
> ForwardToSyslog=no
> EOF
[root@k8smaster k8s]# systemctl restart systemd-journald
11、打开文件数调整
echo "* soft nofile 65536" >> /etc/security/limits.conf
echo "* hard nofile 65536" >> /etc/security/limits.conf
12、升级Linux内核为4.44版本
CentOS 7.x 系统自带的3.10.x内核存在一些Bugs.导致运行的Docker.Kubernetes不稳定。
获取源 rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-4.el7.elrepo.noarch.rpm
[root@k8smaster yum]# yum install kernel-lt -y
扫一扫
2859
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
