转载说明:如果您喜欢这篇文章并打算转载它,请私信作者取得授权。感谢您喜爱本文,请文明转载,谢谢。
关联文章:
《RKE快速搭建离线k8s集群并用rancher管理界面》
1.创建普通用户sre并赋予sudo权限
# adduser sre
# echo "sre ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
# gpasswd -a sre root #将登陆用户sre加入到root用户组中
# newgrp root #更新用户组2.关闭selinux、swap和防火墙
# 关闭selinux
# sed -ri 's#(SELINUX=).*#\1disabled#' /etc/selinux/config && setenforce 0
# 关闭swap
# swapoff -a && sed -i '/swap/s/^/#/g' /etc/fstab
# 关闭防火墙
# systemctl disable firewalld && systemctl stop firewalld3.设置内核参数
# modprobe overlay
# modprobe br_netfilter4.在/etc/security/limits.conf末尾是否添加参数
root soft nofile 65535
root hard nofile 65535
* soft nofile 65535
* hard nofile 655355.创建/etc/sysctl.d/k8s.conf文件,内容如下
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.ip_local_port_range = 1024 65535
net.ipv4.tcp_fin_timeout = 10
net.ipv4.tcp_keepalive_time = 100
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 819200
net.ipv4.tcp_max_tw_buckets = 20000
net.ipv4.tcp_rmem=4096 87380 16777216
net.ipv4.tcp_wmem=4096 65536 16777216
net.core.netdev_max_backlog=300000
net.ipv4.ip_forward = 1
net.ipv4.tcp_ecn=0
net.ipv4.ip_nonlocal_bind = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.default.rp_filter = 0
fs.inotify.max_user_instances = 1280
fs.inotify.max_queued_events = 163840
fs.inotify.max_user_watches = 8192000
vm.swappiness = 10
vm.drop_caches = 2
net.ipv4.tcp_retries2 = 5
net.core.somaxconn = 65535
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
vm.max_map_count = 262144执行命令让配置生效:
sysctl -p && sysctl -p /etc/sysctl.d/k8s.conf6.开启ipvs
cat > /etc/sysconfig/modules/ipvs.modules <
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4
EOF7.升级内核版本
此处升级到5.4.124版本上传压缩包kernel5.4.zip到服务器
# 1)安装rpm包:
[root@k8s-master01 ~]# cd kernel5.4 && rpm -Uvh --force --nodeps *rpm #确保rpm包安装无误
# 2)查看新版本内核顺序:
[root@k8s-master01 ~]# awk -F\' '$1=="menuentry " {print $2}' /etc/grub2.cfg
CentOS Linux (5.4.124-1.el7.elrepo.x86_64) 7 (Core) #
CentOS Linux (3.10.0-1160.15.2.el7.x86_64) 7 (Core)
CentOS Linux (3.10.0-957.el7.x86_64) 7 (Core)
CentOS Linux (0-rescue-de03a5f3bf5a4b7e9df939c9dc5b428d) 7 (Core)
[root@k8s-master01 ~]#
# 3)修改内核的启动顺序为0:
[root@k8s-master01 ~]# sed -i 's#GRUB_DEFAULT=saved#GRUB_DEFAULT=0#g' /etc/default/grub
# 查看修改结果:
[root@k8s-master01 ~]# grep "GRUB_DEFAULT=0" /etc/default/grub
GRUB_DEFAULT=0
[root@k8s-master01 ~]#
# 4)接着运行grub2-mkconfig命令来重新创建内核配置
[root@k8s-master01 kernel5.4]# grub2-mkconfig -o /boot/grub2/grub.cfg
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-5.4.124-1.el7.elrepo.x86_64
Found initrd image: /boot/initramfs-5.4.124-1.el7.elrepo.x86_64.img
Found linux image: /boot/vmlinuz-3.10.0-957.el7.x86_64
Found initrd image: /boot/initramfs-3.10.0-957.el7.x86_64.img
Found linux image: /boot/vmlinuz-0-rescue-c465ccc35a5e40e4ad2da6735b24234a
Found initrd image: /boot/initramfs-0-rescue-c465ccc35a5e40e4ad2da6735b24234a.img
done
[root@k8s-master01 kernel5.4]#
# 5)重启服务器
[root@k8s-master01 ~]# reboot
# 6)检查内核版本
[root@k8s-master01 ~]# uname -r
5.4.124-1.el7.elrepo.x86_64
[root@k8s-master01 ~]#8.docker版本离线安装
dockerce-20.zip上传到服务器并解压
1)安装docker-ce
# cd dockerce-20 && ./install.sh -f docker-20.10.6.tgz
# 设置docker开启自启动:
# systemctl enable docker2)创建镜像加速文件:/etc/docker/daemon.json
{
"graph":"/home/docker",
"exec-opts":["native.cgroupdriver=systemd"],
"insecure-registries": ["harbor.test.com:8000"], #私有harbor镜像仓库地址
"registry-mirrors": ["https://1l3yp2sl.mirror.aliyuncs.com"], #阿里云加速镜像
"bip": "192.168.0.1/24" #指定docker虚拟IP,这
}3)重新加载docker配置并重启
# systemctl daemon-reload
# systemctl restart docker
