#!/bin/sh
# 安装yum源
rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm
# 安装
yum --enablerepo=elrepo-kernel install kernel-ml-devel kernel-ml -y
# 设置生成新的grub
grub2-set-default 0
grub2-mkconfig -o /etc/grub2.cfg
# 移除旧版本工具包
yum remove kernel-tools-libs.x86_64 kernel-tools.x86_64 -y
# 安装新版本
yum --disablerepo=* --enablerepo=elrepo-kernel install -y kernel-ml-tools.x86_64
#1.修改内核参数
cat <<EOF > /etc/sysctl.d/k8s.conf
net.ipv4.tcp_keepalive_time = 600
net.ipv4.tcp_keepalive_intvl = 30
net.ipv4.tcp_keepalive_probes = 10
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
net.ipv4.neigh.default.gc_stale_time = 120
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_announce = 2
net.ipv4.ip_forward = 1
net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 1024
net.ipv4.tcp_synack_retries = 2
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.netfilter.nf_conntrack_max = 2310720
fs.inotify.max_user_watches=89100
fs.may_detach_mounts = 1
fs.file-max = 52706963
fs.nr_open = 52706963
net.bridge.bridge-nf-call-arptables = 1
vm.swappiness = 0 #最大限度使用物理内存,然后才是 swap空间
vm.overcommit_memory=1
vm.panic_on_oom=0
EOF
sysctl --system
#2. 临时关闭
swapoff -a
#3. 永久关闭
sed -i '/ swap / s/^(.*)$/#1/g' /etc/fstab
#4. 开启ipvs
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4
# 查看是否加载
lsmod | grep ip_vs
# 配置开机自加载
cat <<EOF>> /etc/rc.local
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4
EOF
chmod +x /etc/rc.d/rc.local
#5. 关闭sellinux
#临时关闭
setenforce 0
#永久关闭
sed -i 's#SELINUX=enforcing#SELINUX=Disabled#g' /etc/sysconfig/selinux
sed -i 's#SELINUX=enforcing#SELINUX=Disabled#g' /etc/selinux/config
#6.禁用postfix
systemctl stop postfix
systemctl disable postfix
#7.关闭swap
echo "0" > /proc/sys/vm/swappiness
#8.开启转发
echo 1 > /proc/sys/net/ipv4/ip_forward
#9. 关闭防火墙
systemctl stop firewalld
systemctl disable firewalld
#10. ntp对时间
yum install ntpdate -y
ntpdate -u cn.ntp.org.cn
echo "* * * * * ntpdate -u cn.ntp.org.cn" >> /var/spool/cron/root
#11.文件打开数
echo " * soft nofile 864000 " >> /etc/security/limits.conf
echo " * hard nofile 864000 " >> /etc/security/limits.conf
#12.安装docker-ce
yum remove docker
docker-client
docker-client-latest
docker-common
docker-latest
docker-latest-logrotate
docker-logrotate
docker-engine
# Install using the repository
yum install -y yum-utils
device-mapper-persistent-data
lvm2
yum-config-manager
--add-repo
https://download.docker.com/linux/centos/docker-ce.repo
yum install docker-ce docker-ce-cli containerd.io -y
systemctl start docker
systemctl enable docker
#13.安装 kubeadm
#配置yum源
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
yum -y install kubeadm-1.17.0 kubelet-1.17.0 kubectl-1.17.0
systemctl enable kubelet
#14. 配置加速器
cat <<EOF > /etc/docker/daemon.json
{
"registry-mirrors": [
"https://1nj0zren.mirror.aliyuncs.com",
"https://docker.mirrors.ustc.edu.cn",
"http://f1361db2.m.daocloud.io",
"https://registry.docker-cn.com"
]
}
EOF
#15. 配置日志切割
cat <<EOF > /etc/logrotate.d/docker-logs
/var/lib/docker/containers/*/*.log {
rotate 7
daily
compress
size=1M
missingok
delaycompress
copytruncate
}
EOF
#16.安装 nfs 依赖
yum install nfs-utils rpcbind vim -y
systemctl start rpcbind
systemctl start nfs