初始化
1.安装依赖包
yum -y install tree lrzsz nmap nc telnet vim wget lsof network-tools bash-completion bash-completion-extras net-tools epel-release createrepo conntrack ntpdate ntp ipvsadm ipset jq iptables curl sysstat libseccomp wget vim net-tools git net-tools
2.更新yum源
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
3.设置系统主机名以及 Host 文件的相互解析
vim /etc/hosts 192.168.0.156 k8s-master01 192.168.0.45 k8s-node01 192.168.0.44 k8s-node02
4.设置防火墙为 Iptables 并设置空规则
systemctl stop firewalld && systemctl disable firewalld
yum -y install iptables-services && systemctl start iptables && systemctl enable iptables && iptables -F && service iptables save
5. 关闭SELINUX
#关闭swap分区虚拟内存 swapoff -a && sed -i '/ swap / s/^(.*)$/#1/g' /etc/fstab setenforce 0 && sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config
6.调整内核参数,对于 K8S
cat > kubernetes.conf <<EOF net.bridge.bridge-nf-call-iptables=1 net.bridge.bridge-nf-call-ip6tables=1 net.ipv4.ip_forward=1 net.ipv4.tcp_tw_recycle=0 vm.swappiness=0 # 禁止使用 swap 空间,只有当系统 OOM 时才允许使用它 vm.overcommit_memory=1 # 不检查物理内存是否够用 vm.panic_on_oom=0 # 开启 OOM fs.inotify.max_user_instances=8192 fs.inotify.max_user_watches=1048576 fs.file-max=52706963 fs.nr_open=52706963 net.ipv6.conf.all.disable_ipv6=1 net.netfilter.nf_conntrack_max=2310720 EOF cp kubernetes.conf /etc/sysctl.d/kubernetes.conf sysctl -p /etc/sysctl.d/kubernetes.conf
7.关闭系统不需要服务
systemctl stop postfix && systemctl disable postfix
8. 设置 rsyslogd 和 systemd journald(日志方案改为journald)
# 持久化保存日志的目录 mkdir /var/log/journal mkdir /etc/systemd/journald.conf.d cat > /etc/systemd/journald.conf.d/99-prophet.conf <<EOF [Journal] # 持久化保存到磁盘 Storage=persistent # 压缩历史日志 Compress=yes SyncIntervalSec=5m RateLimitInterval=30s RateLimitBurst=1000 # 最大占用空间 10G SystemMaxUse=10G # 单日志文件最大 200M SystemMaxFileSize=200M # 日志保存时间 2 周 MaxRetentionSec=2week # 不将日志转发到 syslog ForwardToSyslog=no EOF systemctl restart systemd-journald
9. 升级系统内核为4.44
内核软件包地址备用:
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/linux-4.4.189.tar.gz
CentOS 7.x 系统自带的 3.10.x 内核存在一些 Bugs,导致运行的 Docker、Kubernetes 不稳定,例如: rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm
rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm yum --enablerepo=elrepo-kernel install -y kernel-lt #查看都有哪些内核 awk -F' '$1=="menuentry " {print i++ " : " $2}' /etc/grub2.cfg grub2-set-default 'CentOS Linux (4.4.217-1.el7.elrepo.x86_64) 7 (Core)' #重启主机 reboot #查看内核 uname -r
本文章为我自己的学习笔记,难免有些遗漏,欢迎指正。遇事不慌,大隆来帮,也请大家关注我,支持我,谢谢!