1、主機情況
| ip | 主機名 | 節點 |
| 192.168.23.100 | k8smaster | master |
| 192.168.23.101 | k8snode01 | node |
| 192.168.23.102 | k8snode02 | node |
2、修改/etc/hosts
cat >> /etc/hosts << EOF
192.168.23.100 k8smaster
192.168.23.101 k8snode01
192.168.23.102 k8snode02
EOF
[root@k8smaster ~]# cat >> /etc/hosts << EOF
> 192.168.23.100 k8smaster
> 192.168.23.101 k8snode01
> 192.168.23.102 k8snode02
> EOF
[root@k8smaster ~]#
3、安裝依賴
yum install -y conntrack ntpdate ntp ipvsadm ipset iptables curl sysstat libseccomp wget vim net-tools git iproute lrzsz bash-completion tree bridge-utils unzip bind-utils gcc
yum -y remove conntrack
yum -y remove ntpdate
yum -y remove ntp
yum -y remove ipvsadm
yum -y remove ipset
yum -y remove iptables
yum -y remove curl
yum -y remove sysstat
yum -y remove libseccomp
yum -y remove wget
yum -y remove vim
yum -y remove net-tools
yum -y remove git
yum -y remove iproute
yum -y remove lrzsz
yum -y remove bash-completion
yum -y remove tree
yum -y remove bridge-utils
yum -y remove unzip
yum -y remove bind-utils
yum -y remove gcc
4、關閉selinux
setenforce 0 && sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config
5、關閉防火牆,設置防火牆爲iptables並設置空規則
#關閉firewalld並取消自啓動
systemctl stop firewalld && systemctl disable firewalld
#安裝iptables,啓動iptables,設置開機自啓,清空iptables規則,保存當前規則到默認規則
yum -y install iptables-services && systemctl start iptables && systemctl enable iptables && iptables -F && service iptables save
centos系統中,如果/sbin目錄下沒有service這個命令,就會出現
-bash: service: command not found
yum install initscripts
6、關閉swap分區
#關閉swap分區【虛擬內存】並且永久關閉虛擬內存。
swapoff -a && sed -i '11s/\/dev/# \/dev/g' /etc/fstab
**kubeadm初始化Kubernetes時的過程中會檢測swap分區到底有沒有關閉,因爲如果開啓虛擬內存的話,kubernetes的容器【pod】就有可能會運行在虛擬內存上,會大大的降低容器的工作效率,因此Kubernetes會要求強制關閉,可以通過kubelet的啓動參數--fail-swap-on=false更改這個限制。推薦關閉以防止容器運行在虛擬內存的情況出現。
7、配置內核參數,對於k8s
cat > kubernetes.conf <<EOF
#開啓網橋模式【重要】
net.bridge.bridge-nf-call-iptables=1
#開啓網橋模式【重要】
net.bridge.bridge-nf-call-ip6tables=1
net.ipv4.ip_forward=1
net.ipv4.tcp_tw_recycle=0
#禁止使用swap空間,只有當系統OOM時才允許使用它
vm.swappiness=0
#不檢查物理內存是否夠用
vm.overcommit_memory=1
#開啓OOM
vm.panic_on_oom=0
fs.inotify.max_user_instances=8192
fs.inotify.max_user_watches=1048576
fs.file-max=52706963
fs.nr_open=52706963
#關閉ipv6【重要】
net.ipv6.conf.all.disable_ipv6=1
net.netfilter.nf_conntrack_max=2310720
EOF
#將優化內核文件拷貝到/etc/sysctl.d/文件夾下,這樣優化文件開機的時候能夠被調用
cp kubernetes.conf /etc/sysctl.d/kubernetes.conf
#手動刷新,讓優化文件立即生效
sysctl -p /etc/sysctl.d/kubernetes.conf
***非Linux4的內核下,將會彈出“sysctl:cannot stat /proc/sys/net/netfilter/nf_conntrack_max:沒有那個文件或目錄”,無視即可。
[root@k8smaster k8s]# more kubernetes.conf
#開啓網橋模式【重要】
net.bridge.bridge-nf-call-iptables=1
#開啓網橋模式【重要】
net.bridge.bridge-nf-call-ip6tables=1
net.ipv4.ip_forward=1
net.ipv4.tcp_tw_recycle=0
#禁止使用swap空間,只有當系統OOM時才允許使用它
vm.swappiness=0
#不檢查物理內存是否夠用
vm.overcommit_memory=1
#開啓OOM
vm.panic_on_oom=0
fs.inotify.max_user_instances=8192
fs.inotify.max_user_watches=1048576
fs.file-max=52706963
fs.nr_open=52706963
#關閉ipv6【重要】
net.ipv6.conf.all.disable_ipv6=1
net.netfilter.nf_conntrack_max=2310720
[root@k8smaster k8s]# cp kubernetes.conf /etc/sysctl.d/kubernetes.conf
[root@k8smaster k8s]# sysctl -p /etc/sysctl.d/kubernetes.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
net.ipv4.tcp_tw_recycle = 0
vm.swappiness = 0
vm.overcommit_memory = 1
vm.panic_on_oom = 0
fs.inotify.max_user_instances = 8192
fs.inotify.max_user_watches = 1048576
fs.file-max = 52706963
fs.nr_open = 52706963
net.ipv6.conf.all.disable_ipv6 = 1
net.netfilter.nf_conntrack_max = 2310720
[root@k8smaster k8s]# scp kubernetes.conf 192.168.23.101:/etc/sysctl.d/kubernetes.conf
[email protected]'s password:
kubernetes.conf 100% 575 165.1KB/s 00:00
[root@k8smaster k8s]# scp kubernetes.conf 192.168.23.102:/etc/sysctl.d/kubernetes.conf
[email protected]'s password:
kubernetes.conf 100% 575 176.7KB/s 00:00
[root@k8smaster k8s]#
8、調整系統時區
#設置系統時區爲中國/上海
timedatectl set-timezone Asia/Shanghai
#將當前的 UTC 時間寫入硬件時鐘
timedatectl set-local-rtc 0
#重啓依賴於系統時間的服務
systemctl restart rsyslog
systemctl restart crond
[root@k8smaster k8s]# timedatectl set-timezone Asia/Shanghai
[root@k8smaster k8s]# timedatectl set-local-rtc 0
[root@k8smaster k8s]# systemctl restart rsyslog
[root@k8smaster k8s]# systemctl restart crond
9、關閉系統不需要的服務
#關閉及禁用郵件服務
systemctl stop postfix && systemctl disable postfix
[root@k8smaster k8s]# systemctl stop postfix && systemctl disable postfix
Removed symlink /etc/systemd/system/multi-user.target.wants/postfix.service.
[root@k8smaster k8s]#
10、設置日誌的保存方式
在Centos7以後,因爲引導方式改爲了system.d,所以有兩個日誌系統同時在工作,默認的是rsyslogd,以及systemd journald
使用systemd journald更好一些,因此我們更改默認爲systemd journald,只保留一個日誌的保存方式。
1).創建保存日誌的目錄
mkdir /var/log/journal
2).創建配置文件存放目錄
mkdir /etc/systemd/journald.conf.d
3).創建配置文件
cat > /etc/systemd/journald.conf.d/99-prophet.conf <<EOF
[Journal]
#持久化保存到磁盤
Storage=persistent
#壓縮歷史日誌
Compress=yes
SyncIntervalSec=5m
RateLimitInterval=30s
RateLimitBurst=1000
#最大佔用空間10G
SystemMaxUse=10G
#單日誌文件最大200M
SystemMaxFileSize=200M
#日誌保存時間2周
MaxRetentionSec=2week
#不將日誌轉發到syslog
ForwardToSyslog=no
EOF
4).重啓systemd journald的配置
systemctl restart systemd-journald
[root@k8smaster k8s]# mkdir /var/log/journal
[root@k8smaster k8s]# mkdir /etc/systemd/journald.conf.d
[root@k8smaster k8s]# cat > /etc/systemd/journald.conf.d/99-prophet.conf <<EOF
> [Journal]
> #持久化保存到磁盤
> Storage=persistent
> #壓縮歷史日誌
> Compress=yes
> SyncIntervalSec=5m
> RateLimitInterval=30s
> RateLimitBurst=1000
> #最大佔用空間10G
> SystemMaxUse=10G
> #單日誌文件最大200M
> SystemMaxFileSize=200M
> #日誌保存時間2周
> MaxRetentionSec=2week
> #不將日誌轉發到syslog
> ForwardToSyslog=no
> EOF
[root@k8smaster k8s]# systemctl restart systemd-journald
11、打開文件數調整
echo "* soft nofile 65536" >> /etc/security/limits.conf
echo "* hard nofile 65536" >> /etc/security/limits.conf
12、升級Linux內核爲4.44版本
CentOS 7.x 系統自帶的3.10.x內核存在一些Bugs.導致運行的Docker.Kubernetes不穩定。
獲取源 rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-4.el7.elrepo.noarch.rpm
[root@k8smaster yum]# yum install kernel-lt -y