修改主机名

1
[[email protected] ~]# hostnamectl set-hostname xxx

修改hosts文件vim /etc/hosts

1
2
3
4
5
6
7
[[email protected] ~]# vim /etc/hosts
127.0.0.1 k8s-master-01 k8s-master-01
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.18.98.3 k8s-master-01
172.18.98.4 k8s-node-01
172.18.98.5 k8s-node-02

将写好的hosts文件拷贝到其他节点

1
[[email protected] ~]# scp /etc/hosts  [email protected]:/etc/hosts

安装依赖包

1
[[email protected] ~]# yum install -y conntrack ntpdate ntp ipvsadm ipset jq iptables curl sysstat libseccomp wgetvimnet-tools git

设置防火墙为 Iptables

  • 关闭防火墙
1
[[email protected] ~]# systemctl stop firewalld
  • 防火墙自启
1
[[email protected] ~]# systemctl disable firewalld
  • 安装Iptables管理工具
1
[[email protected] ~]# yum -y install iptables-services
  • 启动Iptables
1
[[email protected] ~]# systemctl start iptables
  • 设为Iptables开机自启
1
[[email protected] ~]# systemctl enable iptables
  • 清空Iptables规则
1
[[email protected] ~]# iptables -F
  • 保存Iptables规则
1
[[email protected] ~]# service iptables save

关闭selinux

1
[[email protected] ~]# swapoff -a && sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab

关闭swap分区,永久关闭虚拟内存。K8s初始化init时,会检测swap分区有没有关闭,如果虚拟内存开启,容器pod就可能会放置在虚拟内存中运行,会大大降低运行效率

1
[[email protected] ~]# setenforce 0 && sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config

调整内核参数,对于k8s

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
[[email protected] ~]# cat > /etc/sysctl.d/k8s.conf <<EOF

net.bridge.bridge-nf-call-iptables=1

net.bridge.bridge-nf-call-ip6tables=1

net.ipv4.ip_forward=1

net.ipv4.tcp_tw_recycle=0

vm.swappiness=0 #禁止使用 swap 空间,只有当系统 OOM 时才允许使用它

vm.overcommit_memory=1 #不检查物理内存是否够用

vm.panic_on_oom=0 #开启 OOM

fs.inotify.max_user_instances=8192

fs.inotify.max_user_watches=1048576

fs.file-max=52706963

fs.nr_open=52706963

net.ipv6.conf.all.disable_ipv6=1

net.netfilter.nf_conntrack_max=2310720

EOF
  • 其中必备参数

    • 开启网桥模式
      net.bridge.bridge-nf-call-iptables=1
      net.bridge.bridge-nf-call-ip6tables=1
    • 关闭ipv6的协议
      net.ipv6.conf.all.disable_ipv6=1
  • 其余为优化参数,可不设置
    &nbsp;

  • 手动刷新

1
[[email protected] ~]# sysctl --system

调整系统时区

  • 设置系统时区为中国/上海
1
[[email protected] ~]# timedatectl set-timezone Asia/Shanghai
  • 将当前的 UTC 时间写入硬件时钟
1
[[email protected] ~]# timedatectl set-local-rtc 0
  • 重启依赖于系统时间的服务
1
2
[[email protected] ~]# systemctl restart rsyslog
[[email protected]s-master-01 ~]# systemctl restart crond

关闭系统不需要的服务

1
[[email protected] ~]# systemctl stop postfix && systemctl disable postfix

设置 rsyslogd 和 systemd journald

  • 持久化保存日志的目录
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39

[[email protected] ~]# mkdir /var/log/journal

[[email protected] ~]# mkdir /etc/systemd/journald.conf.d


[[email protected] ~]# cat > /etc/systemd/journald.conf.d/99-prophet.conf <<EOF

[Journal]

#持久化保存到磁盘
Storage=persistent

#压缩历史日志
Compress=yes


SyncIntervalSec=5m

RateLimitInterval=30s

RateLimitBurst=1000

#最大占用空间10G
SystemMaxUse=10G


#单日志文件最大200M
SystemMaxFileSize=200M


#日志保存时间 2 周
MaxRetentionSec=2week


#不将日志转发到 syslog
ForwardToSyslog=no

EOF
  • 重启journald配置
1
[[email protected] ~]# systemctl restart systemd-journald

升级内核为4.4版本

1
[[email protected] ~]# rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm
  • 安装完成后检查 /boot/grub2/grub.cfg 中对应内核 menuentry 中是否包含 initrd16 配置,如果没有,再安装一次!
1
[[email protected] ~]# yum --enablerepo=elrepo-kernel install -y kernel-lt
  • 设置开机从新内核启动
1
[[email protected] ~]# grub2-set-default "CentOS Linux (4.4.182-1.el7.elrepo.x86_64) 7 (Core)"