離線安裝
一、環境準備
- 解除安裝podman
- 關閉交換區
- 禁用selinux
- 關閉防火牆
- 依賴包安裝
- 系統引數最佳化
- 配置本地docker yum源
一:centos8預設安裝podman buildah需要解除安裝
sudo yum erase podman buildah -y
二:節點關閉swap分割槽
swapoff -a && sysctl -w vm.swappiness=0
sudo sed -i 's/.swap./#&/' /etc/fstab
三:節點關閉firewalld 、dnsmasq、selinux
sudo setenforce 0
sudo sed -i 's/SELINUX=permissive/SELINUX=disabled/' /etc/sysconfig/selinux
sudo sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
四:關閉防火牆
sudo systemctl disable firewalld
sudo systemctl stop firewalld
五:核心轉發調整
yum install wget jq psmisc vim net-tools yum-utils device-mapper-persistent-data lvm2 git -y
六:核心轉發調整
系統最佳化
cat >> /etc/security/limits.conf << EOF
- soft nofile 655360
- hard nofile 655350
- soft nproc 655350
- hard nproc 655350
- soft memlock unlimited
- hard memlock unlimited
EOF
設定kube-proxy開啟ipvs
cat > /etc/sysconfig/modules/ipvs.modules <<EOF
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack
EOF
增加執行許可權查詢是否開啟
chmod +x /etc/sysconfig/modules/ipvs.modules
sh /etc/sysconfig/modules/ipvs.modules
lsmod |egrep 'ip_vs|nf_conntrack'
配置ipvs模組
cat > /etc/modules-load.d/ipvs.conf << EOF
ip_vs
ip_vs_lc
ip_vs_wlc
ip_vs_rr
ip_vs_wrr
ip_vs_lblc
ip_vs_lblcr
ip_vs_dh
ip_vs_sh
ip_vs_fo
ip_vs_nq
ip_vs_sed
ip_vs_ftp
ip_vs_sh
nf_conntrack
ip_tables
ip_set
xt_set
ipt_set
ipt_rpfilter
ipt_REJECT
ipip
EOF
重新載入核心配置 警告忽略
systemctl enable --now systemd-modules-load.service
系統引數最佳化
cat > /etc/sysctl.d/k8s.conf << EOF
核心調優
vm.swappiness = 0
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
vm.overcommit_memory=1
vm.panic_on_oom=0
fs.inotify.max_user_watches=89100
fs.file-max=52706963
fs.nr_open=52706963
net.netfilter.nf_conntrack_max=2310720
net.ipv4.tcp_keepalive_time = 600
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.tcp_keepalive_intvl =15
net.ipv4.tcp_max_tw_buckets = 36000
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_max_orphans = 327680
net.ipv4.tcp_orphan_retries = 3
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_timestamps = 0
net.core.somaxconn = 16384
EOF
modprobe br_netfilter
sysctl -p /etc/sysctl.d/k8s.conf
七:設定docker 本地yum源
yum install -y createrepo
createrepo /yum/docker
yum clean all && yum makecache fast
yum install -y docker-ce docker-ce-cli containerd.io
八:啟用rbd模組
modprobe rbd
cat > /etc/rc.sysinit << EOF
!/bin/bash
for file in /etc/sysconfig/modules/*.modules
do
[ -x $file ] && $file
done
EOF
cat > /etc/sysconfig/modules/rbd.modules << EOF
modprobe rbd
EOF
chmod 755 /etc/sysconfig/modules/rbd.modules
lsmod |grep rbd