离线安装
一、环境准备
- 卸载podman
- 关闭交换区
- 禁用selinux
- 关闭防火墙
- 依赖包安装
- 系统参数优化
- 配置本地docker yum源
一:centos8默认安装podman buildah需要卸载
sudo yum erase podman buildah -y
二:节点关闭swap分区
swapoff -a && sysctl -w vm.swappiness=0
sudo sed -i 's/.swap./#&/' /etc/fstab
三:节点关闭firewalld 、dnsmasq、selinux
sudo setenforce 0
sudo sed -i 's/SELINUX=permissive/SELINUX=disabled/' /etc/sysconfig/selinux
sudo sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
四:关闭防火墙
sudo systemctl disable firewalld
sudo systemctl stop firewalld
五:内核转发调整
yum install wget jq psmisc vim net-tools yum-utils device-mapper-persistent-data lvm2 git -y
六:内核转发调整
系统优化
cat >> /etc/security/limits.conf << EOF
- soft nofile 655360
- hard nofile 655350
- soft nproc 655350
- hard nproc 655350
- soft memlock unlimited
- hard memlock unlimited
EOF
设置kube-proxy开启ipvs
cat > /etc/sysconfig/modules/ipvs.modules <<EOF
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack
EOF
增加执行权限查询是否开启
chmod +x /etc/sysconfig/modules/ipvs.modules
sh /etc/sysconfig/modules/ipvs.modules
lsmod |egrep 'ip_vs|nf_conntrack'
配置ipvs模块
cat > /etc/modules-load.d/ipvs.conf << EOF
ip_vs
ip_vs_lc
ip_vs_wlc
ip_vs_rr
ip_vs_wrr
ip_vs_lblc
ip_vs_lblcr
ip_vs_dh
ip_vs_sh
ip_vs_fo
ip_vs_nq
ip_vs_sed
ip_vs_ftp
ip_vs_sh
nf_conntrack
ip_tables
ip_set
xt_set
ipt_set
ipt_rpfilter
ipt_REJECT
ipip
EOF
重新加载内核配置 警告忽略
systemctl enable --now systemd-modules-load.service
系统参数优化
cat > /etc/sysctl.d/k8s.conf << EOF
内核调优
vm.swappiness = 0
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
vm.overcommit_memory=1
vm.panic_on_oom=0
fs.inotify.max_user_watches=89100
fs.file-max=52706963
fs.nr_open=52706963
net.netfilter.nf_conntrack_max=2310720
net.ipv4.tcp_keepalive_time = 600
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.tcp_keepalive_intvl =15
net.ipv4.tcp_max_tw_buckets = 36000
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_max_orphans = 327680
net.ipv4.tcp_orphan_retries = 3
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_timestamps = 0
net.core.somaxconn = 16384
EOF
modprobe br_netfilter
sysctl -p /etc/sysctl.d/k8s.conf
七:设置docker 本地yum源
yum install -y createrepo
createrepo /yum/docker
yum clean all && yum makecache fast
yum install -y docker-ce docker-ce-cli containerd.io
八:启用rbd模块
modprobe rbd
cat > /etc/rc.sysinit << EOF
!/bin/bash
for file in /etc/sysconfig/modules/*.modules
do
[ -x $file ] && $file
done
EOF
cat > /etc/sysconfig/modules/rbd.modules << EOF
modprobe rbd
EOF
chmod 755 /etc/sysconfig/modules/rbd.modules
lsmod |grep rbd