本文基于CentOS 7.6 kubernetes v.1.17 系统初始化,供参考
#!/bin/bash
# data:2019-12-10
# centos 7.6
#角色划分
#Master | Kube-apiserver,kube-controller-manager,kube-scheduler,etcd,kube-proxy,docker,calico
#worker |Kubelet,kube-proxy,docker,calico
echo -e "\033[35m -----如下操作是升级Centos7.6系统内核----- \033[0m"
echo -e "\033[35m 01.-----安装elrepo的yum源----- \033[0m"
rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-2.el7.elrepo.noarch.rpm
rpm -import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
echo -e "\033[35m 02.-----列出可用的内核相关包----- \033[0m"
yum --disablerepo="*" --enablerepo="elrepo-kernel" list available
echo -e "\033[35m 03.-----安装 4.4.176 内核------ \033[0m"
yum --enablerepo=elrepo-kernel install kernel-lt kernel-lt-devel -y
echo -e "\033[35m 04.-----更改内核默认启动顺序----- \033[0m"
grub2-set-default 0
echo -e "\033[35m 05.&&&&&&-----需要重启服务器生效-----&&&&& \033[0m"
echo -e "\033[35m 06.-----安装必备软件------\033[0m"
yum install wget vim gcc git lrzsz net-tools tcpdump telnet rsync vim-enhanced curl net-tools conntrack-tools bind-utils socat ipvsadm ipset nc -y
echo -e "\033[35m 07.----- 调整内核参数----- \033[0m"
cat > /etc/sysctl.d/k8s.conf << EOF
net.ipv4.tcp_keepalive_time = 600
net.ipv4.tcp_keepalive_intvl = 30
net.ipv4.tcp_keepalive_probes = 10
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
net.ipv4.neigh.default.gc_stale_time = 120
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_announce = 2
net.ipv4.ip_forward = 1
net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 1024
net.ipv4.tcp_synack_retries = 2
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-arptables = 1
net.netfilter.nf_conntrack_max = 2310720
fs.inotify.max_user_watches=89100
fs.may_detach_mounts = 1
fs.file-max = 52706963
fs.nr_open = 52706963
EOF
echo -e "\033[35m 08.-----执行以下命令使修改生效----- \033[0m"
sysctl --system
modprobe br_netfilter
echo -e "\033[35m 09.-----加载 ipvs 模块(若内核大于4.19替换nf_conntrack_ipv4为nf_conntrack)----- \033[0m"
cat > /etc/sysconfig/modules/ipvs.modules <<EOF
#!/bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4
EOF
chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep -e ip_vs -e nf_conntrack_ipv4
# 查看加载
lsmod | grep -e ip_vs -e nf_conntrack_ipv4
ipvsadm -Ln
echo -e "\033[35m 010.----关闭防火墙----- \033[0m"
systemctl stop firewalld.service
systemctl disable firewalld.service
echo -e "\033[35m 011.-----禁用selinux------ \033[0m"
setenforce 0
sed -ri 's/^(SELINUX=)enforcing/\1disabled/' /etc/selinux/config
cat /etc/selinux/config | grep -w "SELINUX"
echo -e "\033[35m 012.-----关闭swap----- \033[0m"
swapoff -a
#永久关闭
sed -i -r '/swap/s/^/#/' /etc/fstab
free -m
echo -e "\033[35m 013.-----修改文件打开数----- \033[0m"
cat >>/etc/security/limits.conf <<EOF
* soft memlock unlimited
* hard memlock unlimited
* soft nofile 65535
* hard nofile 65535
* soft nproc 65535
* hard nproc 65535
EOF
ulimit -a
echo -e "\033[35m 014.-----修改/etc/hosts----- \033[0m"
cat >> /etc/hosts << EOF
192.168.204.158 k8s-master01
192.168.204.159 k8s-master02
192.168.204.160 k8s-master03
192.168.204.161 k8s-worker01
192.168.204.162 k8s-worker02
EOF
echo -e "\033[35m 015.----安装Docker-ce-18.09.7----- \033[0m"
echo -e "\033[35m 卸载旧版本docker \033[0m"
sudo yum remove docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-selinux docker-engine-selinux docker-engine -y
yum install -y yum-utils device-mapper-persistent-data lvm2
wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/dockerce.repo
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum list docker-ce --showduplicates | sort -r
yum -y install docker-ce-18.09.7 docker-ce-cli-18.09.7
docker --version
echo -e "\033[35m 016.-----配置 docker 参数----- \033[0m"
mkdir /etc/docker
cat <<EOF > /etc/docker/daemon.json
{
"registry-mirrors": ["https://dhq9bx4f.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "50m",
"max-file": "3"
},
"storage-driver": "overlay2",
"storage-opts": [
"overlay2.override_kernel_check=true"
]
}
EOF
cat /etc/docker/daemon.json
echo -e "\033[35m 017.----添加kubernetes阿里云YUM软件源----- \033[0m"
cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
cat /etc/yum.repos.d/kubernetes.repo
echo -e "\033[35m 018.----安装chrony时间同步服务---- \033[0m"
#yum -y install chrony
#systemctl enable chronyd.service
#systemctl start chronyd.service
echo -e "\033[35m 019.----#配置chrony时间同步阿里云ntp服务器----- \033[0m"
#echo "“
#sed -i -e '/^server/s/^/#/' -e '1a server ntp.aliyun.com iburst' /etc/chrony.conf
#systemctl restart chronyd.service
echo -e "\033[35m 020.----关闭不必要服务----- \033[0m"
systemctl disable auditd
systemctl disable postfix
systemctl disable irqbalance
systemctl disable remote-fs
systemctl disable tuned
systemctl disable rhel-configure
echo -e "\033[35m 021.----#初始化完成将重启系统----- \033[0m"
echo -e "\033[1;32m System initialization is complete and will be reboot in 10s...\033[0m"
sleep 10
reboot