1, the host situation
| ip | CPU name | node |
| 192.168.23.100 | k8smaster | master |
| 192.168.23.101 | k8snode01 | node |
| 192.168.23.102 | k8snode02 | node |
2、修改/etc/hosts
cat >> /etc/hosts << EOF
192.168.23.100 k8smaster
192.168.23.101 k8snode01
192.168.23.102 k8snode02
EOF
[root@k8smaster ~]# cat >> /etc/hosts << EOF
> 192.168.23.100 k8smaster
> 192.168.23.101 k8snode01
> 192.168.23.102 k8snode02
> EOF
[root@k8smaster ~]#
3、安装依赖
yum install -y conntrack ntpdate ntp ipvsadm ipset iptables curl sysstat libseccomp wget vim net-tools git iproute lrzsz bash-completion tree bridge-utils unzip bind-utils gcc
yum -y remove conntrack
yum -y remove ntpdate
yum -y remove ntp
yum -y remove ipvsadm
yum -y remove ipset
yum -y remove iptables
yum -y remove curl
yum -y remove sysstat
yum -y remove libseccomp
yum -y remove wget
yum -y remove vim
yum -y remove net-tools
yum -y remove git
yum -y remove iproute
yum -y remove lrzsz
yum -y remove bash-completion
yum -y remove tree
yum -y remove bridge-utils
yum -y remove unzip
yum -y remove bind-utils
yum -y remove gcc
4、关闭selinux
setenforce 0 && sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config
5, turn off the firewall, firewall settings to iptables and set the empty Rule
# close firewalld and canceled since the start
systemctl STOP firewalld && systemctl disable firewalld
# install iptables, start iptables, set the boot from Kai, empty iptables rules, save the current rules to the default rules
yum -y install iptables-services && systemctl start iptables && systemctl enable iptables && iptables -F && service iptables save
centos system, if there is no service this command / sbin directory, there will be
-bash: service: the Command not found
yum install initscripts
6, close the swap partition
# turn off virtual memory swap partition [permanent] and turn off virtual memory.
swapoff -a && sed -i '11s /
\ / dev / # \ / dev / g' / etc / fstab process when ** kubeadm initialization Kubernetes will detect swap partition in the end there is not closed, because if virtual memory is turned on, then, kubernetes container [pod] is likely to run on virtual memory, it will greatly reduce the efficiency of the container, and therefore will require Kubernetes forced to close, you can change this limit = false start by kubelet parameters --fail-swap-on . Recommended shut down to prevent the vessel appeared to run in a virtual memory is available.
7, the kernel configuration parameters, for K8S
CAT> kubernetes.conf the EOF <<
# open bridge mode Important]
net.bridge.bridge-NF-Call-iptables. 1 =
# open bridge mode Important]
net.bridge.bridge = the ip6tables-Call--nf. 1
is named net.ipv4.ip_forward and =. 1
net.ipv4.tcp_tw_recycle = 0
# prohibit the use of swap space, the system only when it is allowed to use only OOM
vm.swappiness = 0
# does not check the adequacy of the physical memory
=. 1 vm.overcommit_memory
# open the OOM
vm.panic_on_oom = 0
fs.inotify.max_user_instances = 8192
fs.inotify.max_user_watches = 1048576
fs.file-max = 52,706,963
fs.nr_open = 52,706,963
# ipv6 [Close] important
net.ipv6.conf =. 1 .all.disable_ipv6
net.netfilter.nf_conntrack_max = 2.31072 million
the EOF
# optimization /etc/sysctl.d/ kernel files are copied to the folder, so that when the boot file optimization can be called
CP kubernetes.conf /etc/sysctl.d/kubernetes.conf
# Manual refresh, so the optimized file with immediate effect
sysctl -p /etc/sysctl.d/kubernetes.conf
*** non Linux4 kernel will pop up "sysctl: can not stat / proc / sys / net / netfilter / nf_conntrack_max: no such file or directory ", can be ignored.
[root @ k8smaster K8S] More kubernetes.conf #
# open bridge mode [important]
net.bridge.bridge-of NF-Call-iptables = 1
# open bridge mode [important]
net.bridge.bridge-nf-call- =. 1 the ip6tables
is named net.ipv4.ip_forward and =. 1
net.ipv4.tcp_tw_recycle = 0
# prohibit the use of swap space, the system only when it is allowed to use only OOM
vm.swappiness = 0
# does not check whether enough physical memory
vm.overcommit_memory = 1
# open the OOM
vm.panic_on_oom = 0
fs.inotify.max_user_instances = 8192
fs.inotify.max_user_watches = 1048576
fs.file-max = 52,706,963
fs.nr_open = 52,706,963
# ipv6 off important]
net.ipv6.conf.all.disable_ipv6=1
net.netfilter.nf_conntrack_max=2310720
[root@k8smaster k8s]# cp kubernetes.conf /etc/sysctl.d/kubernetes.conf
[root@k8smaster k8s]# sysctl -p /etc/sysctl.d/kubernetes.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
net.ipv4.tcp_tw_recycle = 0
vm.swappiness = 0
vm.overcommit_memory = 1
vm.panic_on_oom = 0
fs.inotify.max_user_instances = 8192
fs.inotify.max_user_watches = 1048576
fs.file-max = 52706963
fs.nr_open = 52706963
net.ipv6.conf.all.disable_ipv6 = 1
net.netfilter.nf_conntrack_max = 2310720
[root @ k8smaster k8s] # scp kubernetes.conf 192.168.23.101:/etc/sysctl.d/kubernetes.conf
[email protected]'s password:
kubernetes.conf 165.1KB 575 100% / sec 0:00
[root @ k8smaster k8s] # scp kubernetes.conf 192.168.23.102:/etc/sysctl.d/kubernetes.conf
[email protected]'s password:
kubernetes.conf 176.7KB 575 100% / sec 0:00
[root @ k8smaster k8s] #
8, adjust the system time zone
# Set the system area to China / Shanghai
timedatectl the SET-TimeZone Asia / on Shanghai
# The current UTC time into the hardware clock
timedatectl the SET-local-the RTC 0
# restart depends on the system time of service
systemctl restart rsyslog
systemctl restart crond
[root@k8smaster k8s]# timedatectl set-timezone Asia/Shanghai
[root@k8smaster k8s]# timedatectl set-local-rtc 0
[root@k8smaster k8s]# systemctl restart rsyslog
[root@k8smaster k8s]# systemctl restart crond
9, the system shut down unnecessary services
# shut down and disable the mail service
systemctl STOP && systemctl disable postfix postfix
[root @ k8smaster K8S] # systemctl STOP && systemctl disable postfix postfix
Removed The symlink /etc/systemd/system/multi-user.target. Wants / postfix.service.
[root @ k8smaster K8S] #
10, save the log provided
after Centos7, because the boot mode to the system.d, so there are two log system while at work, the default is rsyslogd, and systemd journald
use systemd journald better, so we change the default systemd journald, retaining only way to save a log.
1) Create a directory to save the log
mkdir / var / log /. TECHNOLOGY INFORMATION
2) Create the configuration file storage directory
mkdir /etc/systemd/journald.conf.d
3) Create the configuration file
cat> /etc/systemd/journald.conf .d / 99-prophet.conf << EOF
[Journal]
# persistently saved to disk
Storage persistent =
# compression history log
compress = yes
SyncIntervalSec = 5m
RateLimitInterval = 30s
RateLimitBurst = 1000
# maximum space 10G
SystemMaxUse = 10G
# single log the maximum file size 200M
SystemMaxFileSize = 200M
# log save time two weeks
MaxRetentionSec = 2week
# will not be forwarded to the syslog log
ForwardToSyslog=no
EOF
4) Restart systemd journald configuration
systemctl the restart systemd-journald
[@ k8smaster the root K8S] # mkdir / var / log / TECHNOLOGY
[@ k8smaster the root K8S] # mkdir /etc/systemd/journald.conf.d
[@ k8smaster the root K8S ] # CAT> /etc/systemd/journald.conf.d/99-prophet.conf << EOF
> [Journal]
> # persistently saved to disk
> Storage persistent =
> # compression history log
> compress = yes
> SyncIntervalSec = 5m
> RateLimitInterval = 30s
> RateLimitBurst = 1000
> # maximum space 10G
> SystemMaxUse = 10G
> # single log file maximum 200M
> SystemMaxFileSize = 200M
> # log save time two weeks
> MaxRetentionSec = 2week
> # do not forward the logs to syslog
> = NO ForwardToSyslog
> the EOF
[root@k8smaster k8s]# systemctl restart systemd-journald
11, to adjust the number of open files
echo "* Soft nofile 65536" >> /etc/security/limits.conf
echo "* Hard nofile 65536" >> /etc/security/limits.conf
12, Linux kernel upgrade to version 4.44
, there are some Bugs CentOS 7.x system comes with 3.10.x kernel. Docker.Kubernetes run lead to instability.
Get the source rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-4.el7.elrepo.noarch.rpm
[root@k8smaster yum]# yum install kernel-lt -y
