1,swapoff -a
2,setenforce 0
3,systemctl stop firewalld
4,固定 IP 地址
cd /etc/sysconfig/network-scripts
vi ifcfg-ens33
DEVICE=ens33
BOOTPROTO=static
IPADDR=192.168.1.9
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
NETWORK=192.168.1.0
ONBOOT=yes
5, 修改docker 镜像加速
cat /etc/docker/daemon.json
{
“registry-mirrors”: [“https://3iv1aqw6.mirror.aliyuncs.com“]
}
6,调整 系统参数
cat /root/kubernetes.conf
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1
net.ipv4.ip_forward=1
net.ipv4.tcp_tw_recycle=0
vm.swappiness=0
vm.overcommit_memory=1
vm.panic_on_oom=0
fs.inotify.max_user_watches=89100
fs.file-max=52706963
fs.nr_open=52706963
net.ipv6.conf.all.disable_ipv6=1
net.netfilter.nf_conntrack_max=2310720
sysctl -p /root/kubernetes.conf
7,yum 源
yum install -y ebtables socat
cat < /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
yum install -y kubelet kubeadm kubectl
7,安装 flannel
cat subnet.env
FLANNEL_NETWORK=10.233.0.0/16
FLANNEL_SUBNET=10.233.65.1/24
FLANNEL_MTU=1450
FLANNEL_IPMASQ=true
[root@worker1 flannel]# pwd
/run/flannel
要修改 cat /usr/lib/systemd/system/docker.service
添加 —bip=10.233.65.1/24 —ip-masq=true —mtu=1450 (否则会造成 pod 跟 worknode 不通)
完整的文件
cat /usr/lib/systemd/system/docker.service
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
BindsTo=containerd.service
After=network-online.target firewalld.service containerd.service
Wants=network-online.target
Requires=docker.socket
[Service]
Type=notify
the default is not to use systemd for cgroups because the delegate issues still
exists and systemd currently does not support the cgroup feature set required
for containers run by docker
ExecStart=/usr/bin/dockerd -H fd:// —containerd=/run/containerd/containerd.sock —bip=10.233.65.1/24 —ip-masq=true —mtu=1450
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always
Note that StartLimit* options were moved from “Service” to “Unit” in systemd 229.
Both the old, and new location are accepted by systemd 229 and up, so using the old location
to make them work for either version of systemd.
StartLimitBurst=3
Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230.
Both the old, and new name are accepted by systemd 230 and up, so using the old name to make
this option work for either version of systemd.
StartLimitInterval=60s
Having non-zero Limit*s causes performance problems due to accounting overhead
in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
Comment TasksMax if your systemd version does not support it.
Only systemd 226 and above support this option.
TasksMax=infinity
set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes
kill only the docker process, not all processes in the cgroup
KillMode=process
[Install]
WantedBy=multi-user.target
8,使用rancher 的时候, 要使用
docker run -d —privileged —restart=unless-stopped -p 80:80 -p 443:443 -v /root/var/log/auditlog:/var/log/auditlog -e AUDIT_LEVEL=3 registry.cn-hangzhou.aliyuncs.com/rancher/rancher:v2.5.1
若有收获,就点个赞吧
0 人点赞
