k8s集群部署-初始化机器

#!/bin/bash

# 设置ipvs
cat > /etc/sysconfig/modules/ipvs.modules <<EOF
#!/bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
#modprobe -- nf_conntrack_ipv4
modprobe -- nf_conntrack
EOF

chmod +x /etc/sysconfig/modules/ipvs.modules

/etc/sysconfig/modules/ipvs.modules

cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
net.ipv4.tcp_tw_recycle = 0
vm.swappiness = 0  # 禁用swap,只有当系统OOM时才允许使用它
vm.overcommit_memory = 1 # 不检查物理内存是否够用
vm.panic_on_oom = 0 # 启用OOM
fs.inotify.max_user_instances = 8192
fs.inotify.max_user_watches = 1048576
fs.fles-max = 52706963
fs.nr_open = 52706963
net.ipv6.conf.all.disable_ipv6 = 1
net.netfilter.nf_conntrack_max = 2310720
EOF

sysctl --system


# 安装依赖包

yum -y install epel-release
yum -y install conntrack ntpdate ntp ipvsadm ipset jq iptables curl sysstat libseccomp wget  vim net-tools git

# 使用iptables
systemctl stop firewalld && systemctl stop disable firewalld
yum -y install iptables-services && systemctl start iptables && systemctl enable iptables && iptables -F && service iptables save

# 关闭selinux
setenforce 0  && sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config

# 设置时间
timedatectl set-timezone Asia/Shanghai
timedatectl set-ntp yes

# 设置rsyslog
mkdir /var/log/journal
mkdir /etc/systemd/journald.conf.d/
cat > /etc/systemd/journald.conf.d/99-set.conf << EOF
[Journal]
# 持久化保存到磁盘
Storage=persistent

# 压缩日志
Compress=yes

SyncIntervalSec=5m
RateLimitInterval=30s
RateLimitBurst=1000

# 最大占用空间
SystemMaxUse=4G

# 单个日志文件最大 200M
SysstemMaxFileSize=200M

# 日志保存时间2周
MaxRetentionSec=2week

# 不将日志转发到syslog
ForwardToSyslog=no

EOF

systemctl restart systemd-journald