2.2 内核配置

为了集群的稳定性和兼容性,生产环境的内核最好升级到4.18版本以上,本示例将升级到4.19版本。

Master01下载离线包:

将安装包从Master01节点传到其他节点:

所有节点安装内核:

     # cd /root && yum localinstall -y kernel-ml*

所有节点更改内核启动顺序:

所有节点检查默认内核是不是4.19版本:

     # grubby --default-kernel
     /boot/vmlinuz-4.19.12-1.el7.elrepo.x86_64

所有节点重启,然后检查内核是不是4.19版本:

所有节点安装ipvsadm和ipset:

     # yum install ipvsadm ipset sysstat conntrack libseccomp -y

所有节点配置ipvs模块,在内核4.19+版本nf_conntrack_ipv4已经改为nf_conntrack,4.18以下版本使用nf_conntrack_ipv4即可:

     # vim /etc/modules-load.d/ipvs.conf
     # 加入以下内容
     ip_vs
     ip_vs_lc
     ip_vs_wlc
     ip_vs_rr
     ip_vs_wrr
     ip_vs_lblc
     ip_vs_lblcr
     ip_vs_dh
     ip_vs_sh
     ip_vs_fo
     ip_vs_nq
     ip_vs_sed
     ip_vs_ftp
     ip_vs_sh
     nf_conntrack # 4.18改为nf_conntrack_ipv4
     ip_tables
     ip_set
     xt_set
     ipt_set
     ipt_rpfilter
     ipt_REJECT
     ipip

然后执行systemctl enable --now systemd-modules-load.service即可。

开启一些K8s集群中必需的内核参数,所有节点配置K8s内核:

     # cat <<EOF > /etc/sysctl.d/k8s.conf
     net.ipv4.ip_forward = 1
     net.bridge.bridge-nf-call-iptables = 1
     net.bridge.bridge-nf-call-ip6tables = 1
     fs.may_detach_mounts = 1
     net.ipv4.conf.all.route_localnet = 1
     vm.overcommit_memory=1
     vm.panic_on_oom=0
     fs.inotify.max_user_watches=89100
     fs.file-max=52706963
     fs.nr_open=52706963
     net.netfilter.nf_conntrack_max=2310720
     
     net.ipv4.tcp_keepalive_time = 600
     net.ipv4.tcp_keepalive_probes = 3
     net.ipv4.tcp_keepalive_intvl =15
     net.ipv4.tcp_max_tw_buckets = 36000
     net.ipv4.tcp_tw_reuse = 1
     net.ipv4.tcp_max_orphans = 327680
     net.ipv4.tcp_orphan_retries = 3
     net.ipv4.tcp_syncookies = 1
     net.ipv4.tcp_max_syn_backlog = 16384
     net.ipv4.ip_conntrack_max = 65536
     net.ipv4.tcp_max_syn_backlog = 16384
     net.ipv4.tcp_timestamps = 0
     net.core.somaxconn = 16384
     EOF
     # sysctl --system

所有节点配置完内核后,重启服务器,保证重启后内核依旧加载:

     # reboot
     # lsmod | grep --color=auto -e ip_vs -e nf_conntrack