【k8s】(二)kubernetes1.29.4离线部署之-镜像文件准备

离线镜像文件准备

**注意: **离线安装需要准备大量的镜像,这一步千万要仔细否则会出现各种意想不到的问题

需要准备的镜像文件
  1. kube-apiserver
  2. kube-controller-manager
  3. kube-scheduler
  4. kube-proxy
  5. kube-proxy
  6. coredns
  7. pause
  8. etcd

以上镜像文件可以从: registry.cn-hangzhou.aliyuncs.com/google_containers下载

  1. calico/node
  2. calico/kube-controllers
  3. calico/node
  4. calico/typha
  5. calico/node-driver-registrar
  6. calico/csi
  7. calico/cni
  8. calico/ctl
  9. calico/pod2daemon-flexvol
  10. calico/apiserver

以上可以直接从docker.io下载即可

注意: 以上所有的镜像文件务必准备到位。本文脚本中的几个版本便令注意修改到位:
KUBERNETES_VERSION=${KUBERNETES_VERSION:-“v1.29.4”}
COREDNS_VERSION=${COREDNS_VERSION:-‘v1.11.1’}
PAUSE_VERSION=${PAUSE_VERSION:-‘3.9’}
ETCD_VERSION=${ETCD_VERSION:-‘3.5.12-0’}
REGISTRY_VERSION=${REGISTRY_VERSION:-‘2.8.3’}
CALICO_VERSION=${CALICO_VERSION:-‘v3.27.3’}

完整的镜像下载脚本
#!/bin/bashENV_CFG=./env.cfg
if [ -f ${ENV_CFG} ] ; thenchmod 777 ${ENV_CFG}source ${ENV_CFG}
fi
image_list="${IMAGE_DOMAIN}/${IMAGE_NAMESPACE}/kube-apiserver:${KUBERNETES_VERSION}
${IMAGE_DOMAIN}/${IMAGE_NAMESPACE}/kube-controller-manager:${KUBERNETES_VERSION}
${IMAGE_DOMAIN}/${IMAGE_NAMESPACE}/kube-scheduler:${KUBERNETES_VERSION}
${IMAGE_DOMAIN}/${IMAGE_NAMESPACE}/kube-proxy:${KUBERNETES_VERSION}
${IMAGE_DOMAIN}/${IMAGE_NAMESPACE}/coredns:${COREDNS_VERSION}
${IMAGE_DOMAIN}/${IMAGE_NAMESPACE}/pause:${PAUSE_VERSION}
${IMAGE_DOMAIN}/${IMAGE_NAMESPACE}/etcd:${ETCD_VERSION}
calico/node:${CALICO_VERSION}
calico/kube-controllers:${CALICO_VERSION}
calico/node:${CALICO_VERSION}
calico/typha:${CALICO_VERSION}
calico/node-driver-registrar:${CALICO_VERSION}
calico/csi:${CALICO_VERSION}
calico/cni:${CALICO_VERSION}
calico/ctl:${CALICO_VERSION}
calico/pod2daemon-flexvol:${CALICO_VERSION}
calico/apiserver:${CALICO_VERSION}
"
#${IMAGE_DOMAIN}/${IMAGE_NAMESPACE}/registry:${REGISTRY_VERSION}newimage_list=()
for image in ${image_list}; dodocker pull "${image}"newimage=$(echo $image | sed -e "s/calico/${LOCAL_IMAGE_DOMAIN}\/calico/")newimage=$(echo $newimage | sed -e "s/${IMAGE_DOMAIN}\/${IMAGE_NAMESPACE}/${LOCAL_IMAGE_DOMAIN}\/${LOCAL_IMAGE_NAMESPACE}/")newimage_list+="${newimage} "docker tag $image $newimagedocker push $newimage
donedocker save -o qinghub-kube-"${VERSION}".tar ${newimage_list}
轻云官方下载

https:/qingplus.cn/pkg/kubernetes/v1.29.4/qinghub-kube-v1.29.4.tar
下载完成后再手动导入所有的镜像即可。详细过程不在细说。

环境初始化

检查步骤
  1. 关闭防火墙
  2. 关闭 swap partition permanently
  3. 配置检查时间同步
  4. 配置安装时间同步组件
  5. 配置检查 nfs-utils kubeadmin方式安装不需要检查
  6. 配置检查内核版本
  7. 配置检查资源情况
  8. 配置检查SSH
  9. 配置检查系统配置
  10. 配置检查转发 IPv4
  11. 配置检查Docker用户并添加ssh免密认证<authoirzed_keys> (建议手动执行)
  12. 配置检查Docker (容器运行时为Containerd时,不需要检查)
  13. 配置检查Docker用户权限 (容器运行时为Containerd时,不需要检查)
  14. 配置检查网络
完整的初始化脚本
#!/bin/bash###############################################
# QingHub K8S Install 版本: $VERSION
# 架构: $ARCH_TYPE 目前版本主要支持amd64,其他待敬请期待
# 操作系统: $os_type
# QingHub Studio官网: https://qinghub.net
# 如过您安装遇到问题,请到官网查找官方联系方式或加支持群:
#                                https://qinghub.net
###############################################ENV_CFG=./env.cfg
if [ -f ${ENV_CFG} ] ; thenchmod 777 ${ENV_CFG}source ${ENV_CFG}
fiexport CONSOLE=${CONSOLE:-false}
os_type=$(cat /etc/os-release | grep "^ID=" | awk -F= '{print $2}' | tr -d [:punct:])
os_version_id=$(cat /etc/os-release | grep "VERSION_ID=" | awk -F= '{print $2}' | tr -d [:punct:])if [ "$EUID" -ne 0 ]; thenif [ "$LANG" == "zh_CN.UTF-8" ]; thenecho -e "${RED}[ERROR] 当前用户不是 root 用户,请切换到 root 用户执行该脚本.${NC}"exit 1elseecho -e "${RED}[ERROR] Current user is not root user, please switch to root user to execute the script.${NC}"exit 1fi
fiif [ -z "$SSH_RSA" ]; thenif [ "$LANG" == "zh_CN.UTF-8" ]; thenecho -e "${RED}[ERROR] 请设置环境变量 SSH_RSA, 该变量为 SSH 公钥.${NC}"exit 1elseecho -e "${RED}[ERROR] Please set the environment variable SSH_RSA, the variable is SSH public key.${NC}"exit 1fi
fi###############################################
# 新增ubuntu 用户
# QingHub Studio官网: https://qinghub.net
# 如过您安装遇到问题,请到官网查找官方联系方式或加支持群:
#                                https://qinghub.net
###############################################
function add_user_in_ubuntu() {useradd --create-home -s /bin/bash -g root "$1"echo "$1":"$2" | chpasswdif [ "$LANG" == "zh_CN.UTF-8" ]; thenecho -e "${GREEN}[INFO] 用户 $1 已经创建.${NC}"elseecho -e "${GREEN}[INFO] User $1 has been created.${NC}"fi
}###############################################
# 新增redhat 用户
# QingHub Studio官网: https://qinghub.net
# 如过您安装遇到问题,请到官网查找官方联系方式或加支持群:
#                                https://qinghub.net
###############################################
function add_user_in_redhat() {adduser -g root "$1"echo "$1":"$2" | chpasswdif [ "$LANG" == "zh_CN.UTF-8" ]; thenecho -e "${GREEN}[INFO] 用户 $1 已经创建.${NC}"elseecho -e "${GREEN}[INFO] User $1 has been created.${NC}"fi
}###############################################
# 描述: 检查并新增用户, 有些版本可以不用检查,请使用时根据
# 情况自行注释掉
# QingHub Studio官网: https://qinghub.net
# 如过您安装遇到问题,请到官网查找官方联系方式或加支持群:
#                                https://qinghub.net
###############################################
function check_user() {if ! grep -q docker /etc/group; thengroupadd --force dockerfiif id -u "${DOCKER_USER}" >/dev/null 2>&1; thenif ! id -nG "${DOCKER_USER}" | grep -qw "docker"; thengpasswd -a "${DOCKER_USER}" dockerfiif [ "$LANG" == "zh_CN.UTF-8" ]; thenecho -e "${GREEN}[INFO] 用户 ${DOCKER_USER} 已经存在.${NC}"elseecho -e "${GREEN}[INFO] User ${DOCKER_USER} already exists.${NC}"fielsecase $os_type incentos|redhat|euleros|fusionos|anolis|kylin|rhel|rocky|fedora|openEuler)add_user_in_redhat "${DOCKER_USER}" "${DOCKER_PASS}";;ubuntu|debian)add_user_in_ubuntu "${DOCKER_USER}" "${DOCKER_PASS}";;*)if [ "$LANG" == "zh_CN.UTF-8" ]; thenecho -e "${RED}[ERROR] 暂不支持 $os_type 操作系统.${NC}"exit 1elseecho -e "${RED}[ERROR] The $os_type operating system is temporarily not supported.${NC}"exit 1fi;;esacfi$CONSOLE$CONSOLE || add_ssh_rsa "${DOCKER_USER}"
}function add_ssh_rsa() {if id -u "$user" >/dev/null 2>&1; thenif [ ! -d "/home/$1/.ssh" ]; thenif [ "$LANG" == "zh_CN.UTF-8" ]; thenecho -e "${GREEN}[INFO] 创建 /home/$1/.ssh 目录.${NC}"elseecho -e "${GREEN}[INFO] Create /home/$1/.ssh directory.${NC}"fimkdir -p /home/"$1"/.sshfiif [ -f "/home/$1/.ssh/authorized_keys" ]; thenif [ "$LANG" == "zh_CN.UTF-8" ]; thenecho -e "${GREEN}[INFO] /home/$1/.ssh/authorized_keys 已经存在.${NC}"elseecho -e "${GREEN}[INFO] /home/$1/.ssh/authorized_keys already exists.${NC}"fichmod 777 /home/"$1"/.ssh/authorized_keysif ! < /home/"$1"/.ssh/authorized_keys grep -q "$SSH_RSA"; thenecho "$SSH_RSA" >> /home/"$1"/.ssh/authorized_keysfielseif [ "$LANG" == "zh_CN.UTF-8" ]; thenecho -e "${GREEN}[INFO] 创建 /home/$1/.ssh/authorized_keys.${NC}"elseecho -e "${GREEN}[INFO] Create /home/$1/.ssh/authorized_keys.${NC}"fitouch /home/"$1"/.ssh/authorized_keyschmod 777 /home/"$1"/.ssh/authorized_keysecho "$SSH_RSA" > /home/"$1"/.ssh/authorized_keysfiif < /home/"$1"/.ssh/authorized_keys grep -q "$SSH_RSA"; thenif [ "$LANG" == "zh_CN.UTF-8" ]; thenecho -e "${GREEN}[INFO] 成功将 SSH 公钥添加到 /home/$1/.ssh/authorized_keys.${NC}"elseecho -e "${GREEN}[INFO] Successfully added ssh public key to /home/$1/.ssh/authorized_keys.${NC}"fielseif [ "$LANG" == "zh_CN.UTF-8" ]; thenecho -e "${RED}[ERROR] 将 SSH 公钥添加到 /home/$1/.ssh/authorized_keys 失败.${NC}"exit 1elseecho -e "${RED}[ERROR] Add ssh public key to /home/$1/.ssh/authorized_keys failed.${NC}"exit 1fifichmod 600 /home/"$1"/.ssh/authorized_keyschown -R "$1":"$1"  /home/"$1"/.sshfi
}function check_user_permission(){if su ${DOCKER_USER} -c "docker ps" >/dev/null 2>&1; thenif [ "$LANG" == "zh_CN.UTF-8" ]; thenecho -e "${GREEN}[INFO] Docker 用户有权限执行 docker 命令.${NC}"elseecho -e "${GREEN}[INFO] Docker users have the permission to execute docker commands.${NC}"fielseif [ "$LANG" == "zh_CN.UTF-8" ]; thenecho -e "${RED}[ERROR] Docker 用户无权限执行 docker 命令, 请尝试重启docker 'systemctl restart docker'. 重启 docker 后, 再次执行该脚本.${NC}"exit 1elseecho -e "${RED}[ERROR] Docker users have no permission to execute docker commands, Please try to restart docker 'systemctl restart docker'. After restarting docker, execute the script again.${NC}"exit 1fifi
}###############################################
# 描述: 关闭防火墙
# QingHub Studio官网: https://qinghub.net
# 如过您安装遇到问题,请到官网查找官方联系方式或加支持群:
#                                https://qinghub.net
###############################################
function disable_firewalld() {if systemctl status firewalld | grep Active | grep -q running >/dev/null 2>&1; thensystemctl stop firewalld >/dev/null 2>&1systemctl disable firewalld >/dev/null 2>&1if [ "$LANG" == "zh_CN.UTF-8" ]; thenecho -e "${GREEN}[INFO] 检测到 Firewalld 服务已启动,正在将 Firewalld 服务关闭并禁用.${NC}"elseecho -e "${GREEN}[INFO] The Firewalld service has been started, Firewalld service is being turned off and disabled.${NC}"fielseif [ "$LANG" == "zh_CN.UTF-8" ]; thenecho -e "${GREEN}[INFO] Firewalld 服务已经停止或未安装.${NC}"elseecho -e "${GREEN}[INFO] Firewalld service is not installed.${NC}"fifi
}###############################################
# 描述: 关闭swap
# QingHub Studio官网: https://qinghub.net
# 如过您安装遇到问题,请到官网查找官方联系方式或加支持群:
#                                https://qinghub.net
###############################################
function disable_swap() {if swapoff -a; thensed -i '/swap/s/^/#/' /etc/fstabif [ "$LANG" == "zh_CN.UTF-8" ]; thenecho -e "${GREEN}[INFO] swap 已经禁用.${NC}"elseecho -e "${GREEN}[INFO] swap has been disabled.${NC}"fifi
}function check_time_sync() {if timedatectl status | grep "NTP synchronized" | grep -q "yes" >/dev/null 2>&1 || timedatectl show | grep "NTPSynchronized=yes" >/dev/null 2>&1; thenif [ "$LANG" == "zh_CN.UTF-8" ]; thenecho -e "${GREEN}[INFO] NTP 时间同步已经启用.${NC}"elseecho -e "${GREEN}[INFO] NTP time synchronization has been enabled.${NC}"fielseif [ "$LANG" == "zh_CN.UTF-8" ]; thenecho -e "${YELLOW}[WARN] NTP 时间同步未启用.${NC}"elseecho -e "${YELLOW}[WARN] NTP time synchronization is not enabled.${NC}"fifi
}###############################################
# 描述: 安装时钟同步,请酌情修改并安装
# QingHub Studio官网: https://qinghub.net
# 如过您安装遇到问题,请到官网查找官方联系方式或加支持群:
#                                https://qinghub.net
###############################################
install_chrony(){case $os_type inubuntu|debian)if dpkg -l | grep -q chrony >/dev/null 2>&1; thenecho -e "${GREEN}[INFO] chrony 已经安装在主机上.${NC}"elseecho -e "${YELLOW}[WARN] chrony 未安装在主机上, 请执行命令安装 'apt -y install chrony'.${NC}"apt -y install chrony &> /dev/null;systemctl restart chronyd && systemctl enable --now chronyd &> /dev/nullsystemctl is-active chronyd &> /dev/nullfi;;*)if rpm -qa | grep -q chrony >/dev/null 2>&1; thenif [ "$LANG" == "zh_CN.UTF-8" ]; thenecho -e "${GREEN}[INFO] chrony 已经安装在主机上.${NC}"elseecho -e "${GREEN}[INFO] chrony has been installed on the host.${NC}"fielseif [ "$LANG" == "zh_CN.UTF-8" ]; thenecho -e "${YELLOW}[WARN] chrony 未安装在主机上, 请执行命令安装 'yum -y install chrony'.${NC}"elseecho -e "${YELLOW}[WARN] chrony is not installed on the host, please execute the command install 'yum -y install chrony'.${NC}"fiyum -y install chronyfi;;esacif [ "${CHRONY_TYPE}" == 'server' ]; thensudo bash -c 'cat > /etc/chrony.conf << EOF
pool ntp.aliyun.com iburst
driftfile /var/lib/chrony/drift
makestep 1.0 3
rtcsync
allow 10.0.0.0/24
local stratum 10
keyfile /etc/chrony.keys
leapsectz right/UTC
logdir /var/log/chrony
EOF'elsesudo bash -c 'cat > /etc/chrony.conf << EOF
pool ${CHRONY_SERVER} iburst
driftfile /var/lib/chrony/drift
makestep 1.0 3
rtcsync
keyfile /etc/chrony.keys
leapsectz right/UTC
logdir /var/log/chrony
EOF'fisystemctl restart chronyd && systemctl enable --now chronyd &> /dev/nullsystemctl is-active chronyd &> /dev/nullif [ "$LANG" == "zh_CN.UTF-8" ]; thenecho -e "${GREEN}[INFO] chrony 完成配置在主机上.${NC}"elseecho -e "${GREEN}[INFO] chrony has been configured on the host.${NC}"fi
}###############################################
# 描述: 优化配置forwarding_ipv4
# QingHub Studio官网: https://qinghub.net
# 如过您安装遇到问题,请到官网查找官方联系方式或加支持群:
#                                https://qinghub.net
###############################################
function check_forwarding_ipv4() {sudo bash -c 'cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
overlay
br_netfilter
EOF'sudo modprobe overlaysudo modprobe br_netfiltersudo bash -c 'cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables  = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward                 = 1
EOF'sudo sysctl --system#加载ipvs模块sudo bash -c 'cat <<EOF | sudo tee /etc/modules-load.d/ipvs.conf <<EOF
ip_vs
ip_vs_rr
ip_vs_wrr
ip_vs_sh
nf_conntrack
ip_tables
ip_set
xt_set
ipt_set
ipt_rpfilter
ipt_REJECT
ipip
EOF'systemctl restart systemd-modules-load.service
}###############################################
# 描述: 检查服务器资源状况
# QingHub Studio官网: https://qinghub.net
# 如过您安装遇到问题,请到官网查找官方联系方式或加支持群:
#                                https://qinghub.net
###############################################
function check_resource(){cpu=$(grep -c 'processor' /proc/cpuinfo)mem=$(free -g | awk '/^Mem/{print $2}')DISK_SPACE=$(df /|sed -n '2p'|awk '{print $2}')# check cpuif [ "${cpu}" -lt 2 ]; thenif [ "$LANG" == "zh_CN.UTF-8" ]; thenecho -e "${YELLOW}[WARN] CPU核数建议至少为2核.${NC}"elseecho -e "${YELLOW}[WARN] The cpu is recommended to be at least 2C.${NC}"fifi# check memoryif [ "${mem}" -lt 3 ]; thenif [ "$LANG" == "zh_CN.UTF-8" ]; thenecho -e "${YELLOW}[WARN] 内存建议至少为8G.${NC}"elseecho -e "${YELLOW}[WARN] The Memory is recommended to be at least 8G.${NC}"fifi# check disk spaceif [ "${DISK_SPACE}" -lt 47185920 ];thenif [ "$LANG" == "zh_CN.UTF-8" ]; thenecho -e "${YELLOW}[WARN] 根分区空间需大于 50G.${NC}"elseecho -e "${YELLOW}[WARN] The root partition space must be greater than 50G.${NC}"fifi
}###############################################
# 描述: 检查内核版本
# QingHub Studio官网: https://qinghub.net
# 如过您安装遇到问题,请到官网查找官方联系方式或加支持群:
#                                https://qinghub.net
###############################################
function check_kernel() {kernel_version=$(uname -r | awk -F. '{print $1}')if [ "$kernel_version" -lt "4" ]; thenif [ "$LANG" == "zh_CN.UTF-8" ]; thenecho -e "${YELLOW}[WARN] 内核版本必须高于4.0, 请尽快升级内核到4.0+.${NC}"elseecho -e "${YELLOW}[WARN] Kernel version must be higher than 4.0, Please upgrade the kernel to 4.0+ as soon as possible.${NC}"fifi
}###############################################
# 描述: 检查 nfs是否安装,这里并未自动安装
# QingHub Studio官网: https://qinghub.net
# 如过您安装遇到问题,请到官网查找官方联系方式或加支持群:
#                                https://qinghub.net
###############################################
function check_nfscli(){case $os_type inubuntu|debian)if dpkg -l | grep -q nfs-common >/dev/null 2>&1; thenif [ "$LANG" == "zh_CN.UTF-8" ]; thenecho -e "${GREEN}[INFO] nfs-common 已经安装在主机上.${NC}"elseecho -e "${GREEN}[INFO] nfs-common has been installed on the host.${NC}"fielseif [ "$LANG" == "zh_CN.UTF-8" ]; thenecho -e "${YELLOW}[WARN] nfs-common 未安装在主机上, 请执行命令安装 'apt -y install nfs-common'.${NC}"elseecho -e "${YELLOW}[WARN] nfs-common is not installed on the host, please execute the command install 'apt-get update && apt -y install nfs-common'.${NC}"fifi;;*)if rpm -qa | grep -q nfs-utils >/dev/null 2>&1; thenif [ "$LANG" == "zh_CN.UTF-8" ]; thenecho -e "${GREEN}[INFO] nfs-utils 已经安装在主机上.${NC}"elseecho -e "${GREEN}[INFO] nfs-utils has been installed on the host.${NC}"fielseif [ "$LANG" == "zh_CN.UTF-8" ]; thenecho -e "${YELLOW}[WARN] nfs-utils 未安装在主机上, 请执行命令安装 'yum -y install nfs-utils'.${NC}"elseecho -e "${YELLOW}[WARN] nfs-utils is not installed on the host, please execute the command install 'yum -y install nfs-utils'.${NC}"fifi;;esac
}function check_openssh(){if ssh -V >/dev/null 2>&1; thenOPENSSH_VERSION=$(ssh -V |& awk -F[_.] '{print $2}')if [ "${OPENSSH_VERSION}" -lt "7" ];thenif [ "$LANG" == "zh_CN.UTF-8" ]; thenecho -e "${YELLOW}[WARN] Openssh 版本必须高于 7.0.${NC}"elseecho -e "${YELLOW}[WARN] Openssh version must be higher than 7.0 ${NC}"fifielseif [ "$LANG" == "zh_CN.UTF-8" ]; thenecho -e "${RED}[ERROR] 需要安装 7.0+ 版本的openssh.${NC}"exit 1elseecho -e "${RED}[ERROR] Need to install 7.0+ version of openssh.${NC}"exit 1fifiif grep -v "^\s*#" /etc/ssh/sshd_config | grep "AllowTcpForwarding yes" >/dev/null 2>&1; thenif [ "$LANG" == "zh_CN.UTF-8" ]; thenecho -e "${GREEN}[INFO] /etc/ssh/sshd_config 已经配置 AllowTcpForwarding yes.${NC}"elseecho -e "${GREEN}[INFO] /etc/ssh/sshd_config has been configured AllowTcpForwarding yes.${NC}"fielseif grep "AllowTcpForwarding no" /etc/ssh/sshd_config >/dev/null 2>&1; thensed -i '/AllowTcpForwarding/s/^/#/' /etc/ssh/sshd_configsed -i '$a\AllowTcpForwarding yes' /etc/ssh/sshd_configelsesed -i '$a\AllowTcpForwarding yes' /etc/ssh/sshd_configfiif [ "$LANG" == "zh_CN.UTF-8" ]; thenecho -e "${YELLOW}[WARN] /etc/ssh/sshd_config 配置 AllowTcpForwarding yes 成功, 请执行命令重启 sshd 服务生效, 'systemctl restart sshd'.${NC}"elseecho -e "${YELLOW}[WARN] /etc/ssh/sshd_config AllowTcpForwarding yes is successfully configured, Run the following command to restart the sshd service to take effect, 'systemctl restart sshd'.${NC}"fifi
}###############################################
# 描述: 优化参数
# QingHub Studio官网: https://qinghub.net
# 如过您安装遇到问题,请到官网查找官方联系方式或加支持群:
#                                https://qinghub.net
###############################################
function optimize_linux() {sudo bash -c 'cat > /etc/sysctl.conf << EOF
net.bridge.bridge-nf-call-ip6tables=1
net.bridge.bridge-nf-call-iptables=1
net.ipv4.ip_forward=1
net.ipv4.conf.all.forwarding=1
net.ipv4.neigh.default.gc_thresh1=4096
net.ipv4.neigh.default.gc_thresh2=6144
net.ipv4.neigh.default.gc_thresh3=8192
net.ipv4.neigh.default.gc_interval=60
net.ipv4.neigh.default.gc_stale_time=120
kernel.perf_event_paranoid=-1
#sysctls for k8s node config
net.ipv4.tcp_slow_start_after_idle=0
net.core.rmem_max=16777216
fs.inotify.max_user_watches=524288
kernel.softlockup_all_cpu_backtrace=1
kernel.softlockup_panic=0
kernel.watchdog_thresh=30
fs.file-max=2097152
fs.inotify.max_user_instances=8192
fs.inotify.max_queued_events=16384
vm.max_map_count=262144
fs.may_detach_mounts=1
net.core.netdev_max_backlog=16384
net.ipv4.tcp_wmem=4096 12582912 16777216
net.core.wmem_max=16777216
net.core.somaxconn=32768
net.ipv4.ip_forward=1
net.ipv4.tcp_max_syn_backlog=8096
net.ipv4.tcp_rmem=4096 12582912 16777216net.ipv6.conf.all.disable_ipv6=1
net.ipv6.conf.default.disable_ipv6=1
net.ipv6.conf.lo.disable_ipv6=1kernel.yama.ptrace_scope=0
vm.swappiness=0
kernel.core_uses_pid=1
# Do not accept source routing
net.ipv4.conf.default.accept_source_route=0
net.ipv4.conf.all.accept_source_route=0# Promote secondary addresses when the primary address is removed
net.ipv4.conf.default.promote_secondaries=1
net.ipv4.conf.all.promote_secondaries=1# Enable hard and soft link protection
fs.protected_hardlinks=1
fs.protected_symlinks=1net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_announce=2
net.ipv4.conf.all.arp_announce=2net.ipv4.tcp_max_tw_buckets=5000
net.ipv4.tcp_syncookies=1
net.ipv4.tcp_fin_timeout=30
net.ipv4.tcp_synack_retries=2
kernel.sysrq=1
EOF'sudo sysctl -p >/dev/null 2>&1echo -e "${GREEN}[INFO] 优化kernel参数成功${NC}"
}function optimize_limits() {sudo bash -c 'cat >> /etc/security/limits.conf <<EOF
* soft nofile 1024000
* hard nofile 1024000
EOF'echo -e "${GREEN}[INFO] 优化limits参数成功${NC}"
}
function check_syscfg(){sudo chmod 777 /etc/sysctl.confsudo chmod 777 /sbin/sysctlsudo chmod 777 /etc/security/limits.confoptimize_linuxoptimize_limitssudo chmod 644 /etc/sysctl.confsudo chmod 755 /sbin/sysctlsudo chmod 644 /etc/security/limits.conf
}###############################################
# 描述: calico 网络配置初始化
# QingHub Studio官网: https://qinghub.net
# 如过您安装遇到问题,请到官网查找官方联系方式或加支持群:
#                                https://qinghub.net
###############################################
function  check_network() {sudo bash -c 'cat >> /etc/NetworkManager/conf.d/calico.conf << EOF
[keyfile]
unmanaged-devices=interface-name:cali*;interface-name:tunl*
unmanaged-devices=interface-name:cali*;interface-name:tunl*;interface-name:vxlan.calico;interface-name:wireguard.cali
EOF'systemctl restart NetworkManager
}###############################################
# 描述: 主入口函数
# QingHub Studio官网: https://qinghub.net
# 如过您安装遇到问题,请到官网查找官方联系方式或加支持群:
#                                https://qinghub.net
###############################################
function main {echo -e "${GREEN}[INFO] ==========开始检查并配置初始化========= ${NC}"# 停止 friewallddisable_firewalld# 关闭 swap partition permanentlydisable_swap# 配置检查时间同步check_time_sync# 配置安装时间同步组件install_chrony# 配置检查 nfs-utils kubeadmin方式安装不需要检查#check_nfscli# 配置检查内核版本check_kernel# 配置检查资源情况check_resource# 配置检查SSHcheck_openssh# 配置检查系统配置check_syscfg# 转发 IPv4check_forwarding_ipv4# 配置检查Docker用户并添加ssh免密认证<authoirzed_keys>check_user# 配置检查Docker  容器运行时为Containerd时,不需要检查#check_docker# 配置检查Docker用户权限 容器运行时为Containerd时,不需要检查#check_user_permission# 配置检查网络check_networkecho -e "${GREEN}[INFO] ==========成功完成检查并配置初始化========= ${NC}"
}main

你可以通过【QingHub Studio】) 套件直接安装部署,也可以手动按如下文档操作,该项目已经全面开源,完整的脚本可以从如下开源地址获取:
开源地址: https://gitee.com/qingplus/qingcloud-platform
【QingHub Studio集成开发套件】

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:http://www.mzph.cn/bicheng/929.shtml

如若内容造成侵权/违法违规/事实不符,请联系多彩编程网进行投诉反馈email:809451989@qq.com,一经查实,立即删除!

相关文章

【C++】哈希结构

目录 一&#xff0c;哈希结构的认识 1-1&#xff0c;哈希思想 1-2&#xff0c;哈希函数 1-3&#xff0c;哈希冲突 1-3-1&#xff0c;闭散列 1-3-2&#xff0c;开散列 二&#xff0c;哈希结构的封装实现 2-1&#xff0c;闭散列封装实现 ​编辑 2-2&#xff0c;开散列封…

带你认识Selenium函数

Selenium除了用于Web应用程序的测试外&#xff0c;还可以执行许多自动化操作。以下是一些Selenium可以实现的功能&#xff0c;并附带相应的代码示例来详细说明&#xff1a; 自动化操作&#xff1a; 使用Selenium&#xff0c;我们可以模拟用户的行为&#xff0c;如点击、输入、…

genetic algorithm

genetic algorithm 遗传算法

C++入门5.内联函数,auto关键字,基于范围的for循环(C++11),指针空值nullptr(C++11)

本篇是C过度C初始的最后一篇&#xff0c;快快对入门须知的知识有个印象后&#xff0c;就可以顺顺利利的学习C的类了。 目录 内联函数&#xff1a; 内联函数的特性&#xff1a; auto关键字(C11)&#xff1a; auto简介&#xff1a; 使用细则&#xff1a; auto不能推导的场…

基于java+springboot+vue实现的物业管理系统(文末源码+Lw+ppt)23-23

摘 要 快速发展的社会中&#xff0c;人们的生活水平都在提高&#xff0c;生活节奏也在逐渐加快。为了节省时间和提高工作效率&#xff0c;越来越多的人选择利用互联网进行线上打理各种事务&#xff0c;通过线上物业管理系统也就相继涌现。与此同时&#xff0c;人们开始接受方…

K8S基础概念

一、MASTER Kubernetes里的Master指的是集群控制节点&#xff0c;在每个Kubernetes集群里都需要有一个Master来负责整个集 群的管理和控制&#xff0c;基本上 Kubernetes的所有控制命令都发给它&#xff0c;它负责具体的执行过程&#xff0c;我们后 面执行的所有命 令基本都…

idea2024.1发布,lambda多语句的内联断点,增强spring图标等新特性,你没玩过的全新版本

这里是weihubeats,觉得文章不错可以关注公众号小奏技术 简述 2024-04-04 idea官方宣布发布了 一些重大更新 随后我便下载了你没玩过的全新版本IntelliJ IDEA Ultimeate版本试玩 然后脑子里面想到这个 开玩笑 实际下载完是这样 更新内容 更新的内容比较多 关键亮点主要有如下…

Redis入门到通关之数据结构解析-RedisObject

文章目录 ☃️概述☃️源码 ☃️概述 RedisObject 是 Redis 中表示数据对象的结构体&#xff0c;它是 Redis 数据库中的基本数据类型的抽象。在 Redis 中&#xff0c;所有的数据都被存储为 RedisObject 类型的对象。 RedisObject 结构体定义如下&#xff08;简化版本&#xf…

MDC搭配ttl

1.MDC 1.简介 MDC 介绍​ MDC&#xff08;Mapped Diagnostic Context&#xff0c;映射调试上下文&#xff09;是 log4j 和 logback 提供的一种方便在多线程条件下记录日志的功能。MDC 可以看成是一个与当前线程绑定的Map&#xff0c;可以往其中添加键值对。MDC 中包含的内容可…

JavaEE初阶Day 14:多线程(12)

目录 Day 14 &#xff1a;多线程&#xff08;12&#xff09;CAS的ABA问题Callable接口ReentrantLock信号量SemaphoreCountDownLatch集合类的多线程安全问题1. Collections.synchronizedList(new ArrayList)2. CopyOnWriteArrayList3. BlockingQueue4. ConcurrentHashMap Day 14…

CSS实现广告自动轮播

实现原理 该广告轮播功能的实现主要依靠HTML和CSS。HTML负责搭建轮播框架&#xff0c;而CSS则控制样式和动画效果。通过CSS中的关键帧动画&#xff08;Keyframes&#xff09;&#xff0c;我们可以定义图片在容器内的滚动效果&#xff0c;从而实现轮播功能。 HTML结构 首先&am…

如何搭建线下陪玩系统(本地伴游、多玩圈子)APP小程序H5多端前后端源码交付,支持二开!

一、卡顿的优化方法 1、对陪玩系统源码中流媒体传输的上行进行优化&#xff0c;通过提升推流端的设备性能配置、推流边缘CDN节点就近选择等方式解决音视频数据源流的卡顿。 2、对陪玩系统源码中音视频数据的下载链路进行优化&#xff0c;通过选择更近更优质的CDN边缘节点来减少…

Navicat导入sql文件图文教程

本文使用的MySQL工具为:Navicat.默认已经连接数据库!! 步骤: 1.右键自己的数据库,选择新建数据库. 2.输入数据库名称&#xff0c;字符集选择“utf8”&#xff0c;排序规则选择“ utf8_general_ci”,确定. 3.双击新建好的“数据库”。右键点击“运行SQL文件”。 4.选择本地的s…

linux信号相关概念

signal 信号引入什么是信号&#xff1f;如何产生信号&#xff1f;通过按键产生信号调用系统函数向进程发信号系统调用函数发送信号的流程: 由软件条件产生信号软件发送信号的流程&#xff1a; 硬件异常产生信号硬件异常的流程&#xff1a; Deliver、Pending、Block概念信号在内…

Vue 查看真实请求地址

当你在项目中配置了proxy代理&#xff0c;前端在浏览器开发调试的时候&#xff0c;是看不到真是的请求地址的。 这时候&#xff0c;后端要说话了&#xff1a;你这连的是我的地址吗&#xff1f;网络里这显示的也不对吧~ 前端: 额、不是在这里看的。既然你不相信我&#xff0c;…

wsl ubuntu18.04升级为cmake-3.15.3

wsl ubuntu18.04 默认的cmake为3.10&#xff0c;编译CMakeLists.txt经常需要高版本cmake。 升级过程如下&#xff1a; 下载cmake-3.15.3-Linux-x86_64.tar.gz wget https://cmake.org/files/v3.15/cmake-3.15.3-Linux-x86_64.tar.gz 解压文件 tar zxvf cmake-3.15.3-Linux-x86…

替代普通塑料吸头的PFA移液吸头

目前市场上的规格&#xff1a;0.01ml、0.05ml、0.1ml、0.2ml、0.5ml、1ml、2ml、5ml、10ml等均可定制加工PFA材质枪头&#xff0c;可以适配市场上大部分移液枪&#xff0c;普兰德&#xff0c;大龙&#xff0c;赛默飞&#xff0c;赛多利斯&#xff0c;力辰、吉尔森&#xff0c;瑞…

K8S哲学 - probe 探针

探针分类&#xff1a; liveness probe readiness probe startup probe Liveness Probe&#xff1a;用于检查容器是否还在运行。如果 Liveness Probe 失败&#xff0c;Kubernetes 会杀死容器&#xff0c;然后根据你的重启策略来决定是否重新启动容器。常见的做法是使用与 Readin…

error解决expression before ‘static‘

问题现象 报警如下 跳转到提示第125行&#xff0c;但是这行明显是没有问题的。 问题分析 经过排查可以看到&#xff0c;是120行的末尾\在S32DS编译器里面被认为是“接下一行”的意思&#xff0c;120行注释掉之后&#xff0c;后面的121行、122行、123行均被注释掉&#xff0c;…

2024年3月 青少年软件编程(图形化) 等级考试试卷(一级)

2024.3青少年软件编程&#xff08;图形化&#xff09; 等级考试试卷&#xff08;一级&#xff09; 一、 单选题(共 25 题&#xff0c; 共 50 分) 1.单击下列哪个按钮&#xff0c; 能够让舞台变为“全屏模式” &#xff1f; &#xff08; &#xff09; A. B. C. D. 标准答案&am…