转载说明：如果您喜欢这篇文章并打算转载它，请私信作者取得授权。感谢您喜爱本文，请文明转载，谢谢。

---

关联文章：

《RKE快速搭建离线k8s集群并用rancher管理界面》

1.创建普通用户sre并赋予sudo权限

# adduser sre
# echo "sre ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers# gpasswd -a sre root  #将登陆用户sre加入到root用户组中
# newgrp root   #更新用户组

2.关闭selinux、swap和防火墙

# 关闭selinux
# sed -ri 's#(SELINUX=).*#\1disabled#' /etc/selinux/config && setenforce 0
# 关闭swap
# swapoff -a && sed -i '/swap/s/^/#/g' /etc/fstab
# 关闭防火墙
# systemctl disable firewalld && systemctl stop firewalld

3.设置内核参数

# modprobe overlay
# modprobe br_netfilter

4.在/etc/security/limits.conf末尾是否添加参数

root soft nofile 65535
root hard nofile 65535
* soft nofile 65535
* hard nofile 65535

5.创建/etc/sysctl.d/k8s.conf文件，内容如下

net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.ip_local_port_range = 1024 65535
net.ipv4.tcp_fin_timeout = 10
net.ipv4.tcp_keepalive_time = 100
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 819200
net.ipv4.tcp_max_tw_buckets = 20000
net.ipv4.tcp_rmem=4096 87380 16777216
net.ipv4.tcp_wmem=4096 65536 16777216
net.core.netdev_max_backlog=300000
net.ipv4.ip_forward = 1
net.ipv4.tcp_ecn=0
net.ipv4.ip_nonlocal_bind = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.default.rp_filter = 0
fs.inotify.max_user_instances = 1280
fs.inotify.max_queued_events = 163840
fs.inotify.max_user_watches = 8192000
vm.swappiness = 10
vm.drop_caches = 2
net.ipv4.tcp_retries2 = 5
net.core.somaxconn = 65535
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
vm.max_map_count = 262144

执行命令让配置生效：

sysctl -p &&  sysctl -p /etc/sysctl.d/k8s.conf

6.开启ipvs

cat > /etc/sysconfig/modules/ipvs.modules <
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4
EOF

7.升级内核版本

此处升级到5.4.124版本上传压缩包kernel5.4.zip到服务器

# 1）安装rpm包：
[root@k8s-master01 ~]# cd kernel5.4 && rpm -Uvh --force --nodeps *rpm        #确保rpm包安装无误# 2）查看新版本内核顺序：
[root@k8s-master01 ~]# awk -F\' '$1=="menuentry " {print $2}' /etc/grub2.cfg
CentOS Linux (5.4.124-1.el7.elrepo.x86_64) 7 (Core) #
CentOS Linux (3.10.0-1160.15.2.el7.x86_64) 7 (Core)
CentOS Linux (3.10.0-957.el7.x86_64) 7 (Core)
CentOS Linux (0-rescue-de03a5f3bf5a4b7e9df939c9dc5b428d) 7 (Core)
[root@k8s-master01 ~]## 3）修改内核的启动顺序为0：
[root@k8s-master01 ~]# sed -i 's#GRUB_DEFAULT=saved#GRUB_DEFAULT=0#g' /etc/default/grub# 查看修改结果：
[root@k8s-master01 ~]# grep "GRUB_DEFAULT=0" /etc/default/grub
GRUB_DEFAULT=0
[root@k8s-master01 ~]# # 4）接着运行grub2-mkconfig命令来重新创建内核配置
[root@k8s-master01 kernel5.4]# grub2-mkconfig -o /boot/grub2/grub.cfg
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-5.4.124-1.el7.elrepo.x86_64
Found initrd image: /boot/initramfs-5.4.124-1.el7.elrepo.x86_64.img
Found linux image: /boot/vmlinuz-3.10.0-957.el7.x86_64
Found initrd image: /boot/initramfs-3.10.0-957.el7.x86_64.img
Found linux image: /boot/vmlinuz-0-rescue-c465ccc35a5e40e4ad2da6735b24234a
Found initrd image: /boot/initramfs-0-rescue-c465ccc35a5e40e4ad2da6735b24234a.img
done
[root@k8s-master01 kernel5.4]# # 5）重启服务器
[root@k8s-master01 ~]# reboot# 6）检查内核版本
[root@k8s-master01 ~]# uname -r
5.4.124-1.el7.elrepo.x86_64
[root@k8s-master01 ~]#

8.docker版本离线安装

dockerce-20.zip上传到服务器并解压

1）安装docker-ce

# cd dockerce-20 && ./install.sh -f docker-20.10.6.tgz
# 设置docker开启自启动：
# systemctl enable docker

2）创建镜像加速文件：/etc/docker/daemon.json

{
"graph":"/home/docker",
"exec-opts":["native.cgroupdriver=systemd"],
"insecure-registries": ["harbor.test.com:8000"], #私有harbor镜像仓库地址
"registry-mirrors": ["https://1l3yp2sl.mirror.aliyuncs.com"], #阿里云加速镜像
"bip": "192.168.0.1/24" #指定docker虚拟IP，这
}

3）重新加载docker配置并重启

# systemctl daemon-reload 
# systemctl restart docker