k8s安装初始化

hostnamectl set-hostname master01

vim /etc/hosts

升级内核

#关闭防火墙
systemctl stop firewalld
systemctl disable firewalld
#关闭swap
swapoff -a
sed -ri 's/.*swap.*/#&/' /etc/fstab
#设置seLinux
setenforce 0
vim /etc/selinux/config
SELINUX=enforcing ---> SELINUX=disabled


时间同步
yum install chrony -y
systemctl start chronyd
systemctl enable chronyd
chronyc sources


#模块配置
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
overlay
br_netfilter
EOF

modprobe overlay
modprobe br_netfilter
systemctl restart systemd-modules-load.service

#配置limit ???
cat >> /etc/security/limits.conf <<EOF
* soft nofile 655360
* hard nofile 131072
* soft nproc 655350
* hard nproc 655350
* seft memlock unlimited
* hard memlock unlimitedd
EOF

#ipvs配置
yum install ipvsadm ipset sysstat conntrack libseccomp -y

cat >> /etc/modules-load.d/ipvs.conf <<EOF 
ip_vs
ip_vs_rr
ip_vs_wrr
ip_vs_sh
nf_conntrack
ip_tables
ip_set
xt_set
ipt_set
ipt_rpfilter
ipt_REJECT
ipip
EOF

systemctl restart systemd-modules-load.service
lsmod | grep -e ip_vs -e nf_conntrack

cfssl

url=https://github.com/cloudflare/cfssl/releases/download
ver=1.6.1

curl -L -o /usr/local/bin/cfssl           ${url}/v${ver}/cfssl_${ver}_linux_amd64
curl -L -o /usr/local/bin/cfssljson       ${url}/v${ver}/cfssljson_${ver}_linux_amd64
curl -L -o /usr/local/bin/cfssl-certinfo  ${url}/v${ver}/cfssl-certinfo_${ver}_linux_amd64

chmod +x /usr/local/bin/cfssl*
export PATH=$PATH:$HOME/bin:/usr/local/bin
cfssl version