升级内核

Shell># rpm —import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
Shell># rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-2.el7.elrepo.noarch.rpm
Shell># yum —enablerepo=elrepo-kernel -y install kernel-ml-devel kernel-ml
Shell># grub2-set-default 0
Shell># init 6

调整内核参数

net.ipv4.ip_forward = 1

关闭swap

在kubernetes系统中，推荐禁用！如果在系统安装过程中，启用了swap，请使用以下命令关闭

Shell># swapoff -a

也可删除/etc/fstab中的相关信息，彻底清除
验证

Shell># free -m

防火墙

推荐关闭

selinux

推荐设置为disable

安装常用必备软件

shell># yum -y install chrony kubelet docker flannel

说明

• chrony ：时间同步用的。我们将配置它同步ntp.k8s.com的时间，这里不说明如何调整。
• kubelet ：使用私有yum仓库，安装kubelet 1.9.0
• docker ：安装了docker 17.12 ce版本，使用了官方的yum仓库
• flannel ：网络插件，使用了yum安装。

配置docker

shell># vi /usr/lib/systemd/system/docker.service

[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service
Wants=network-online.target
[Service]
Type=notify
EnvironmentFile=-/run/flannel/docker
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd  $DOCKER_NETWORK_OPTIONS
ExecReload=/bin/kill -s HUP $MAINPID
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
# Uncomment TasksMax if your systemd version supports it.
# Only systemd 226 and above support this version.
#TasksMax=infinity
TimeoutStartSec=0
# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes
# kill only the docker process, not all processes in the cgroup
KillMode=process
# restart the docker process if it exits prematurely
Restart=on-failure
StartLimitBurst=3
StartLimitInterval=60s
[Install]
WantedBy=multi-user.target