yum -y install ipvsadm ipset sysstat conntrack libseccomp配置 ipvs 模块(内核 4.19 版本以前使用 nf_conntrack_ipv4 , 以后使用 nf_conntrack)
modprobe -- ip_vsmodprobe -- ip_vs_rrmodprobe -- ip_vs_wrrmodprobe -- ip_vs_shmodprobe -- nf_conntrackcat > /etc/modules-load.d/ipvs.conf << EOFip_vsip_vs_lcip_vs_wlcip_vs_rrip_vs_wrrip_vs_lblcip_vs_lblcrip_vs_dhip_vs_ship_vs_foip_vs_nqip_vs_sedip_vs_ftpip_vs_shnf_conntrackip_tablesip_setxt_setipt_setipt_rpfilteript_REJECTipipEOF重新加载配置
# 加载内核配置 警告忽略systemctl enable --now systemd-modules-load.service检查确认
[root@localhost etc]# lsmod | grep --color=auto -e ip_vs -e nf_conntrackip_vs_ftp163840ip_vs_sed163840ip_vs_nq163840ip_vs_fo163840ip_vs_dh163840ip_vs_lblcr163840ip_vs_lblc163840ip_vs_wlc163840ip_vs_lc163840ip_vs_sh163840ip_vs_wrr163840ip_vs_rr163840ip_vs17612824 ip_vs_wlc,ip_vs_rr,ip_vs_dh,ip_vs_lblcr,ip_vs_sh,ip_vs_fo,ip_vs_nq,ip_vs_lblc,ip_vs_wrr,ip_vs_lc,ip_vs_sed,ip_vs_ftpnf_conntrack_tftp204803 nf_nat_tftpnf_nat491524 nf_nat_tftp,nft_chain_nat,xt_MASQUERADE,ip_vs_ftpnf_conntrack1597447 xt_conntrack,nf_nat,nf_conntrack_tftp,nft_ct,nf_nat_tftp,xt_MASQUERADE,ip_vsnf_defrag_ipv6245762 nf_conntrack,ip_vsnf_defrag_ipv4163841 nf_conntracklibcrc32c163844 nf_conntrack,nf_nat,xfs,ip_vs# 或者[root@localhost etc]# cut -f1 -d " "/proc/modules | grep -e ip_vs -e nf_conntrackip_vs_ftpip_vs_sedip_vs_nqip_vs_foip_vs_dhip_vs_lblcrip_vs_lblcip_vs_wlcip_vs_lcip_vs_ship_vs_wrrip_vs_rrip_vsnf_conntrack_tftpnf_conntrack12 优化系统参数添加内核调优参数 , 某些参数对 Kubernetes 集群很重要(不一定是最优 , 各取所有)
cat >> /etc/sysctl.d/user.conf << EOF# 内核调优net.ipv4.ip_forward = 1net.bridge.bridge-nf-call-iptables = 1net.bridge.bridge-nf-call-ip6tables = 1fs.may_detach_mounts = 1vm.overcommit_memory=1vm.panic_on_oom=0fs.inotify.max_user_watches=89100fs.file-max=52706963fs.nr_open=52706963net.netfilter.nf_conntrack_max=2310720net.ipv4.tcp_keepalive_time = 600net.ipv4.tcp_keepalive_probes = 3net.ipv4.tcp_keepalive_intvl =15net.ipv4.tcp_max_tw_buckets = 36000net.ipv4.tcp_tw_reuse = 1net.ipv4.tcp_max_orphans = 327680net.ipv4.tcp_orphan_retries = 3net.ipv4.tcp_syncookies = 1net.ipv4.tcp_max_syn_backlog = 16384net.ipv4.ip_conntrack_max = 65536net.ipv4.tcp_timestamps = 0net.core.somaxconn = 16384EOF两种方式
1 单独指定配置文件加载
sysctl -p /etc/sysctl.d/user.conf2 手动加载所有的配置文件
[root@localhost etc]# sysctl --system* Applying /usr/lib/sysctl.d/10-default-yama-scope.conf ...kernel.yama.ptrace_scope = 0* Applying /usr/lib/sysctl.d/50-coredump.conf ...kernel.core_pattern = |/usr/lib/systemd/systemd-coredump %P %u %g %s %t %c %h %e* Applying /usr/lib/sysctl.d/50-default.conf ...kernel.sysrq = 16kernel.core_uses_pid = 1kernel.kptr_restrict = 1net.ipv4.conf.all.rp_filter = 1net.ipv4.conf.all.accept_source_route = 0net.ipv4.conf.all.promote_secondaries = 1net.core.default_qdisc = fq_codelfs.protected_hardlinks = 1fs.protected_symlinks = 1* Applying /usr/lib/sysctl.d/50-libkcapi-optmem_max.conf ...net.core.optmem_max = 81920* Applying /usr/lib/sysctl.d/50-pid-max.conf ...kernel.pid_max = 4194304* Applying /usr/lib/sysctl.d/60-libvirtd.conf ...fs.aio-max-nr = 1048576* Applying /etc/sysctl.d/99-sysctl.conf ...* Applying /etc/sysctl.d/user.conf ...net.ipv4.ip_forward = 1vm.overcommit_memory = 1vm.panic_on_oom = 0fs.inotify.max_user_watches = 89100fs.file-max = 52706963fs.nr_open = 52706963net.netfilter.nf_conntrack_max = 2310720net.ipv4.tcp_keepalive_time = 600net.ipv4.tcp_keepalive_probes = 3net.ipv4.tcp_keepalive_intvl = 15net.ipv4.tcp_max_tw_buckets = 36000net.ipv4.tcp_tw_reuse = 1net.ipv4.tcp_max_orphans = 327680net.ipv4.tcp_orphan_retries = 3net.ipv4.tcp_syncookies = 1net.ipv4.tcp_max_syn_backlog = 16384net.ipv4.tcp_timestamps = 0net.core.somaxconn = 16384* Applying /etc/sysctl.conf ...
经验总结扩展阅读
- redis bitmap数据结构之java对等操作
- Docker | dockerfile构建centos镜像,以及CMD和ENTRYPOINT的区别
- 处女座男对有好感的表现处女座男遇到真爱的表现
- 没有爱情的婚姻也能幸福的星座配对
- 来者不拒是哪些星座对待爱情的态度
- 恋爱中对方做什么会让十二星座特别失望
- 总让人觉得他们已经离婚了的星座配对
- 恋爱期间不会去见对方家长的星座
- 在一起矛盾只会越来越多的星座配对
- 哪些星座配对是大家的爱情榜样