anolis8.9-k8s1.32-系统基本配置
- 创业
- 2025-09-19 04:27:01
一、系统信息
# cat /etc/anolis-release Anolis OS release 8.9
二、 firewalld设置 firewall-cmd --zone=public --add-port=6443/tcp --permanent firewall-cmd --zone=public --add-port=10250-10259/tcp --permanent firewall-cmd --zone=public --add-port=30000-32767/tcp --permanent firewall-cmd --zone=public --add-port=179/tcp --permanent firewall-cmd --zone=public --add-port=8472/udp --permanent firewall-cmd --reload 三、 selinux关闭默认关闭
四、 关闭swap # swapoff -a # sed -ri 's/.*swap.*/#&/' /etc/fstab # echo "vm.swappiness=0" >> /etc/sysctl.conf # sysctl -p 五、 主机时间同步--<这里作为时间服务器使用>chrony默认安装。
# egrep -v "^$|^#|^ *#" /etc/chrony.conf pool ntp.aliyun iburst driftfile /var/lib/chrony/drift makestep 1.0 3 rtcsync allow 192.168.0.0/16 local stratum 10 keyfile /etc/chrony.keys leapsectz right/UTC logdir /var/log/chrony # sudo systemctl enable --now chronyd # sudo firewall-cmd --permanent --add-service=ntp # firewall-cmd --reload # chronyc tracking # chronyc sources -v 六、 主机优化 # cat <<EOF >> /etc/security/limits.conf * soft nofile 655360 * hard nofile 131072 * soft nproc 655350 * hard nproc 655350 * soft memlock unlimited * hard memlock unlimited EOF 七、 ipvs安装 # dnf -y install ipvsadm ipset sysstat conntrack libseccomp # cat > /etc/sysconfig/modules/ipvs.modules <<EOF #!/bin/bash modprobe -- ip_vs modprobe -- ip_vs_lc modprobe -- ip_vs_wlc modprobe -- ip_vs_rr modprobe -- ip_vs_wrr modprobe -- ip_vs_lblc modprobe -- ip_vs_lblcr modprobe -- ip_vs_dh modprobe -- ip_vs_sh modprobe -- ip_vs_fo modprobe -- ip_vs_nq modprobe -- ip_vs_sed modprobe -- ip_vs_ftp modprobe -- ip_vs_sh modprobe -- nf_conntrack modprobe -- ip_tables modprobe -- ip_set modprobe -- xt_set modprobe -- ipt_set modprobe -- ipt_rpfilter modprobe -- ipt_REJECT modprobe -- ipip EOF # cat > /etc/modules-load.d/containerd.conf <<EOF overlay br_netfilter ip_vs ip_vs_rr ip_vs_wrr ip_vs_sh nf_conntrack EOF # chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep ip_vs 八、 内核优化 # cat <<EOF > /etc/sysctl.d/k8s.conf net.ipv4.ip_forward = 1 net.bridge.bridge-nf-call-iptables = 1 net.bridge.bridge-nf-call-ip6tables = 1 fs.may_detach_mounts = 1 vm.overcommit_memory = 1 vm.panic_on_oom = 0 fs.inotify.max_user_watches = 89100 fs.file-max=52706963 fs.nr_opne=52706963 net.netfilter.nf_conntrack_max=2310720 net.ipv4.tcp_keepalive_time=600 net.ipv4.tcp_keepalive_probes=3 net.ipv4.tcp_keepalive_intvl=15 net.ipv4.tcp_max_tw_buckets=36000 net.ipv4.tcp_tw_reuse=1 net.ipv4.tcp_max_orphans=327680 net.ipv4.tcp_orphan_retries=3 net.ipv4.tcp_syncookies=1 net.ipv4.tcp_max_syn_backlog=16384 net.ipv4.ip_conntrack_max=131072 net.ipv4.tcp_max_syn_backlog=16384 net.ipv4.tcp_timestamps=0 net.core.somaxconn=16384 EOF # sysctl --systemanolis8.9-k8s1.32-系统基本配置由讯客互联创业栏目发布,感谢您对讯客互联的认可,以及对我们原创作品以及文章的青睐,非常欢迎各位朋友分享到个人网站或者朋友圈,但转载请说明文章出处“anolis8.9-k8s1.32-系统基本配置”
