swapoff -a && sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab yum -y install ipvsadm ipset sysstat conntrack libseccomp yum -y install wget jq psmisc vim net-tools telnet yum-utils unzip zip device-mapper-persistent-data lvm2 git lrzsz yum -y install perl yum -y install https://zhengyu1992.cn/file/software/kernel-lt-5.4.278-1.el7.elrepo.x86_64.rpm #curl -o /etc/yum.repos.d/elrepo.repo https://zhengyu1992.cn/file/software/elrepo.repo #lt为长期稳定版本,m1为长期维护版本 #yum -y install https://www.elrepo.org/elrepo-release-7.el7.elrepo.noarch.rpm #rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org #sed -i 's/^mirrorlist=/#mirrorlist=/' /etc/yum.repos.d/elrepo.repo #sed -i s#'elrepo.org/linux'#'mirrors.coreix.net/elrepo-archive-archive'#g /etc/yum.repos.d/elrepo.repo #yum --enablerepo="elrepo-kernel" -y install kernel-lt.x86_64 grub2-set-default 0 grub2-mkconfig -o /boot/grub2/grub.cfg grub2-mkconfig -o /boot/efi/EFI/centos/grub.cfg sed -i 's/ rd.lvm.lv=centos\/swap//' /etc/grub2.cfg sed -i 's/ rd.lvm.lv=centos\/swap//' /boot/grub2/grub.cfg sed -i 's/ rd.lvm.lv=centos\/swap//' /boot/efi/EFI/centos/grub.cfg awk -F\' '$1=="menuentry " {print i++ " : " $2}' /etc/grub2.cfg awk -F\' '$1=="menuentry " {print i++ " : " $2}' /boot/grub2/grub.cfg awk -F\' '$1=="menuentry " {print i++ " : " $2}' /boot/efi/EFI/centos/grub.cfg #reboot ls /usr/lib/modules/$(uname -r)/kernel/net/netfilter/ipvs|grep -o "^[^.]*" >/etc/modules-load.d/modules.conf echo 'xt_set br_netfilter overlay ip6table_mangle ip6table_nat ip6table_raw iptable_mangle iptable_nat iptable_raw xt_REDIRECT xt_connmark xt_conntrack xt_mark xt_owner xt_tcpudp xt_multiport bridge ip6_tables ip_tables nf_conntrack nf_nat x_tables' > /etc/modules-load.d/istio.conf systemctl enable --now systemd-modules-load.service systemctl restart systemd-modules-load.service chmod +x /etc/rc.local echo never > /sys/kernel/mm/transparent_hugepage/defrag echo never > /sys/kernel/mm/transparent_hugepage/enabled echo 'echo never > /sys/kernel/mm/transparent_hugepage/defrag' >> /etc/rc.local echo 'echo never > /sys/kernel/mm/transparent_hugepage/enabled' >> /etc/rc.local cat <<-EOF >> /etc/sysctl.conf vm.swappiness = 0 kernel.sysrq = 1 net.ipv4.neigh.default.gc_stale_time = 120 # see details in https://help.aliyun.com/knowledge_detail/39428.html net.ipv4.conf.all.rp_filter = 0 net.ipv4.conf.default.rp_filter = 0 net.ipv4.conf.default.arp_announce = 2 net.ipv4.conf.lo.arp_announce = 2 net.ipv4.conf.all.arp_announce = 2 # see details in https://help.aliyun.com/knowledge_detail/41334.html net.ipv4.tcp_max_tw_buckets = 262144 net.ipv4.tcp_syncookies = 1 # tcp_max_syn_backlog will only take effect when net.ipv4.tcp_syncookies == 0 # net.ipv4.tcp_max_syn_backlog = 65536 net.ipv4.tcp_synack_retries = 2 net.ipv4.tcp_slow_start_after_idle = 0 net.ipv6.conf.all.disable_ipv6=1 net.ipv6.conf.default.disable_ipv6=1 net.ipv6.conf.lo.disable_ipv6=1 net.ipv6.conf.all.forwarding = 1 EOF cat < /etc/sysctl.d/k8s.conf user.max_user_namespaces=0 kernel.softlockup_all_cpu_backtrace=1 kernel.pid_max=4194303 kernel.softlockup_panic=1 fs.file-max=52706963 fs.nr_open=52706963 fs.inotify.max_user_watches=524288 fs.inotify.max_user_instances=16384 fs.inotify.max_queued_events=16384 vm.max_map_count=262144 vm.overcommit_memory=1 vm.panic_on_oom=0 net.core.rmem_max=16777216 net.core.wmem_max=16777216 net.core.netdev_max_backlog=16384 net.core.somaxconn=32768 net.ipv4.ip_forward=1 net.ipv4.tcp_slow_start_after_idle=0 net.ipv4.tcp_rmem=4096 12582912 16777216 net.ipv4.tcp_wmem=4096 12582912 16777216 net.ipv4.neigh.default.gc_thresh3=8192 net.ipv4.neigh.default.gc_thresh2=1024 net.ipv4.tcp_max_syn_backlog=16384 net.bridge.bridge-nf-call-iptables=1 EOF sysctl -p /etc/sysctl.conf sysctl -p /etc/sysctl.d/k8s.conf ulimit -SHn 65535 cat >> /etc/security/limits.conf <