dnf -y install ipvsadm ipset sysstat conntrack libseccomp wget jq psmisc vim net-tools telnet yum-utils unzip zip device-mapper-persistent-data lvm2 git lrzsz dmidecode bash-completion

ls /usr/lib/modules/$(uname -r)/kernel/net/netfilter/ipvs|grep -o "^[^.]*" >/etc/modules-load.d/modules.conf
echo 'xt_set
br_netfilter
overlay
ip6table_mangle
ip6table_nat
ip6table_raw
iptable_mangle
iptable_nat
iptable_raw
xt_REDIRECT
xt_connmark
xt_conntrack
xt_mark
xt_owner
xt_tcpudp
xt_multiport
bridge
ip6_tables
ip_tables
nf_conntrack
nf_nat
x_tables' > /etc/modules-load.d/istio.conf
systemctl enable --now systemd-modules-load.service
systemctl restart systemd-modules-load.service

chmod +x /etc/rc.local
echo never > /sys/kernel/mm/transparent_hugepage/defrag
echo never > /sys/kernel/mm/transparent_hugepage/enabled
echo 'echo never > /sys/kernel/mm/transparent_hugepage/defrag'  >> /etc/rc.local
echo 'echo never > /sys/kernel/mm/transparent_hugepage/enabled'  >> /etc/rc.local

cat <<-EOF >> /etc/sysctl.conf
vm.swappiness = 0
kernel.sysrq = 1

net.ipv4.neigh.default.gc_stale_time = 120

# see details in https://help.aliyun.com/knowledge_detail/39428.html
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_announce = 2

# see details in https://help.aliyun.com/knowledge_detail/41334.html
net.ipv4.tcp_max_tw_buckets = 262144
net.ipv4.tcp_syncookies = 1

# tcp_max_syn_backlog will only take effect when net.ipv4.tcp_syncookies == 0
# net.ipv4.tcp_max_syn_backlog = 65536
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_slow_start_after_idle = 0

net.ipv6.conf.all.disable_ipv6=1
net.ipv6.conf.default.disable_ipv6=1
net.ipv6.conf.lo.disable_ipv6=1
net.ipv6.conf.all.forwarding = 1
EOF

cat <<EOF > /etc/sysctl.d/k8s.conf
user.max_user_namespaces=0
kernel.softlockup_all_cpu_backtrace=1
kernel.pid_max=4194303
kernel.softlockup_panic=1
fs.file-max=52706963
fs.nr_open=52706963
fs.inotify.max_user_watches=524288
fs.inotify.max_user_instances=16384
fs.inotify.max_queued_events=16384
vm.max_map_count=262144
vm.overcommit_memory=1
vm.panic_on_oom=0
net.core.rmem_max=16777216
net.core.wmem_max=16777216
net.core.netdev_max_backlog=16384
net.core.somaxconn=32768
net.ipv4.ip_forward=1
net.ipv4.tcp_slow_start_after_idle=0
net.ipv4.tcp_rmem=4096 12582912 16777216
net.ipv4.tcp_wmem=4096 12582912 16777216
net.ipv4.neigh.default.gc_thresh3=8192
net.ipv4.neigh.default.gc_thresh2=1024
net.ipv4.tcp_max_syn_backlog=16384
net.bridge.bridge-nf-call-iptables=1
EOF
sysctl -p /etc/sysctl.conf
sysctl -p /etc/sysctl.d/k8s.conf

ulimit -SHn 65535
cat >> /etc/security/limits.conf <<EOF
* soft nofile 655360
* hard nofile 131072
* soft nproc 655350
* hard nproc 655350
* seft memlock unlimited
* hard memlock unlimitedd
EOF