此篇文档为生产系统K8S环境迁移服务,在全部文档中编号为2,基础环境docker安装。可以配合init.sh使用
环境准备与优化
systemctl stop firewalld
systemctl disable firewalld
sed -i '/SELINUX/{s/permissive/disabled/g}' /etc/selinux/config
sed -i 's/^MAILTO=root/MAILTO=""/g' /etc/crontab
echo "* soft nofile 65535" >> /etc/security/limits.conf
echo "* hard nofile 65535" >> /etc/security/limits.conf
ulimit -a
echo "0" > /proc/sys/vm/swappiness
echo "ulimit -HSn 999999" >> /etc/sysconfig/docker
echo "net.ipv4.ip_local_port_range = 1024 65535" >> /etc/sysctl.conf
echo "net.ipv4.tcp_tw_recycle = 1" >> /etc/sysctl.conf
echo "net.ipv4.tcp_tw_reuse = 1" >> /etc/sysctl.conf
echo "net.core.rmem_max = 16777216" >> /etc/sysctl.conf
echo "net.core.wmem_max = 16777216" >> /etc/sysctl.conf
echo "net.ipv4.tcp_max_syn_backlog = 4096" >> /etc/sysctl.conf
echo "net.ipv4.tcp_syncookies = 1" >> /etc/sysctl.conf
echo "net.core.somaxconn = 1024" >> /etc/sysctl.conf
echo "net.ipv4.tcp_window_scaling = 1" >> /etc/sysctl.conf
echo "net.ipv4.tcp_rmem = 4096 87380 16777216" >> /etc/sysctl.conf
echo "net.ipv4.tcp_wmem = 4096 16384 16777216" >> /etc/sysctl.conf
sysctl -p
目录与配置文件准备
mkdir /server/docker
mkdir /etc/docker
touch /etc/docker/daemon.json
cat /etc/docker/daemon.json <<EOF
{
"registry-mirrors": ["https://*****.mirror.aliyuncs.com"],
"data-root": "/server/docker",
"bip": "172.27.0.1/24",
"exec-opts": ["native.cgroupdriver=systemd"],
"live-restore": true
}
EOF
特别说明,为什么要修改docker的cgroup driver?
1,什么是cgroups? cgroups(Control Groups) 是 linux 内核提供的一种机制 它可以限制、记录任务组所使用的物理资源 它是内核附加在程序上的hook, 使程序运行时对资源的调度触发相应的钩子, 达到资源追踪和限制资源使用的目的
2,cgroupfs是什么? docker默认的Cgroup Driver是cgroupfs cgroupfs是cgroup为给用户提供的操作接口而开发的虚拟文件系统类型, 它和sysfs,proc类似,可以向用户展示cgroup的hierarchy,通知kernel用户对cgroup改动 对cgroup的查询和修改只能通过cgroupfs文件系统来进行
3,为什么要修改为使用systemd? Kubernetes 推荐使用 systemd 来代替 cgroupfs 因为systemd是Kubernetes自带的cgroup管理器, 负责为每个进程分配cgroups, 但docker的cgroup driver默认是cgroupfs,这样就同时运行有两个cgroup控制管理器, 当资源有压力的情况时,有可能出现不稳定的情况 如果不修改配置,会在kubeadm init时有提示:
[WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver.
The recommended driver is "systemd".
Please follow the guide at https://kubernetes.io/docs/setup/cri/
安装
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum makecache fast
yum remove docker docker-common docker-selinux docker-engine
yum install -y docker-ce-19.03.9-3.el7 docker-ce-cli-19.03.9-3.el7 docker-compose containerd.io
启动
systemctl start docker
systemctl enable docker
测试
docker info
docker-compose -v
