拥抱 K8S 系列 -01-CentOS7 安装 docker

cat /etc/redhat-release 
CentOS Linux release 7.7.1908 (Core)
uname -r
3.10.0-1062.el7.x86_64
# 说明：内核版本必须3.10+

【关闭selinux和firewalld】
setenforce 0
sudo sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
systemctl stop firewalld.service && systemctl disable firewalld.service && systemctl mask firewalld.service
【启用iptables】
yum install iptables iptables-services -y
systemctl enable --now iptables
#容器云K8S依赖iptables服务
【主机时间，时区，系统语言】
#For centos-7
yum install -y ntpdate
cat >>/var/spool/cron/root<<-'EOF'
*/30 * * * * /sbin/ntpdate pool.ntp.org &> /tmp/time
EOF
systemctl reload crond.service
ln -snvf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
echo 'export LANG="en_US.UTF-8"' > /etc/profile.d/lang.sh
. /etc/profile.d/lang.sh
【内核/性能调优-limit】
cat >/etc/security/limits.d/limit-prd.conf<<-EOF
*    hard    nofile  1024000
*    soft    nofile  1024000
*    hard    nproc   102400
*    soft    nproc   102400
*    soft    memlock unlimited
*    hard    memlock unlimited
EOF
【内核/性能调优-sysctl】
sed -i 's/^[^#]/#&/g' /etc/sysctl.conf
cat >/etc/sysctl.d/sysctl-prd.conf<<-'EOF'
net.ipv4.ip_local_port_range = 1024  65000
net.ipv4.tcp_rmem = 4096  87380  4194304
net.ipv4.tcp_wmem = 4096  16384  4194304
net.ipv4.tcp_mem = 94500000  915000000  927000000
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_tw_buckets = 6144
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_fin_timeout = 15
net.ipv4.tcp_keepalive_time = 600
net.ipv4.tcp_sack = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_timestamps = 1
net.ipv4.neigh.default.gc_thresh1=4096
net.ipv4.neigh.default.gc_thresh2=6144
net.ipv4.neigh.default.gc_thresh3=8192
net.core.wmem_default = 67108864
net.core.rmem_default = 67108864
net.core.rmem_max = 67108864
net.core.wmem_max = 67108864
net.core.netdev_max_backlog = 262144
net.core.somaxconn = 65535
vm.swappiness = 0
vm.zone_reclaim_mode = 0
vm.dirty_ratio = 60
vm.dirty_background_ratio = 5
vm.max_map_count = 262144
vm.overcommit_memory=1
fs.file-max=65535
EOF
cat <<EOF | sudo tee /etc/sysctl.d/sysctl-k8s.conf
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sudo sysctl --system
【开启大内存页&禁用SWAP】
chmod +x /etc/rc.d/rc.local
cat >>/etc/rc.d/rc.local<<-EOF
echo never > /sys/kernel/mm/transparent_hugepage/enabled
echo never > /sys/kernel/mm/transparent_hugepage/defrag
swapoff -a
EOF
echo never > /sys/kernel/mm/transparent_hugepage/enabled
echo never > /sys/kernel/mm/transparent_hugepage/defrag
swapoff -a
sed -i '/ swap / s/^/#/' /etc/fstab

cd /etc/yum.repos.d/
mv -f  * /tmp
curl -Os https://mirrors.aliyun.com/repo/Centos-7.repo
curl -Os http://mirrors.aliyun.com/repo/epel-7.repo
yum clean all
yum makecache
yum -y install yum-utils device-mapper-persistent-data lvm2 bash-completion

yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

yum makecache fast
yum list docker-ce --showduplicates | sort -r
yum install docker-ce -y
# yum install docker-ce-18.06.3.ce -y

mkdir -pv /etc/docker/
tee /etc/docker/daemon.json <<-'EOF'
{
  "registry-mirrors": [
    "https://dockerhub.azk8s.cn",
    "https://hub-mirror.c.163.com",
    "https://registry.docker-cn.com"
  ],
  "exec-opts": ["native.cgroupdriver=systemd"],
  "selinux-enabled": false,
  "graph": "/data/docker",
  "storage-driver": "overlay2",
  "storage-opts": ["overlay2.overridekernelcheck=true"]
}
EOF
# 说明：
# Docker为OverlayFS提供了两个存储驱动程序:旧版的overlay，新版的overlay2(更稳定)。
# overlay2: Linux内核版本4.0或更高版本，或使用内核版本3.10.0-514+的RHEL或CentOS。

mkdir -pv /data/docker/

systemctl start docker ;systemctl enable docker; systemctl status docker

docker version
docker info | grep -A 1 'Registry Mirrors'
docker info | grep "Docker Root Dir"

# 更多版本请查看 https://github.com/docker/compose/releases/
curl -L https://github.com/docker/compose/releases/download/1.27.0-rc2/docker-compose-Linux-x86_64 > /usr/bin/docker-compose
chmod +x /usr/bin/docker-compose
docker-compose version