4月 012021
 
#!/bin/bash
#

# Disable SELinux & firewalld
sed -i 's/^SELINUX=enforcing$/SELINUX=disabled/' /etc/selinux/config;
setenforce 0;
systemctl disable firewalld;
systemctl stop firewalld;

# Add User
useradd ops;
usermod -aG wheel ops;
echo "rancherpwd" | passwd --stdin ops;
useradd deployer;
echo "rancherpwd" | passwd --stdin deployer;

# Use containerd as CRI runtime
# https://v1-19.docs.kubernetes.io/docs/setup/production-environment/container-runtimes/
cat <<EOF | tee /etc/modules-load.d/containerd.conf
overlay
br_netfilter
EOF

modprobe overlay;
modprobe br_netfilter;

cat <<EOF | tee /etc/sysctl.d/99-kubernetes-cri.conf
net.bridge.bridge-nf-call-iptables  = 1
net.ipv4.ip_forward                 = 1
net.bridge.bridge-nf-call-ip6tables = 1
EOF

sudo sysctl --system;

# Install Docker CE
# https://docs.docker.com/engine/install/centos/
# dnf list docker-ce --showduplicates | sort -r

dnf makecache;
yum install -y yum-utils device-mapper-persistent-data lvm2 iptables;

yum-config-manager \
    --add-repo https://download.docker.com/linux/centos/docker-ce.repo;
dnf makecache;
yum -y install docker-ce-19.03.15 docker-ce-cli-19.03.15 containerd.io;

# Configure the Docker daemon
https://kubernetes.io/docs/setup/production-environment/container-runtimes/#docker

mkdir /etc/docker;

# Set up the Docker daemon
# http://mirrors.ustc.edu.cn/help/dockerhub.html
# https://help.aliyun.com/document_detail/60750.html

cat <<EOF | tee /etc/docker/daemon.json
{
  "registry-mirrors": ["https://o9w8d6uk.mirror.aliyuncs.com"],
  "exec-opts": ["native.cgroupdriver=systemd"],
  "log-driver": "json-file",
  "log-opts": {
    "max-size": "100m"
  },
  "storage-driver": "overlay2",
  "storage-opts": [
    "overlay2.override_kernel_check=true"
  ]
}
EOF

# Restart Docker and enable on boot
systemctl enable docker;
systemctl daemon-reload;
systemctl start docker;

#
usermod -aG docker deployer;