1. 内核调优

  1. echo "
  2. net.bridge.bridge-nf-call-ip6tables=1
  3. net.bridge.bridge-nf-call-iptables=1
  4. net.ipv4.ip_forward=1
  5. net.ipv4.conf.all.forwarding=1
  6. net.ipv4.neigh.default.gc_thresh1=4096
  7. net.ipv4.neigh.default.gc_thresh2=6144
  8. net.ipv4.neigh.default.gc_thresh3=8192
  9. net.ipv4.neigh.default.gc_interval=60
  10. net.ipv4.neigh.default.gc_stale_time=120
  12. # 参考 https://github.com/prometheus/node_exporter#disabled-by-default
  13. kernel.perf_event_paranoid=-1
  15. #sysctls for k8s node config
  16. net.ipv4.tcp_slow_start_after_idle=0
  17. net.core.rmem_max=16777216
  18. fs.inotify.max_user_watches=524288
  19. kernel.softlockup_all_cpu_backtrace=1
  21. kernel.softlockup_panic=0
  23. kernel.watchdog_thresh=30
  24. fs.file-max=2097152
  25. fs.inotify.max_user_instances=8192
  26. fs.inotify.max_queued_events=16384
  27. vm.max_map_count=262144
  28. fs.may_detach_mounts=1
  29. net.core.netdev_max_backlog=16384
  30. net.ipv4.tcp_wmem=4096 12582912 16777216
  31. net.core.wmem_max=16777216
  32. net.core.somaxconn=32768
  33. net.ipv4.ip_forward=1
  34. net.ipv4.tcp_max_syn_backlog=8096
  35. net.ipv4.tcp_rmem=4096 12582912 16777216
  37. net.ipv6.conf.all.disable_ipv6=1
  38. net.ipv6.conf.default.disable_ipv6=1
  39. net.ipv6.conf.lo.disable_ipv6=1
  41. kernel.yama.ptrace_scope=0
  42. vm.swappiness=0
  44. # 可以控制core文件的文件名中是否添加pid作为扩展。
  45. kernel.core_uses_pid=1
  47. # Do not accept source routing
  48. net.ipv4.conf.default.accept_source_route=0
  49. net.ipv4.conf.all.accept_source_route=0
  51. # Promote secondary addresses when the primary address is removed
  52. net.ipv4.conf.default.promote_secondaries=1
  53. net.ipv4.conf.all.promote_secondaries=1
  55. # Enable hard and soft link protection
  56. fs.protected_hardlinks=1
  57. fs.protected_symlinks=1
  59. # 源路由验证
  60. # see details in https://help.aliyun.com/knowledge_detail/39428.html
  61. net.ipv4.conf.all.rp_filter=0
  62. net.ipv4.conf.default.rp_filter=0
  63. net.ipv4.conf.default.arp_announce = 2
  64. net.ipv4.conf.lo.arp_announce=2
  65. net.ipv4.conf.all.arp_announce=2
  67. # see details in https://help.aliyun.com/knowledge_detail/41334.html
  68. net.ipv4.tcp_max_tw_buckets=5000
  69. net.ipv4.tcp_syncookies=1
  70. net.ipv4.tcp_fin_timeout=30
  71. net.ipv4.tcp_synack_retries=2
  72. kernel.sysrq=1
  76. " >> /etc/sysctl.conf

接着执行sysctl -p

2. nofile

  1. cat >> /etc/security/limits.conf <<EOF
  2. * soft nofile 65535
  3. * hard nofile 65536
  4. EOF