0x01 介绍
rke版本:v1.4.8
k8s版本:v1.26.7
rancher版本v2.7.6
master 10.206.16.10 centos7.9 role: [controlplane, worker, etcd]
node1 10.206.16.11 centos7.9 role: [worker, etcd]
node2 10.206.16.12 centos7.9 role: [worker, etcd]
0x02 初始配置
1、修改hostname
#10.206.16.10
hostnamectl set-hostname master
#10.206.16.11
hostnamectl set-hostname node1
#10.206.16.12
hostnamectl set-hostname node2
2、修改/etc/hosts
sudo bash -c 'cat << EOF >> /etc/hosts
10.206.16.10 master
10.206.16.11 node1
10.206.16.12 node2
EOF'
3、关闭selinux与firewalld
setenforce 0
sed -i --follow-symlinks 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux
systemctl status firewalld
systemctl stop firewalld
systemctl disable firewalld
4、安装docker
yum -y install yum-utils
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
# 查找docker-ce版本
# 支持docker版本如下 [1.13.x 17.03.x 17.06.x 17.09.x 18.06.x 18.09.x 19.03.x 20.10.x 23.0.x]
yum list docker-ce.x86_64 --showduplicates | sort -r
#安装指定版本
yum -y install docker-ce-18.06.3.ce-3.el7
systemctl enable docker
systemctl start docker
cat <<EOF > daemon.json
{
"exec-opts": ["native.cgroupdriver=systemd"],
"registry-mirrors": ["https://docker.mirrors.ustc.edu.cn"]
}
EOF
mv daemon.json /etc/docker/
systemctl daemon-reload
systemctl restart docker
5、sysctl配置
# Enable IPv4 kernel forwarding
echo "net.ipv4.ip_forward=1" | sudo tee -a /etc/sysctl.conf
# Enable IPv6 kernel forwarding (if needed)
echo "net.ipv6.conf.all.forwarding=1" | sudo tee -a /etc/sysctl.conf
# Pass bridged IPv4 and IPv6 traffic to iptables chains
echo "net.bridge.bridge-nf-call-ip6tables = 1" | sudo tee -a /etc/sysctl.conf
echo "net.bridge.bridge-nf-call-iptables = 1" | sudo tee -a /etc/sysctl.conf
# Apply the changes
sudo sysctl -p
0x03 安装kubectl
通过二进制安装
# 下载
curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
# 安装
sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl
# 测试
kubectl version --client
通过yum安装
# 配置repo源
cat <<EOF > kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
mv kubernetes.repo /etc/yum.repos.d/
# 安装
yum install -y kubectl
0x04 安装rke
1、安装rke
# Download the RKE binary
curl -LO https://github.com/rancher/rke/releases/download/v1.4.8/rke_linux-amd64
# Copy the RKE binary to a folder in your $PATH and rename it rke
sudo install -o root -g root -m 0755 rke_linux-amd64 /usr/local/bin/rke
# Run rke command to test
rke --version
2、ssh免密配置
# 创建用户: rke
useradd rke
# 设置用户密码
echo 123.com | passwd --stdin rke
# 将用户添加到 docker 组中
usermod -aG docker rke
# 将用户添加到 sudo 组中 (不推荐)
# usermod -aG wheel rke
# 配置rke用户免密登录
ssh-keygen -t rsa
ssh-copy-id rke@10.206.16.10
ssh-copy-id rke@10.206.16.11
ssh-copy-id rke@10.206.16.12
3、创建cluster.yaml,后面rke启动集群需要的配置信息
nodes:
- address: 10.206.16.10
user: rke
role: [controlplane, worker, etcd]
- address: 10.206.16.11
user: rke
role: [worker, etcd]
- address: 10.206.16.12
user: rke
role: [worker, etcd]
services:
etcd:
snapshot: true
creation: 6h
retention: 24h
# Required for external TLS termination
# with ingress-nginx v0.22+
ingress:
provider: nginx
options:
use-forwarded-headers: "true"
kubernetes_version: v1.25.6-rancher4-1
# 也可以使用此命令交互式创建 cluster.yml
rke config --name cluster.yml
4、运行RKE命令启动RKE集群
rke up --config ./cluster.yaml
提示Finished building Kubernetes cluster successfully 就是成功了。
如果提示错误:WARN[0000] [state] can't fetch legacy cluster state from Kubernetes: Cluster must have at least one etcd plane host: failed to
connect to the following etcd host(s)解决如下:
# 修改AllowTcpForwarding为yes
sudo sed -i 's/#\?AllowTcpForwarding.*/AllowTcpForwarding yes/' /etc/ssh/sshd_config
# 重启sshd
sudo systemctl restart sshd
5、测试集群
cd ~/rke/
# kube_config_cluster.yaml是rke run之后生成的一个配置文件
# 配置集群管理文件
export KUBECONFIG=$(pwd)/kube_config_cluster.yaml
# 也可以用下面命令配置集群管理
cp kube_config_cluster.yaml /root/.kube/config
# 检查集群node,pod健康状况
kubectl get nodes
kubectl get pods --all-namespaces
0x05 安装helm
# 国内加速源安装helm
wget https://mirrors.huaweicloud.com/helm/v3.9.4/helm-v3.9.4-linux-amd64.tar.gz
tar -zxvf helm-v3.9.4-linux-amd64.tar.gz
sudo cp linux-amd64/helm /usr/local/bin/
helm version
0x06 安装rancher
方式一:使用helm安装rancher
1、添加repo
helm repo add rancher-stable https://releases.rancher.com/server-charts/stable
2、创建namespace
kubectl create namespace cattle-system
3、安装证书管理工具
# If you have installed the CRDs manually instead of with the `--set installCRDs=true` option added to your Helm install command,you should upgrade your CRD resources before upgrading the Helm chart:
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.11.0/cert-manager.crds.yaml
# Add the Jetstack Helm repository
helm repo add jetstack https://charts.jetstack.io
# Update your local Helm chart repository cache
helm repo update
# Install the cert-manager Helm chart
helm install cert-manager jetstack/cert-manager \
--namespace cert-manager \
--create-namespace \
--version v1.11.0
#Once you’ve installed cert-manager, you can verify it is deployed correctly by checking the cert-manager namespace for running pods:
kubectl get pods --namespace cert-manager
4、使用helm安装rancher命令
helm install rancher rancher-stable/rancher \
--namespace cattle-system \
--set hostname=rancher.my.org \
--set bootstrapPassword=admin \
--set ingress.tls.source=secret
方式二:使用 Docker 将 Rancher 安装到单个节点中(简单)
官方手册:https://ranchermanager.docs.rancher.com/zh/pages-for-subheaders/rancher-on-a-single-node-with-docker
1、直接使用docker命令即可
# 由于我这边k8s集群版本是 v1.26.7,需要安装兼容的rancher版本v2.7.6
# Rancher支持矩阵:https://www.suse.com/suse-rancher/support-matrix/all-supported-versions/rancher-v2-7-6/
docker run -d --restart=unless-stopped --privileged --name rancher -p 9080:80 -p 9443:443 rancher/rancher:v2.7.6
2、访问容器主机地址+暴露端口,要用ssl端口访问。
2023-12-13 16:52