Myluzh Blog

K8S笔记-通过RKE部署集群并安装Rancher

发布时间: 2023-9-25 文章作者: myluzh 分类名称: Kubernetes

---

0x01 介绍

rke版本：v1.4.8 

k8s版本：v1.26.7   

rancher版本v2.7.6

master 10.206.16.10 centos7.9 role: [controlplane, worker, etcd]

node1 10.206.16.11 centos7.9 role: [worker, etcd]

node2 10.206.16.12 centos7.9 role: [worker, etcd]

0x02 初始配置

1、修改hostname

#10.206.16.10
hostnamectl set-hostname master
#10.206.16.11
hostnamectl set-hostname node1
#10.206.16.12
hostnamectl set-hostname node2

2、修改/etc/hosts

sudo bash -c 'cat << EOF >> /etc/hosts
10.206.16.10 master
10.206.16.11 node1
10.206.16.12 node2
EOF'

3、关闭selinux与firewalld

setenforce 0
sed -i --follow-symlinks 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux

systemctl status firewalld
systemctl stop firewalld
systemctl disable firewalld

4、安装docker

yum -y install yum-utils
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
# 查找docker-ce版本
# 支持docker版本如下 [1.13.x 17.03.x 17.06.x 17.09.x 18.06.x 18.09.x 19.03.x 20.10.x 23.0.x] 
yum list docker-ce.x86_64 --showduplicates | sort -r
#安装指定版本
yum -y install docker-ce-18.06.3.ce-3.el7

systemctl enable docker
systemctl start docker

cat <<EOF > daemon.json
{
 "exec-opts": ["native.cgroupdriver=systemd"],
 "registry-mirrors": ["https://docker.mirrors.ustc.edu.cn"]
}
EOF
mv daemon.json /etc/docker/

systemctl daemon-reload
systemctl restart docker

5、sysctl配置

# Enable IPv4 kernel forwarding
echo "net.ipv4.ip_forward=1" | sudo tee -a /etc/sysctl.conf

# Enable IPv6 kernel forwarding (if needed)
echo "net.ipv6.conf.all.forwarding=1" | sudo tee -a /etc/sysctl.conf

# Pass bridged IPv4 and IPv6 traffic to iptables chains
echo "net.bridge.bridge-nf-call-ip6tables = 1" | sudo tee -a /etc/sysctl.conf
echo "net.bridge.bridge-nf-call-iptables = 1" | sudo tee -a /etc/sysctl.conf

# Apply the changes
sudo sysctl -p

0x03 安装kubectl

通过二进制安装

# 下载
curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
# 安装
sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl
# 测试
kubectl version --client

通过yum安装

# 配置repo源
cat <<EOF > kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
mv kubernetes.repo /etc/yum.repos.d/
# 安装
yum install -y kubectl

0x04 安装rke

1、安装rke

# Download the RKE binary
curl -LO https://github.com/rancher/rke/releases/download/v1.4.8/rke_linux-amd64
# Copy the RKE binary to a folder in your $PATH and rename it rke
sudo install -o root -g root -m 0755 rke_linux-amd64 /usr/local/bin/rke
# Run rke command to test
rke --version

2、ssh免密配置

# 创建用户: rke
useradd rke
# 设置用户密码
echo 123.com | passwd --stdin rke
# 将用户添加到 docker 组中
usermod -aG docker rke
# 将用户添加到 sudo 组中 (不推荐)
# usermod -aG wheel rke

# 配置rke用户免密登录
ssh-keygen -t rsa
ssh-copy-id rke@10.206.16.10
ssh-copy-id rke@10.206.16.11
ssh-copy-id rke@10.206.16.12 

3、创建cluster.yaml，后面rke启动集群需要的配置信息

nodes:
- address: 10.206.16.10
  user: rke
  role: [controlplane, worker, etcd]
- address: 10.206.16.11
  user: rke
  role: [worker, etcd]
- address: 10.206.16.12
  user: rke
  role: [worker, etcd]

services:
  etcd:
    snapshot: true
    creation: 6h
    retention: 24h

# Required for external TLS termination 
# with ingress-nginx v0.22+
ingress:
  provider: nginx
  options:
    use-forwarded-headers: "true"

kubernetes_version: v1.25.6-rancher4-1

# 也可以使用此命令交互式创建 cluster.yml
rke config --name cluster.yml

4、运行RKE命令启动RKE集群

rke up --config ./cluster.yaml

提示Finished building Kubernetes cluster successfully 就是成功了。 

如果提示错误：WARN[0000] [state] can't fetch legacy cluster state from Kubernetes: Cluster must have at least one etcd plane host: failed to connect to the following etcd host(s)解决如下：

# 修改AllowTcpForwarding为yes
sudo sed -i 's/#\?AllowTcpForwarding.*/AllowTcpForwarding yes/' /etc/ssh/sshd_config
# 重启sshd
sudo systemctl restart sshd

5、测试集群

cd ~/rke/
# kube_config_cluster.yaml是rke run之后生成的一个配置文件
# 配置集群管理文件
export KUBECONFIG=$(pwd)/kube_config_cluster.yaml 
# 也可以用下面命令配置集群管理
cp kube_config_cluster.yaml /root/.kube/config
# 检查集群node,pod健康状况
kubectl get nodes
kubectl get pods --all-namespaces

0x05 安装helm

# 国内加速源安装helm
wget https://mirrors.huaweicloud.com/helm/v3.9.4/helm-v3.9.4-linux-amd64.tar.gz
tar -zxvf helm-v3.9.4-linux-amd64.tar.gz
sudo cp linux-amd64/helm /usr/local/bin/
helm version

0x06 安装rancher

方式一：使用helm安装rancher

1、添加repo

helm repo add rancher-stable https://releases.rancher.com/server-charts/stable 

2、创建namespace

kubectl create namespace cattle-system 

3、安装证书管理工具

# If you have installed the CRDs manually instead of with the `--set installCRDs=true` option added to your Helm install command,you should upgrade your CRD resources before upgrading the Helm chart:
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.11.0/cert-manager.crds.yaml
# Add the Jetstack Helm repository
helm repo add jetstack https://charts.jetstack.io
# Update your local Helm chart repository cache
helm repo update
# Install the cert-manager Helm chart
helm install cert-manager jetstack/cert-manager \
  --namespace cert-manager \
  --create-namespace \
  --version v1.11.0
  
#Once you’ve installed cert-manager, you can verify it is deployed correctly by checking the cert-manager namespace for running pods:
kubectl get pods --namespace cert-manager

4、使用helm安装rancher命令

helm install rancher rancher-stable/rancher \
  --namespace cattle-system \
  --set hostname=rancher.my.org \
  --set bootstrapPassword=admin \
  --set ingress.tls.source=secret

方式二：使用 Docker 将 Rancher 安装到单个节点中（简单）

官方手册：https://ranchermanager.docs.rancher.com/zh/pages-for-subheaders/rancher-on-a-single-node-with-docker

1、直接使用docker命令即可

# 由于我这边k8s集群版本是 v1.26.7，需要安装兼容的rancher版本v2.7.6
# Rancher支持矩阵：https://www.suse.com/suse-rancher/support-matrix/all-supported-versions/rancher-v2-7-6/
docker run -d --restart=unless-stopped --privileged --name rancher -p 9080:80 -p 9443:443 rancher/rancher:v2.7.6

2、访问容器主机地址+暴露端口，要用ssl端口访问。

标签: k8s 集群 rke rancher

评论：