Myluzh Blog

K8S笔记-通过RKE部署集群并安装Rancher

发布时间: 2023-9-25 文章作者: myluzh 分类名称: Kubernetes 朗读文章

0x01 介绍

rke版本:v1.4.8 

k8s版本:v1.26.7   

rancher版本v2.7.6

master 10.206.16.10 centos7.9 role: [controlplane, worker, etcd]

node1 10.206.16.11 centos7.9 role: [worker, etcd]

node2 10.206.16.12 centos7.9 role: [worker, etcd]

0x02 初始配置

1、修改hostname

复制代码
  1. #10.206.16.10
  2. hostnamectl set-hostname master
  3. #10.206.16.11
  4. hostnamectl set-hostname node1
  5. #10.206.16.12
  6. hostnamectl set-hostname node2

2、修改/etc/hosts

复制代码
  1. sudo bash -c 'cat << EOF >> /etc/hosts
  2. 10.206.16.10 master
  3. 10.206.16.11 node1
  4. 10.206.16.12 node2
  5. EOF'

3、关闭selinux与firewalld

复制代码
  1. setenforce 0
  2. sed -i --follow-symlinks 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux
复制代码
  1. systemctl status firewalld
  2. systemctl stop firewalld
  3. systemctl disable firewalld

4、安装docker

复制代码
  1. yum -y install yum-utils
  2. yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
  3. # 查找docker-ce版本
  4. # 支持docker版本如下 [1.13.x 17.03.x 17.06.x 17.09.x 18.06.x 18.09.x 19.03.x 20.10.x 23.0.x] 
  5. yum list docker-ce.x86_64 --showduplicates | sort -r
  6. #安装指定版本
  7. yum -y install docker-ce-18.06.3.ce-3.el7
复制代码
  1. systemctl enable docker
  2. systemctl start docker
  3.  
  4. cat <<EOF > daemon.json
  5. {
  6.  "exec-opts": ["native.cgroupdriver=systemd"],
  7.  "registry-mirrors": ["https://docker.mirrors.ustc.edu.cn"]
  8. }
  9. EOF
  10. mv daemon.json /etc/docker/
  11.  
  12. systemctl daemon-reload
  13. systemctl restart docker

5、sysctl配置

复制代码
  1. # Enable IPv4 kernel forwarding
  2. echo "net.ipv4.ip_forward=1" | sudo tee -a /etc/sysctl.conf
  3.  
  4. # Enable IPv6 kernel forwarding (if needed)
  5. echo "net.ipv6.conf.all.forwarding=1" | sudo tee -a /etc/sysctl.conf
  6.  
  7. # Pass bridged IPv4 and IPv6 traffic to iptables chains
  8. echo "net.bridge.bridge-nf-call-ip6tables = 1" | sudo tee -a /etc/sysctl.conf
  9. echo "net.bridge.bridge-nf-call-iptables = 1" | sudo tee -a /etc/sysctl.conf
  10.  
  11. # Apply the changes
  12. sudo sysctl -p

0x03 安装kubectl

通过二进制安装

复制代码
  1. # 下载
  2. curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
  3. # 安装
  4. sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl
  5. # 测试
  6. kubectl version --client

通过yum安装

复制代码
  1. # 配置repo源
  2. cat <<EOF > kubernetes.repo
  3. [kubernetes]
  4. name=Kubernetes
  5. baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
  6. enabled=1
  7. gpgcheck=0
  8. repo_gpgcheck=0
  9. gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
  10. EOF
  11. mv kubernetes.repo /etc/yum.repos.d/
  12. # 安装
  13. yum install -y kubectl

0x04 安装rke

1、安装rke

复制代码
  1. # Download the RKE binary
  2. curl -LO https://github.com/rancher/rke/releases/download/v1.4.8/rke_linux-amd64
  3. # Copy the RKE binary to a folder in your $PATH and rename it rke
  4. sudo install -o root -g root -m 0755 rke_linux-amd64 /usr/local/bin/rke
  5. # Run rke command to test
  6. rke --version

2、ssh免密配置
复制代码
  1. # 创建用户: rke
  2. useradd rke
  3. # 设置用户密码
  4. echo 123.com | passwd --stdin rke
  5. # 将用户添加到 docker 组中
  6. usermod -aG docker rke
  7. # 将用户添加到 sudo 组中 (不推荐)
  8. # usermod -aG wheel rke
  9.  
  10. # 配置rke用户免密登录
  11. ssh-keygen -t rsa
  12. ssh-copy-id rke@10.206.16.10
  13. ssh-copy-id rke@10.206.16.11
  14. ssh-copy-id rke@10.206.16.12

3、创建cluster.yaml,后面rke启动集群需要的配置信息

复制代码
  1. nodes:
  2. - address: 10.206.16.10
  3.   user: rke
  4.   role: [controlplane, worker, etcd]
  5. - address: 10.206.16.11
  6.   user: rke
  7.   role: [worker, etcd]
  8. - address: 10.206.16.12
  9.   user: rke
  10.   role: [worker, etcd]
  11.  
  12. services:
  13.   etcd:
  14.     snapshot: true
  15.     creation: 6h
  16.     retention: 24h
  17.  
  18. # Required for external TLS termination 
  19. # with ingress-nginx v0.22+
  20. ingress:
  21.   provider: nginx
  22.   options:
  23.     use-forwarded-headers: "true"
  24.  
  25. kubernetes_version: v1.25.6-rancher4-1
复制代码
  1. # 也可以使用此命令交互式创建 cluster.yml
  2. rke config --name cluster.yml
4、运行RKE命令启动RKE集群
复制代码
  1. rke up --config ./cluster.yaml

提示Finished building Kubernetes cluster successfully 就是成功了。 

如果提示错误:WARN[0000] [state] can't fetch legacy cluster state from Kubernetes: Cluster must have at least one etcd plane host: failed to connect to the following etcd host(s)解决如下:

复制代码
  1. # 修改AllowTcpForwarding为yes
  2. sudo sed -i 's/#\?AllowTcpForwarding.*/AllowTcpForwarding yes/' /etc/ssh/sshd_config
  3. # 重启sshd
  4. sudo systemctl restart sshd

5、测试集群

复制代码
  1. cd ~/rke/
  2. # kube_config_cluster.yaml是rke run之后生成的一个配置文件
  3. # 配置集群管理文件
  4. export KUBECONFIG=$(pwd)/kube_config_cluster.yaml 
  5. # 也可以用下面命令配置集群管理
  6. cp kube_config_cluster.yaml /root/.kube/config
  7. # 检查集群node,pod健康状况
  8. kubectl get nodes
  9. kubectl get pods --all-namespaces

0x05 安装helm

复制代码
  1. # 国内加速源安装helm
  2. wget https://mirrors.huaweicloud.com/helm/v3.9.4/helm-v3.9.4-linux-amd64.tar.gz
  3. tar -zxvf helm-v3.9.4-linux-amd64.tar.gz
  4. sudo cp linux-amd64/helm /usr/local/bin/
  5. helm version

0x06 安装rancher

方式一:使用helm安装rancher

1、添加repo

复制代码
  1. helm repo add rancher-stable https://releases.rancher.com/server-charts/stable

2、创建namespace

复制代码
  1. kubectl create namespace cattle-system

3、安装证书管理工具

复制代码
  1. # If you have installed the CRDs manually instead of with the `--set installCRDs=true` option added to your Helm install command,you should upgrade your CRD resources before upgrading the Helm chart:
  2. kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.11.0/cert-manager.crds.yaml
  3. # Add the Jetstack Helm repository
  4. helm repo add jetstack https://charts.jetstack.io
  5. # Update your local Helm chart repository cache
  6. helm repo update
  7. # Install the cert-manager Helm chart
  8. helm install cert-manager jetstack/cert-manager \
  9.   --namespace cert-manager \
  10.   --create-namespace \
  11.   --version v1.11.0
  12.   
  13. #Once you’ve installed cert-manager, you can verify it is deployed correctly by checking the cert-manager namespace for running pods:
  14. kubectl get pods --namespace cert-manager

4、使用helm安装rancher命令

复制代码
  1. helm install rancher rancher-stable/rancher \
  2.   --namespace cattle-system \
  3.   --set hostname=rancher.my.org \
  4.   --set bootstrapPassword=admin \
  5.   --set ingress.tls.source=secret

方式二:使用 Docker 将 Rancher 安装到单个节点中(简单)

官方手册:https://ranchermanager.docs.rancher.com/zh/pages-for-subheaders/rancher-on-a-single-node-with-docker

1、直接使用docker命令即可

复制代码
  1. # 由于我这边k8s集群版本是 v1.26.7,需要安装兼容的rancher版本v2.7.6
  2. # Rancher支持矩阵:https://www.suse.com/suse-rancher/support-matrix/all-supported-versions/rancher-v2-7-6/
  3. docker run -d --restart=unless-stopped --privileged --name rancher -p 9080:80 -p 9443:443 rancher/rancher:v2.7.6

2、访问容器主机地址+暴露端口,要用ssl端口访问。



标签: k8s 集群 rke rancher

« 博科存储光交CLI常用命令 | K8s笔记-Helm»

评论:

冬天里的火
2023-12-13 16:52
可以,现在弄k8s 的越来越多了,确实都需要积极研究与探索了。
回复

发表评论