Rke集群
节点地址
系统
172.19.0.4
centos7.x
172.19.0.9
centos7.x
172.19.0.12
centos7.x
1、初始化所有节点环境
cat init_rke_env.sh🤗
## 桥接的IPv4流量传递到iptables的链
cat > /etc/sysctl.conf << EFO
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EFO
## 生效
sysctl -p /etc/sysctl.conf
## 关闭防火墙
systemctl stop firewalld
systemctl disable firewalld
## 关闭selinux
sed -i 's/enforcing/disabled/' /etc/selinux/config
setenforce 0 # 临时
## 关闭swap
swapoff -a && sed -ri 's/.*swap.*/#&/' /etc/fstab
## 时间同步
yum install ntpdate -y
ntpdate time.windows.com
## 删除已安装的Docker
yum remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-selinux \
docker-engine-selinux \
docker-engine
## 配置repo源
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
yum makecache
yum -y install epel-release
## 显示软件包的多个版本
yum list docker --show-duplicates
## 安装依赖包
yum -y install yum-utils device-mapper-persistent-data lvm2
## 添加软件源信息
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
## 更新并安装Docker-CE
yum makecache fast
yum list docker-ce --show-duplicates
yum -y install docker-ce-24.0.7-1.el7
## 更新xfsprogs
yum -y update xfsprogs
## 启动,设置开机启动
systemctl enable docker
systemctl start docker
## 检查
docker info
docker -v
## 添加 rke 用户, 添加到 docker 组
useradd rke
usermod -aG docker rke
echo "rke" |passwd rke --stdin
#passwd rancher
# 修改ulimit参数
cp /etc/security/limits.conf /etc/security/limits.conf.bak
cat >>/etc/security/limits.conf <<EOF
* soft nproc 65535
* hard nproc 65535
* soft nofile 65535
* hard nofile 65535
EOF
echo "ulimit -SHn 65535" >> /etc/profile
echo "ulimit -SHn 65535" >> /etc/rc.local
reboot2、部署集群(主节点执行)
# 不用切换用户
ssh-keygen
## 将所生成的密钥的公钥分发到各个节点
ssh-copy-id rke@master01
ssh-copy-id rke@woker01
ssh-copy-id rke@woker02
wget https://github.com/rancher/rke/releases/download/v1.4.11/rke_linux-amd64
mv rke_linux-amd64 /usr/local/bin/rke
chmod +x /usr/local/bin/rke
rke -v# 参考官网: https://docs.rancher.cn/docs/rke/example-yamls/_index#%E6%9C%80%E5%B0%8F%E6%96%87%E4%BB%B6%E7%A4%BA%E4%BE%8B
''' 只参考
# 运行rke config命令,在当前路径下创建 cluster.yml文件。这条命令会引导您输入创建集群所需的所有参数
# rke config --name cluster.yml
## 加上 --empty ,可以创建一个空白的集群配置文件
# rke config --empty --name cluster.yml
## --print,将cluster.yml文件的内容显示出来
# rke config --print
'''mkdir /data/rke
cd /data/rke
cat > cluster.yml <<EOF
nodes:
- address: 172.19.0.4
internal_address: 172.19.0.4
port: "22"
hostname_override: rke-master01
user: rke
role: [controlplane,etcd]
- address: 172.19.0.9
internal_address: 172.19.0.9
port: "22"
hostname_override: rke-work01
user: rke
role: [worker,etcd]
- address: 172.19.0.12
internal_address: 172.19.0.12
port: "22"
hostname_override: rke-work02
user: rke
role: [worker,etcd]
services:
etcd:
snapshot: true
creation: 5m0s
retention: 24h
EOF
# 构建集群
# rke up --config ./cluster.yml
rke up返回的最后一行信息应该是 Finished building Kubernetes cluster successfully,表示成功部署集群,可以开始使用集群。在创建 Kubernetes 集群的过程中,会创建一个kubeconfig 文件,它的文件名称是 kube_config_cluster.yml,您可以使用它控制 Kubernetes 集群。
记得保存好你的集群文件
[root@VM-0-4-centos rke]# ll
total 140
-rw------- 1 root root 122780 Nov 26 20:52 cluster.rkestate # Kubernetes 集群状态文件,包含了获取该集群所有权限的认证凭据,使用 RKE v0.2.0 时才会创建这个文件。
-rw-r----- 1 root root 6588 Nov 26 20:51 cluster.yml # RKE 集群的配置文件。
-rw------- 1 root root 5497 Nov 26 20:51 kube_config_cluster.yml # 该集群的Kubeconfig 文件包含了获取该集群所有权限的认证凭据。3、安装 kubectl(主节点执行)
wget https://storage.googleapis.com/kubernetes-release/release/v1.26.9/bin/linux/amd64/kubectl
chmod +x kubectl
mv kubectl /usr/local/bin/
kubectl version --client加载k8s环境
mkdir ~/.kube
cat kube_config_cluster.yml > ~/.kube/config查看节点
[root@VM-0-4-centos rke]# kubectl get node
NAME STATUS ROLES AGE VERSION
rke-master01 Ready controlplane,etcd 9m18s v1.26.9
rke-work01 Ready etcd,worker 9m15s v1.26.9
rke-work02 Ready etcd,worker 9m15s v1.26.94、发布应用测试
cat >> nginx.yaml <<EOF
apiVersion: v1
kind: Service
metadata:
labels:
app: nginx-service
name: nginx-service
namespace: default
spec:
ports:
- port: 80
protocol: TCP
targetPort: 80
selector:
app: nginx
sessionAffinity: None
type: ClusterIP
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
spec:
selector:
matchLabels:
app: nginx
replicas: 6
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:1.16.0
ports:
- containerPort: 80
EOFkubectl apply -f nginx.yaml
kubectl get pod -o wide
kubectl get svc
kubectl delete -f nginx.yaml5、存储相关
OpenEBS: https://weiliang-ms.github.io/wl-awesome/2.%E5%AE%B9%E5%99%A8/k8s/storage/OpenEBS.html
Rook-Ceph: https://weiliang-ms.github.io/wl-awesome/2.%E5%AE%B9%E5%99%A8/k8s/storage/rook.html
6、集群更新(增加节点、删除节点)
1、初始化新节点、设置免密(不能是root)
2、修改cluster.yml文件的内容,添加(删除)额外的节点,并指定它们在 Kubernetes 集群中的角色
3、rke up --update-only (可能会触发插件或其他组件的重新部署或更新)
6、备份和恢复
注: 上面我们设置了备份策略,每5分钟备份一次,保存时长 24 小时,默认是保存到: /opt/rke/etcd-snapshots
官网详细内容: https://docs.rancher.cn/docs/rke/etcd-snapshots/one-time-snapshots/_index/
手动备份到本地
$ rke etcd snapshot-save --config cluster.yml --name snapshot-`date +'%Y-%m-%d_%H%M%S'`
$ ls /opt/rke/etcd-snapshots/
snapshot-2023-11-26_220411.zip ---> 刚刚备份的 etcd 数据手动备份到 S3 (minio)
rke etcd snapshot-save \
--config cluster.yml \
--name snapshot-name \
--s3 \
--access-key S3_ACCESS_KEY \
--secret-key S3_SECRET_KEY \
--bucket-name s3-bucket-name \
--folder s3-folder-name \
--s3-endpoint s3.amazonaws.com从本地快照恢复集群
rke etcd snapshot-restore --config cluster.yml --name snapshot-2023-11-26_220411从S3 (minio)快照恢复集群
rke etcd snapshot-restore \
--config cluster.yml \
--name snapshot-name \
--s3 \
--access-key S3_ACCESS_KEY \
--secret-key S3_SECRET_KEY \
--bucket-name s3-bucket-name \
--folder s3-folder-name \ # Optional - Available as of v0.3.0
--s3-endpoint s3.amazonaws.com7、千万注意
千万不要执行: rke remove😲 , 会删除所有数据和备份数据 (除非你做了二次备份)
8、Rancher控制面板😁
尽量不在master 和 worker运行: 耗费资源, 最好单独搞台集群去弄
docker run -d --restart=unless-stopped --privileged --name rancher -p 80:80 -p 443:443 rancher/rancher:v2.5.9Last updated