Rke集群
Last updated
Last updated
172.19.0.4
centos7.x
172.19.0.9
centos7.x
172.19.0.12
centos7.x
cat init_rke_env.sh🤗
## 桥接的IPv4流量传递到iptables的链
cat > /etc/sysctl.conf << EFO
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EFO
## 生效
sysctl -p /etc/sysctl.conf
# 不用切换用户
ssh-keygen
## 将所生成的密钥的公钥分发到各个节点
ssh-copy-id rke@master01
ssh-copy-id rke@woker01
ssh-copy-id rke@woker02
wget https://github.com/rancher/rke/releases/download/v1.4.11/rke_linux-amd64
mv rke_linux-amd64 /usr/local/bin/rke
chmod +x /usr/local/bin/rke
rke -v
# 参考官网: https://docs.rancher.cn/docs/rke/example-yamls/_index#%E6%9C%80%E5%B0%8F%E6%96%87%E4%BB%B6%E7%A4%BA%E4%BE%8B
''' 只参考
# 运行rke config命令,在当前路径下创建 cluster.yml文件。这条命令会引导您输入创建集群所需的所有参数
# rke config --name cluster.yml
## 加上 --empty ,可以创建一个空白的集群配置文件
# rke config --empty --name cluster.yml
## --print,将cluster.yml文件的内容显示出来
# rke config --print
'''
mkdir /data/rke
cd /data/rke
cat > cluster.yml <<EOF
nodes:
- address: 172.19.0.4
internal_address: 172.19.0.4
port: "22"
hostname_override: rke-master01
user: rke
role: [controlplane,etcd]
- address: 172.19.0.9
internal_address: 172.19.0.9
port: "22"
hostname_override: rke-work01
user: rke
role: [worker,etcd]
- address: 172.19.0.12
internal_address: 172.19.0.12
port: "22"
hostname_override: rke-work02
user: rke
role: [worker,etcd]
services:
etcd:
snapshot: true
creation: 5m0s
retention: 24h
EOF
# 构建集群
# rke up --config ./cluster.yml
rke up
返回的最后一行信息应该是 Finished building Kubernetes cluster successfully,表示成功部署集群,可以开始使用集群。在创建 Kubernetes 集群的过程中,会创建一个kubeconfig 文件,它的文件名称是 kube_config_cluster.yml,您可以使用它控制 Kubernetes 集群。
记得保存好你的集群文件
[root@VM-0-4-centos rke]# ll
total 140
-rw------- 1 root root 122780 Nov 26 20:52 cluster.rkestate # Kubernetes 集群状态文件,包含了获取该集群所有权限的认证凭据,使用 RKE v0.2.0 时才会创建这个文件。
-rw-r----- 1 root root 6588 Nov 26 20:51 cluster.yml # RKE 集群的配置文件。
-rw------- 1 root root 5497 Nov 26 20:51 kube_config_cluster.yml # 该集群的Kubeconfig 文件包含了获取该集群所有权限的认证凭据。
wget https://storage.googleapis.com/kubernetes-release/release/v1.26.9/bin/linux/amd64/kubectl
chmod +x kubectl
mv kubectl /usr/local/bin/
kubectl version --client
加载k8s环境
mkdir ~/.kube
cat kube_config_cluster.yml > ~/.kube/config
查看节点
[root@VM-0-4-centos rke]# kubectl get node
NAME STATUS ROLES AGE VERSION
rke-master01 Ready controlplane,etcd 9m18s v1.26.9
rke-work01 Ready etcd,worker 9m15s v1.26.9
rke-work02 Ready etcd,worker 9m15s v1.26.9
cat >> nginx.yaml <<EOF
apiVersion: v1
kind: Service
metadata:
labels:
app: nginx-service
name: nginx-service
namespace: default
spec:
ports:
- port: 80
protocol: TCP
targetPort: 80
selector:
app: nginx
sessionAffinity: None
type: ClusterIP
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
spec:
selector:
matchLabels:
app: nginx
replicas: 6
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:1.16.0
ports:
- containerPort: 80
EOF
kubectl apply -f nginx.yaml
kubectl get pod -o wide
kubectl get svc
kubectl delete -f nginx.yaml
OpenEBS: https://weiliang-ms.github.io/wl-awesome/2.%E5%AE%B9%E5%99%A8/k8s/storage/OpenEBS.html
Rook-Ceph: https://weiliang-ms.github.io/wl-awesome/2.%E5%AE%B9%E5%99%A8/k8s/storage/rook.html
1、初始化新节点、设置免密(不能是root)
2、修改cluster.yml文件的内容,添加(删除)额外的节点,并指定它们在 Kubernetes 集群中的角色
3、rke up --update-only (可能会触发插件或其他组件的重新部署或更新)
注: 上面我们设置了备份策略,每5分钟备份一次,保存时长 24 小时,默认是保存到: /opt/rke/etcd-snapshots
官网详细内容: https://docs.rancher.cn/docs/rke/etcd-snapshots/one-time-snapshots/_index/
手动备份到本地
$ rke etcd snapshot-save --config cluster.yml --name snapshot-`date +'%Y-%m-%d_%H%M%S'`
$ ls /opt/rke/etcd-snapshots/
snapshot-2023-11-26_220411.zip ---> 刚刚备份的 etcd 数据
手动备份到 S3 (minio)
rke etcd snapshot-save \
--config cluster.yml \
--name snapshot-name \
--s3 \
--access-key S3_ACCESS_KEY \
--secret-key S3_SECRET_KEY \
--bucket-name s3-bucket-name \
--folder s3-folder-name \
--s3-endpoint s3.amazonaws.com
从本地快照恢复集群
rke etcd snapshot-restore --config cluster.yml --name snapshot-2023-11-26_220411
从S3 (minio)快照恢复集群
rke etcd snapshot-restore \
--config cluster.yml \
--name snapshot-name \
--s3 \
--access-key S3_ACCESS_KEY \
--secret-key S3_SECRET_KEY \
--bucket-name s3-bucket-name \
--folder s3-folder-name \ # Optional - Available as of v0.3.0
--s3-endpoint s3.amazonaws.com
千万不要执行: rke remove😲 , 会删除所有数据和备份数据 (除非你做了二次备份)
尽量不在master 和 worker运行: 耗费资源, 最好单独搞台集群去弄
docker run -d --restart=unless-stopped --privileged --name rancher -p 80:80 -p 443:443 rancher/rancher:v2.5.9