1、初始化所有节点环境
Copy ## 桥接的IPv4流量传递到iptables的链
cat > /etc/sysctl.conf << EFO
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EFO
## 生效
sysctl -p /etc/sysctl.conf
## 关闭防火墙
systemctl stop firewalld
systemctl disable firewalld
## 关闭selinux
sed -i 's/enforcing/disabled/' /etc/selinux/config
setenforce 0 # 临时
## 关闭swap
swapoff -a && sed -ri 's/.*swap.*/#&/' /etc/fstab
## 时间同步
yum install ntpdate -y
ntpdate time.windows.com
## 删除已安装的Docker
yum remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-selinux \
docker-engine-selinux \
docker-engine
## 配置repo源
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
yum makecache
yum -y install epel-release
## 显示软件包的多个版本
yum list docker --show-duplicates
## 安装依赖包
yum -y install yum-utils device-mapper-persistent-data lvm2
## 添加软件源信息
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
## 更新并安装Docker-CE
yum makecache fast
yum list docker-ce --show-duplicates
yum -y install docker-ce-24.0.7-1.el7
## 更新xfsprogs
yum -y update xfsprogs
## 启动,设置开机启动
systemctl enable docker
systemctl start docker
## 检查
docker info
docker -v
## 添加 rke 用户, 添加到 docker 组
useradd rke
usermod -aG docker rke
echo "rke" | passwd rke --stdin
#passwd rancher
# 修改ulimit参数
cp /etc/security/limits.conf /etc/security/limits.conf.bak
cat >> /etc/security/limits.conf << EOF
* soft nproc 65535
* hard nproc 65535
* soft nofile 65535
* hard nofile 65535
EOF
echo "ulimit -SHn 65535" >> /etc/profile
echo "ulimit -SHn 65535" >> /etc/rc.local
reboot 2、部署集群(主节点执行)
Copy # 不用切换用户
ssh-keygen
## 将所生成的密钥的公钥分发到各个节点
ssh-copy-id rke@master01
ssh-copy-id rke@woker01
ssh-copy-id rke@woker02
Copy
wget https://github.com/rancher/rke/releases/download/v1.4.11/rke_linux-amd64
mv rke_linux-amd64 /usr/local/bin/rke
chmod +x /usr/local/bin/rke
rke -v
Copy # 参考官网: https://docs.rancher.cn/docs/rke/example-yamls/_index#%E6%9C%80%E5%B0%8F%E6%96%87%E4%BB%B6%E7%A4%BA%E4%BE%8B
''' 只参考
# 运行rke config命令,在当前路径下创建 cluster.yml文件。这条命令会引导您输入创建集群所需的所有参数
# rke config --name cluster.yml
## 加上 --empty ,可以创建一个空白的集群配置文件
# rke config --empty --name cluster.yml
## --print,将cluster.yml文件的内容显示出来
# rke config --print
'''
Copy mkdir /data/rke
cd /data/rke
cat > cluster.yml << EOF
nodes:
- address: 172.19.0.4
internal_address: 172.19.0.4
port: "22"
hostname_override: rke-master01
user: rke
role: [controlplane,etcd]
- address: 172.19.0.9
internal_address: 172.19.0.9
port: "22"
hostname_override: rke-work01
user: rke
role: [worker,etcd]
- address: 172.19.0.12
internal_address: 172.19.0.12
port: "22"
hostname_override: rke-work02
user: rke
role: [worker,etcd]
services:
etcd:
snapshot: true
creation: 5m0s
retention: 24h
EOF
# 构建集群
# rke up --config ./cluster.yml
rke up 返回的最后一行信息应该是 Finished building Kubernetes cluster successfully kube_config_cluster.yml ,您可以使用它控制 Kubernetes 集群。
Copy [root@VM-0-4-centos rke]# ll
total 140
-rw------- 1 root root 122780 Nov 26 20:52 cluster.rkestate # Kubernetes 集群状态文件,包含了获取该集群所有权限的认证凭据,使用 RKE v0.2.0 时才会创建这个文件。
-rw-r----- 1 root root 6588 Nov 26 20:51 cluster.yml # RKE 集群的配置文件。
-rw------- 1 root root 5497 Nov 26 20:51 kube_config_cluster.yml # 该集群的Kubeconfig 文件包含了获取该集群所有权限的认证凭据。 3、安装 kubectl(主节点执行)
Copy wget https://storage.googleapis.com/kubernetes-release/release/v1.26.9/bin/linux/amd64/kubectl
chmod +x kubectl
mv kubectl /usr/local/bin/
kubectl version --client
Copy mkdir ~/.kube
cat kube_config_cluster.yml > ~/.kube/config
Copy [root@VM-0-4-centos rke]# kubectl get node
NAME STATUS ROLES AGE VERSION
rke-master01 Ready controlplane,etcd 9m18s v1.26.9
rke-work01 Ready etcd,worker 9m15s v1.26.9
rke-work02 Ready etcd,worker 9m15s v1.26.9 4、发布应用测试
Copy cat >> nginx.yaml <<EOF
apiVersion : v1
kind : Service
metadata :
labels :
app : nginx-service
name : nginx-service
namespace : default
spec :
ports :
- port : 80
protocol : TCP
targetPort : 80
selector :
app : nginx
sessionAffinity : None
type : ClusterIP
---
apiVersion : apps/v1
kind : Deployment
metadata :
name : nginx-deployment
spec :
selector :
matchLabels :
app : nginx
replicas : 6
template :
metadata :
labels :
app : nginx
spec :
containers :
- name : nginx
image : nginx:1.16.0
ports :
- containerPort : 80
EOF
Copy kubectl apply -f nginx.yaml
kubectl get pod -o wide
kubectl get svc
kubectl delete -f nginx.yaml 5、存储相关
OpenEBS: https://weiliang-ms.github.io/wl-awesome/2.%E5%AE%B9%E5%99%A8/k8s/storage/OpenEBS.html
Rook-Ceph: https://weiliang-ms.github.io/wl-awesome/2.%E5%AE%B9%E5%99%A8/k8s/storage/rook.html
6、集群更新(增加节点、删除节点)
1、初始化新节点、设置免密(不能是root)
2、修改cluster.yml文件的内容,添加(删除)额外的节点,并指定它们在 Kubernetes 集群中的角色
3、rke up --update-only (可能会触发插件或其他组件的重新部署或更新)
6、备份和恢复
注: /opt/rke/etcd-snapshots
官网详细内容: https://docs.rancher.cn/docs/rke/etcd-snapshots/one-time-snapshots/_index/
Copy $ rke etcd snapshot-save --config cluster.yml --name snapshot- ` date + '%Y-%m-%d_%H%M%S'`
$ ls /opt/rke/etcd-snapshots/
snapshot-2023-11-26_220411.zip --- > 刚刚备份的 etcd 数据
Copy rke etcd snapshot-save \
--config cluster.yml \
--name snapshot-name \
--s3 \
--access-key S3_ACCESS_KEY \
--secret-key S3_SECRET_KEY \
--bucket-name s3-bucket-name \
--folder s3-folder-name \
--s3-endpoint s3.amazonaws.com
Copy rke etcd snapshot-restore --config cluster.yml --name snapshot-2023-11-26_220411
Copy rke etcd snapshot-restore \
--config cluster.yml \
--name snapshot-name \
--s3 \
--access-key S3_ACCESS_KEY \
--secret-key S3_SECRET_KEY \
--bucket-name s3-bucket-name \
--folder s3-folder-name \ # Optional - Available as of v0.3.0
--s3-endpoint s3.amazonaws.com 7、千万注意
千万不要执行: rke remove😲 , 会删除所有数据和备份数据 (除非你做了二次备份)
8、Rancher控制面板😁
尽量不在master 和 worker运行: 耗费资源, 最好单独搞台集群去弄
Copy docker run -d --restart=unless-stopped --privileged --name rancher -p 80:80 -p 443:443 rancher/rancher:v2.5.9 Last updated 8 months ago