rke方式安装k8s集群

一、新机环境准备

1.1主机名设置

复制代码

hostnamectl  set-hostname  XXX

1.2 主机名与ip地址解析

vim /etc/hosts

复制代码

192.168.0.140  rke
192.168.0.147  master1
192.168.0.152  node1
192.168.0.153  node2

1.3安装docker

复制代码

tar -xf docker-20.10.24.tgz
cp ${SHELL_FOLDER}/docker/* /usr/bin/
mkdir /etc/docker

cat >>/usr/lib/systemd/system/docker.service<<eof
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service
Wants=network-online.target
[Service]
Type=notify
ExecStart=/usr/bin/dockerd
ExecReload=/bin/kill -s HUP \$MAINPID
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
TimeoutStartSec=0
Delegate=yes
KillMode=process
Restart=on-failure
StartLimitBurst=3
StartLimitInterval=60s
[Install]
WantedBy=multi-user.target
eof

vim /etc/docker/daemon.json

复制代码

{
	"log-driver": "json-file",
	"log-opts": {
		"max-size": "10m",
		"max-file": "3"
	},
	"exec-opts": ["native.cgroupdriver=systemd"],
	"insecure-registries":["mirrors.com:80"],
	"storage-driver": "overlay2",
	"storage-opts": [
		"overlay2.override_kernel_check=true"
	]
}

systemctl daemon-reload
systemctl enable docker
systemctl start docker

1.4修改内核参数

复制代码

vim /etc/sysctl.d/90-k8s.conf
vm.swappiness=0
net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1
net.ipv4.ip_local_port_range = 1024     65000
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.neigh.default.gc_thresh1=4096
net.ipv4.neigh.default.gc_thresh2=6144
net.ipv4.neigh.default.gc_thresh3=8192

1.5修改句柄数可进程数

复制代码

cat >>/etc/security/limits.d/90-nofile.conf<<eof
*      soft   nofile 131070
*      hard   nofile 131070
root   soft   nofile unlimited
eof

cat >>/etc/security/limits.d/90-nproc.conf<<eof
*      soft   nproc 102400
*      hard   nproc 102400
root   soft   nproc unlimited
eof

1.6关闭防火墙和swap分区

复制代码

systemctl stop firewalld && setenforce 0
sed  -ri  's/.*swap/#&/'  /etc/fstab
swapoff -a

1.7 添加rke用户

复制代码

useradd rke
usermod  -aG  docker  rke
echo 123 | passwd --stdin rke
mkdir /home/rke/.ssh

二、部署rke

2.1下载rke工具

下载地址

复制代码

https://github.com/rancher/rke/releases/download/v1.4.5/rke_linux-amd64

2.2rke机器对其他节点做免密

复制代码

ssh-copy-id rke@192.168.0.147
ssh-copy-id rke@192.168.0.152
ssh-copy-id rke@192.168.0.153

chown apps:apps -R /home/rke/.ssh
chmod 700 /home/rke/.ssh
chmod 600 /home/rke/.ssh/authorized_keys

2.3 rke配置与cluster文件

复制代码

mv   rke_linux-amd64   /usr/local/bin/rke
chmod  +x  /usr/local/bin/rke
ln  -s  /usr/local/bin/rke  /usr/bin/rke
rke --version

vim cluster.yaml

复制代码

nodes:
  - address: 192.168.0.147 # master节点IP
    user: root
    role: ["controlplane", "etcd", "worker"]
    ssh_key_path: /root/.ssh/id_rsa
  - address: 192.168.0.152 # node节点 IP
    user: root
    role: ["worker"]
    ssh_key_path: /root/.ssh/id_rsa
  - address: 192.168.0.153 # node节点 IP
    user: root
    role: ["worker"]
    ssh_key_path: /root/.ssh/id_rsa
upgrade_strategy:
  max_unavailable_worker: 50%
  max_unavailable_controlplane: 1
  drain: false
ignore_docker_version: true
kubernetes_version: "v1.21.14-rancher1-1"
network:
   plugin: calico
services:
    etcd:
      snapshot: true
      creation: 6h
      retention: 24h
    kube-api:
      extra_args:
        enable-admission-plugins: "NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,DefaultTolerationSeconds,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota,NodeRestriction,Priority,TaintNodesByCondition,PersistentVolumeClaimResize,PodNodeSelector"

三、集群部署

复制代码

rke up     #拉起集群
如果报错失败，可以根据报错修改或者
rke remove 之后重新拉起集群

四、安装kubectl(master节点)

复制代码

wget  https://storage.googleapis.com/kubernetes-release/release/v1.27.2/bin/linux/amd64/kubectl
chmod  +x  kubectl
mv  kubectl  /usr/local/bin
mkdir -p /root/.kube/config
将rke节点上生成的kube_config_cluster.yml  scp到 /root/.kube/config。即可使用kubectl命令