一、新机环境准备
1.1主机名设置
hostnamectl set-hostname XXX1.2 主机名与ip地址解析
vim /etc/hosts
192.168.0.140 rke
192.168.0.147 master1
192.168.0.152 node1
192.168.0.153 node21.3安装docker
tar -xf docker-20.10.24.tgz
cp ${SHELL_FOLDER}/docker/* /usr/bin/
mkdir /etc/docker
cat >>/usr/lib/systemd/system/docker.service<<eof
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service
Wants=network-online.target
[Service]
Type=notify
ExecStart=/usr/bin/dockerd
ExecReload=/bin/kill -s HUP \$MAINPID
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
TimeoutStartSec=0
Delegate=yes
KillMode=process
Restart=on-failure
StartLimitBurst=3
StartLimitInterval=60s
[Install]
WantedBy=multi-user.target
eofvim /etc/docker/daemon.json
{
"log-driver": "json-file",
"log-opts": {
"max-size": "10m",
"max-file": "3"
},
"exec-opts": ["native.cgroupdriver=systemd"],
"insecure-registries":["mirrors.com:80"],
"storage-driver": "overlay2",
"storage-opts": [
"overlay2.override_kernel_check=true"
]
}
systemctl daemon-reload
systemctl enable docker
systemctl start docker1.4修改内核参数
vim /etc/sysctl.d/90-k8s.conf
vm.swappiness=0
net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1
net.ipv4.ip_local_port_range = 1024 65000
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.neigh.default.gc_thresh1=4096
net.ipv4.neigh.default.gc_thresh2=6144
net.ipv4.neigh.default.gc_thresh3=81921.5修改句柄数可进程数
cat >>/etc/security/limits.d/90-nofile.conf<<eof
* soft nofile 131070
* hard nofile 131070
root soft nofile unlimited
eof
cat >>/etc/security/limits.d/90-nproc.conf<<eof
* soft nproc 102400
* hard nproc 102400
root soft nproc unlimited
eof1.6关闭防火墙和swap分区
systemctl stop firewalld && setenforce 0
sed -ri 's/.*swap/#&/' /etc/fstab
swapoff -a1.7 添加rke用户
useradd rke
usermod -aG docker rke
echo 123 | passwd --stdin rke
mkdir /home/rke/.ssh二、部署rke
2.1下载rke工具
下载地址
https://github.com/rancher/rke/releases/download/v1.4.5/rke_linux-amd642.2rke机器对其他节点做免密
ssh-copy-id [email protected]
ssh-copy-id [email protected]
ssh-copy-id [email protected]
chown apps:apps -R /home/rke/.ssh
chmod 700 /home/rke/.ssh
chmod 600 /home/rke/.ssh/authorized_keys2.3 rke配置与cluster文件
mv rke_linux-amd64 /usr/local/bin/rke
chmod +x /usr/local/bin/rke
ln -s /usr/local/bin/rke /usr/bin/rke
rke --versionvim cluster.yaml
nodes:
- address: 192.168.0.147 # master节点IP
user: root
role: ["controlplane", "etcd", "worker"]
ssh_key_path: /root/.ssh/id_rsa
- address: 192.168.0.152 # node节点 IP
user: root
role: ["worker"]
ssh_key_path: /root/.ssh/id_rsa
- address: 192.168.0.153 # node节点 IP
user: root
role: ["worker"]
ssh_key_path: /root/.ssh/id_rsa
upgrade_strategy:
max_unavailable_worker: 50%
max_unavailable_controlplane: 1
drain: false
ignore_docker_version: true
kubernetes_version: "v1.21.14-rancher1-1"
network:
plugin: calico
services:
etcd:
snapshot: true
creation: 6h
retention: 24h
kube-api:
extra_args:
enable-admission-plugins: "NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,DefaultTolerationSeconds,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota,NodeRestriction,Priority,TaintNodesByCondition,PersistentVolumeClaimResize,PodNodeSelector"三、集群部署
rke up #拉起集群
如果报错失败,可以根据报错修改或者
rke remove 之后重新拉起集群四、安装kubectl(master节点)
wget https://storage.googleapis.com/kubernetes-release/release/v1.27.2/bin/linux/amd64/kubectl
chmod +x kubectl
mv kubectl /usr/local/bin
mkdir -p /root/.kube/config
将rke节点上生成的kube_config_cluster.yml scp到 /root/.kube/config。即可使用kubectl命令