文章目錄

• • • 使用rke安裝高可用k8s集群
    • rke 增加和移除節(jié)點(diǎn)
    • 徹底清理rke節(jié)點(diǎn)

使用rke安裝高可用k8s集群

服務(wù)器rke集群節(jié)點(diǎn)角色規(guī)劃

用戶主機(jī)名內(nèi)網(wǎng)IPSSH端口系統(tǒng)rke 角色

ops	rke-server-01	192.168.2.131	22	CentOS Linux release 7.6.1810 (Core)	controlplane、worker、etcd
ops	rke-server-02	192.168.2.132	22	CentOS Linux release 7.6.1810 (Core)	controlplane、worker、etcd
ops	rke-server-03	192.168.2.133	22	CentOS Linux release 7.6.1810 (Core)	controlplane、worker、etcd

系統(tǒng)準(zhǔn)備（所有節(jié)點(diǎn) 用root 用戶操作）

• 安裝一些個(gè)人常用的基礎(chǔ)安裝包

yum -y install epel-release.noarchyum -y install psmisc gcc gcc-c++ texinfo wget unzip zip gcc libticonv-devel libcurl-devel curl nmap iotop dstat tree mlocate ntpdate openssh-clients net-tools vim ntsysv nmap curl lrzsz sysstat libselinux-python pcre pcre-devel zlib zlib-devel openssl openssl-devel readline-devel bzip2 httpd-devel python-devel python-pip python-setuptools lsof sqlite-devel nscd bind-utils telnet rsync tcpdump expect nc ntp lftp bash-completion ipset ipvsadm

• 關(guān)閉防火墻systemctl stop firewalld systemctl stop iptables systemctl disable firewalld systemctl disable iptables
• 關(guān)閉selinux

``` sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/sysconfig/selinux sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config setenforce 0```

• 三臺(tái)時(shí)間同步要一致systemctl start ntpd systemctl enable ntpd
• 關(guān)閉swap分區(qū)swapoff -a sed -i '/swap/d' /etc/fstab mount -a
  • 然后修改/etc/fstab，把swap分區(qū)相關(guān)的配置注釋掉
• 內(nèi)核參數(shù)調(diào)整cat >> /etc/sysctl.conf <<EOF fs.file-max = 2442652 net.ipv4.ip_local_port_range = 1024 65535 vm.swappiness=0 net.ipv4.ip_forward=1 net.bridge.bridge-nf-call-iptables=1 net.bridge.bridge-nf-call-ip6tables = 1 EOF sysctl -p
• 配置資源限制 sh -c " cat >>/etc/security/limits.conf <<EOF* soft nofile 1048576* hard nofile 1048576* soft core unlimited* hard core unlimited* soft nproc unlimited* hard nproc unlimitedEOF"sh -c "cat >> /etc/security/limits.d/20-nproc.conf << EOF* soft nproc unlimited* hard nproc unlimitedEOF"
• 加載ipvs相關(guān)模塊
  由于ipvs已經(jīng)加入到了內(nèi)核的主干，所以為kube-proxy開啟ipvs的前提需要加載以下的內(nèi)核模塊：

cat > /etc/sysconfig/modules/ipvs.modules <<EOF#!/bin/bashmodprobe -- ip_vsmodprobe -- ip_vs_rrmodprobe -- ip_vs_wrrmodprobe -- ip_vs_shmodprobe -- nf_conntrack_ipv4EOFchmod 755 /etc/sysconfig/modules/ipvs.modules bash /etc/sysconfig/modules/ipvs.moduleslsmod | grep -e ip_vs -e nf_conntrack_ipv4

• 安裝docker

yum remove docker docker-common docker-selinux docker-engine | /bin/true yum install -y yum-utils device-mapper-persistent-data lvm2 yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo yum repolist yum install docker-ce -y mkdir -p /etc/docker /data/docker cat > /etc/docker/daemon.json <<EOF {"data-root": "/data/docker","exec-opts": ["native.cgroupdriver=systemd"] } EOF systemctl enable docker systemctl restart docker

• 創(chuàng)建ops 用戶并設(shè)置密碼

useradd ops -G docker echo "password" | passwd --stdin ops

在rke-server-01 上配置ops 用戶可以SSH免密登錄到所有主機(jī)（包含rke-server-01）

ssh-keygen -t rsa ssh-copy-id -i /home/ops/.ssh/id_rsa.pub ops@192.168.2.131 ssh-copy-id -i /home/ops/.ssh/id_rsa.pub ops@192.168.2.132 ssh-copy-id -i /home/ops/.ssh/id_rsa.pub ops@192.168.2.133

在rke-server-01下載安裝rke和kubectl命令

VERSION=v1.2.11 && \ curl -LO https://github.com/rancher/rke/releases/download/${VERSION}/rke_linux-amd64 && \ chmod +x rke_linux-amd64 && \ mv rke_linux-amd64 /usr/local/bin/rkecurl -LO https://storage.googleapis.com/kubernetes-release/release/v1.20.0/bin/linux/amd64/kubectl chmod 755 kubectl && mv kubectl /usr/local/bin/

在rke-server-01切換到ops用戶使用rke 安裝k8s 集群

• 使用rke 交互式在當(dāng)前目錄生成創(chuàng)建集群所需要cluster.yml

rke config [+] Cluster Level SSH Private Key Path [~/.ssh/id_rsa]: [+] Number of Hosts [1]: 3 [+] SSH Address of host (1) [none]: 192.168.2.131 [+] SSH Port of host (1) [22]: [+] SSH Private Key Path of host (192.168.2.131) [none]: [-] You have entered empty SSH key path, trying fetch from SSH key parameter [+] SSH Private Key of host (192.168.2.131) [none]: [-] You have entered empty SSH key, defaulting to cluster level SSH key: ~/.ssh/id_rsa [+] SSH User of host (192.168.2.131) [ubuntu]: ops [+] Is host (192.168.2.131) a Control Plane host (y/n)? [y]: y [+] Is host (192.168.2.131) a Worker host (y/n)? [n]: y [+] Is host (192.168.2.131) an etcd host (y/n)? [n]: y [+] Override Hostname of host (192.168.2.131) [none]: rke-server-01 [+] Internal IP of host (192.168.2.131) [none]: [+] Docker socket path on host (192.168.2.131) [/var/run/docker.sock]: [+] SSH Address of host (2) [none]: 192.168.2.132 [+] SSH Port of host (2) [22]: [+] SSH Private Key Path of host (192.168.2.132) [none]: [-] You have entered empty SSH key path, trying fetch from SSH key parameter [+] SSH Private Key of host (192.168.2.132) [none]: [-] You have entered empty SSH key, defaulting to cluster level SSH key: ~/.ssh/id_rsa [+] SSH User of host (192.168.2.132) [ubuntu]: ops [+] Is host (192.168.2.132) a Control Plane host (y/n)? [y]: y [+] Is host (192.168.2.132) a Worker host (y/n)? [n]: y [+] Is host (192.168.2.132) an etcd host (y/n)? [n]: y [+] Override Hostname of host (192.168.2.132) [none]: rke-server-02 [+] Internal IP of host (192.168.2.132) [none]: [+] Docker socket path on host (192.168.2.132) [/var/run/docker.sock]: [+] SSH Address of host (3) [none]: 192.168.2.133 [+] SSH Port of host (3) [22]: [+] SSH Private Key Path of host (192.168.2.133) [none]: [-] You have entered empty SSH key path, trying fetch from SSH key parameter [+] SSH Private Key of host (192.168.2.133) [none]: [-] You have entered empty SSH key, defaulting to cluster level SSH key: ~/.ssh/id_rsa [+] SSH User of host (192.168.2.133) [ubuntu]: ops [+] Is host (192.168.2.133) a Control Plane host (y/n)? [y]: y [+] Is host (192.168.2.133) a Worker host (y/n)? [n]: y [+] Is host (192.168.2.133) an etcd host (y/n)? [n]: y [+] Override Hostname of host (192.168.2.133) [none]: rke-server-03 [+] Internal IP of host (192.168.2.133) [none]: [+] Docker socket path on host (192.168.2.133) [/var/run/docker.sock]: [+] Network Plugin Type (flannel, calico, weave, canal, aci) [canal]: flannel [+] Authentication Strategy [x509]: [+] Authorization Mode (rbac, none) [rbac]: rabc [+] Kubernetes Docker image [rancher/hyperkube:v1.20.9-rancher1]: [+] Cluster domain [cluster.local]: [+] Service Cluster IP Range [10.43.0.0/16]: [+] Enable PodSecurityPolicy [n]: [+] Cluster Network CIDR [10.42.0.0/16]: [+] Cluster DNS Service IP [10.43.0.10]: [+] Add addon manifest URLs or YAML files [no]:

• 使用已定義好的cluster.yml

# If you intened to deploy Kubernetes in an air-gapped environment, # please consult the documentation on how to configure custom RKE images. nodes: - address: 192.168.2.131port: "22"internal_address: ""role:- controlplane- worker- etcdhostname_override: rke-server-01user: ops - address: 192.168.2.132port: "22"role:- controlplane- worker- etcdhostname_override: rke-server-02user: ops - address: 192.168.2.133port: "22"role:- controlplane- worker- etcdhostname_override: rke-server-03user: ops services:etcd:snapshot: truecreation: 6hretention: 24h network:plugin: "flannel" mtu: 0options: {}

• 安裝k8s集群

rke up --config ~/cluster.yml 耐心等待安裝完成就行

• 驗(yàn)證集群

mkidr -p ~/.kube && cp ./kube_config_cluster.yml ~/.kube/config kubectl get node kubectl get pod -A

rke 增加和移除節(jié)點(diǎn)

rke up --update-only --config ~/cluster.yml

徹底清理rke節(jié)點(diǎn)

cat > rancher/clear.sh << EOF df -h|grep kubelet |awk -F % '{print $2}'|xargs umount rm /var/lib/kubelet/* -rf rm /etc/kubernetes/* -rf rm /var/lib/rancher/* -rf rm /var/lib/etcd/* -rf rm /var/lib/cni/* -rfrm -rf /var/run/calico iptables -F && iptables -t nat -Fip link del flannel.1docker ps -a|awk '{print $1}'|xargs docker rm -f docker volume ls|awk '{print $2}'|xargs docker volume rmrm -rf /var/etcd/ rm -rf /run/kubernetes/ docker rm -fv $(docker ps -aq) docker volume rm $(docker volume ls) rm -rf /etc/cni rm -rf /opt/cnisystemctl restart docker EOF rke remove sh rancher/clear.sh

總結(jié)

以上是生活随笔為你收集整理的使用rke安装高可用k8s集群的全部?jī)?nèi)容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網(wǎng)站內(nèi)容還不錯(cuò)，歡迎將生活随笔推薦給好友。