RKE2安裝kubernetes（2）

環境準備

• 修改主機名

  hostnamectl set-hostname rke2-1 && bash

• 系統版本

  [root@rke2-4 ~]# uname -a Linux rke2-4 3.10.0-693.el7.x86_64 #1 SMP Tue Aug 22 21:09:27 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux [root@rke2-4 ~]# cat /etc/redhat-release CentOS Linux release 7.4.1708 (Core)

• 配置hosts解析

  cat >> /etc/hosts << EOF 192.168.3.131 rke2-1 192.168.3.132 rke2-2 192.168.3.133 rke2-3 192.168.3.134 rke2-4 EOF

• 關閉防火墻與selinux

  systemctl stop firewalld systemctl disable firewalldsed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config setenforce 0

• 關閉 NetworlManager

  systemctl stop firewalld systemctl disable firewalld

• 下載常用工具，修改yum源

  yum install -y ntpdate vim wget tree httpd-tools telnet lrzsz net-tools bridge-utils unzipcurl -o /etc/yum.repos.d/Centos-7.repo http://mirrors.aliyun.com/repo/Centos-7.repo curl -o /etc/yum.repos.d/docker-ce.repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repoyum clean all && yum makecache

• 同步時間

  ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime ntpdate -u ntp.aliyun.com && date

• 修改內核參數

  cat <<EOF >> /etc/sysctl.conf net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 net.ipv4.ip_forward=1 EOF# 自動加載br_netfilter(網絡過濾器) 模塊 modprobe br_netfilter#sysctl命令動態的修改內核參數 sysctl -p /etc/sysctl.conf# -p：從配置文件“/etc/sysctl.conf”加載內核參數設置 # modprobe 自動處理可載入模塊

• 開放9345端口

  TCP的端口，讓master與master，master與work節點的通信

安裝rke2

參考官方地址：https://docs.rke2.io/install/quickstart/

安裝服務器節點

RKE2提供了一個安裝腳本，這是一種基于systemd的系統上將其安裝為服務的便捷方式。此腳本可以從 https://get.rke2.io 獲得，要使用此方法安裝RKE2 ,執行以下操作

1.運行安裝程序，將rke2-server 服務和rke2 二進制文件安裝到機器上 curl -sfL https://get.rke2.io | sh -2.開啟rke2-server 服務 systemctl enable rke2-server3.啟動服務 systemctl start rke2-server4.查看日志 journalctl -fu rk2-server.service5.啟動后會生成如下文件： [root@rke2-1 ~]# ll /var/lib/rancher/rke2/ total 4 drwxr-xr-x. 7 root root 4096 Sep 8 15:54 agent lrwxrwxrwx 1 root root 58 Sep 8 16:06 bin -> /var/lib/rancher/rke2/data/v1.21.4-rke2r2-3a2840eb67e1/bin drwxr-xr-x. 3 root root 41 Sep 8 15:54 data drwx------. 7 root root 99 Sep 8 16:05 server[root@rke2-1 ~]# cd /var/lib/rancher/rke2/bin/ [root@rke2-1 bin]# ll total 276740 -rwxr-xr-x. 1 root root 34902712 Sep 8 15:54 containerd # 容器運行時 -rwxr-xr-x. 1 root root 6636544 Sep 8 15:54 containerd-shim -rwxr-xr-x. 1 root root 11068832 Sep 8 15:54 containerd-shim-runc-v1 -rwxr-xr-x. 1 root root 11085408 Sep 8 15:54 containerd-shim-runc-v2 -rwxr-xr-x. 1 root root 23656944 Sep 8 15:54 crictl # 操作containerdd 命令 -rwxr-xr-x. 1 root root 19651576 Sep 8 15:54 ctr -rwxr-xr-x. 1 root root 48239168 Sep 8 15:55 kubectl -rwxr-xr-x. 1 root root 116760352 Sep 8 15:55 kubelet -rwxr-xr-x. 1 root root 11044080 Sep 8 15:55 runc # run容器的一個程序 -rwxr-xr-x. 1 root root 313680 Sep 8 15:55 socat # 用來給containerd提供端口映射服務# 生成了一個rke2.yaml 文件，完成kubernetes初始化后生產的admin.config，保存的是整個集群證書的一些信息，所以誰獲得rke2.yaml文件就等于獲得管理kubernetes集群的權限 [root@rke2-1 bin]# cd /etc/rancher/rke2/ [root@rke2-1 rke2]# ls -l total 4 -rw-------. 1 root root 2977 Sep 8 16:06 rke2.yaml[root@rke2-1 rke2]# export KUBECONFIG=/etc/rancher/rke2/rke2.yaml [root@rke2-1 rke2]# /var/lib/rancher/rke2/bin/kubectl get node NAME STATUS ROLES AGE VERSION rke2-1 Ready control-plane,etcd,master 29m v1.21.4+rke2r2[root@rke2-1 rke2]# /var/lib/rancher/rke2/bin/kubectl get pod -A NAMESPACE NAME READY STATUS RESTARTS AGE kube-system cloud-controller-manager-rke2-1 1/1 Running 0 29m kube-system etcd-rke2-1 1/1 Running 6 29m kube-system helm-install-rke2-canal-rtgsc 0/1 Completed 0 29m kube-system helm-install-rke2-coredns-45w76 0/1 Completed 0 29m kube-system helm-install-rke2-ingress-nginx-9gtsl 0/1 Completed 0 29m kube-system helm-install-rke2-metrics-server-vwk77 0/1 Completed 0 29m kube-system kube-apiserver-rke2-1 1/1 Running 0 29m kube-system kube-controller-manager-rke2-1 1/1 Running 0 29m kube-system kube-proxy-rke2-1 1/1 Running 0 29m kube-system kube-scheduler-rke2-1 1/1 Running 0 29m kube-system rke2-canal-xwrfh 2/2 Running 0 27m kube-system rke2-coredns-rke2-coredns-7bb4f446c-zncz5 1/1 Running 0 27m kube-system rke2-coredns-rke2-coredns-autoscaler-7c58bd5b6c-xsh8s 1/1 Running 0 27m kube-system rke2-ingress-nginx-controller-b75m9 1/1 Running 0 24m kube-system rke2-metrics-server-5df7d77b5b-d728t 1/1 Running 0 25m

運行此安裝后：

• rke2-server 將安裝該服務，該rke2-server服務將配置為：在節點重新啟動或進程崩潰或被終止后自動重新啟動
• 其他使用程序將安裝在/var/lib/rancher/rke2/bin/。他們包括：kubectl，crictl，和 ctr。注意：默認情況下這些不在您的路徑下。
• 兩個清理腳本將安裝到 /usr/local/bin/rke2 他們是rke2-killall.sh和rke2-uninstall.sh
• 一個kubeconfig文件將被寫入/etc/rancher/rke2/rke2.yaml
• 可用于注冊其他服務或代理節點的令牌將在/var/lib/rancher/rke2/server/node-token

**注意：**如果要添加其他服務器節點，則總數必須為奇數。需要奇數來維持選舉人數，有關更多詳細信息，請參閱高可用性文檔。

手動配置rke2參數和一些設置

注：名字必須是config.yaml

[root@rke2-1 rke2]# cat config.yaml token: K105a1bba0a11f93cf7231f0093d16d0d20156f8aa46cb1c5fc8ea8cc6df42a52df::server:5e9d82ee38c21ad5f794c5da30764de7 tls-san:- my-kubernetes-domain.com- another-kubernetes-domain.comnode-name: "rke2-1"#node-taint: # - "CriticalAddinsonly=true:NoExecute"node-label:- "node=Master"- "rke2-1=Master"

配置解釋

# work 與 master之間通訊需要work提供master上的token 信息 token: # 創建k8s集群后會生成一系列 tls 證書 tls-san:- my-kubernetes-domain.com- another-kubernetes-domain.com # 都是集群的別名，是tls證書所認證的別名或域名，需要認證的別名羅列在這里就可以被tls認證# 節點的名字，會顯示在get node 的信息 node-name: "rke2-1"# 有污點，只做master不做work，沒有污點既是master也是work，可以通過kubectl命令修改 #node-taint: # - "CriticalAddinsonly=true:NoExecute"# label 也可以通過kubectl 添加或刪除 node-label:- "node=Master"- "rke2-1=Master"

獲取token

# 獲取token，填入上面的配置文件 [root@rke2-1 ~]# cat /var/lib/rancher/rke2/server/node-token K105a1bba0a11f93cf7231f0093d16d0d20156f8aa46cb1c5fc8ea8cc6df42a52df::server:5e9d82ee38c21ad5f794c5da30764de7# reload使其生效 [root@rke2-1 rke2]# systemctl daemon-reload[root@rke2-1 rke2]# systemctl restart rke2-server[root@rke2-1 rke2]# /var/lib/rancher/rke2/bin/kubectl get node NAME STATUS ROLES AGE VERSION rke2-1 Ready control-plane,etcd,master 55m v1.21.4+rke2r2 [root@rke2-1 rke2]# /var/lib/rancher/rke2/bin/kubectl get pod -A NAMESPACE NAME READY STATUS RESTARTS AGE kube-system cloud-controller-manager-rke2-1 1/1 Running 1 55m kube-system etcd-rke2-1 1/1 Running 1 55s kube-system helm-install-rke2-canal-rtgsc 0/1 Completed 0 55m kube-system helm-install-rke2-coredns-45w76 0/1 Completed 0 55m kube-system helm-install-rke2-ingress-nginx-9gtsl 0/1 Completed 0 55m kube-system helm-install-rke2-metrics-server-99vnw 0/1 Completed 0 4s kube-system kube-apiserver-rke2-1 1/1 Running 1 55s kube-system kube-controller-manager-rke2-1 1/1 Running 1 55m kube-system kube-proxy-rke2-1 1/1 Running 0 55m kube-system kube-scheduler-rke2-1 1/1 Running 1 55m kube-system rke2-canal-xwrfh 2/2 Running 0 53m kube-system rke2-coredns-rke2-coredns-7bb4f446c-zncz5 1/1 Running 0 53m kube-system rke2-coredns-rke2-coredns-autoscaler-7c58bd5b6c-xsh8s 1/1 Running 1 53m kube-system rke2-ingress-nginx-controller-b75m9 1/1 Running 0 50m kube-system rke2-metrics-server-5df7d77b5b-d728t 1/1 Running 1 51m

同樣的方式配置其他master節點

scp /etc/rancher/rke2/config.yaml rke2-2:/etc/rancher/rke2/ scp /etc/rancher/rke2/config.yaml rke2-4:/etc/rancher/rke2/分別修改：node-name并添加如下：# 需要與server1 產生關系 server: https://192.168.3.131:9345# rk2-2如下： [root@rke2-2 rke2]# cat config.yaml server: https://192.168.3.131:9345 token: K105a1bba0a11f93cf7231f0093d16d0d20156f8aa46cb1c5fc8ea8cc6df42a52df::server:5e9d82ee38c21ad5f794c5da30764de7 tls-san:- my-kubernetes-domain.com- another-kubernetes-domain.comnode-name: "rke2-2"#node-taint: # - "CriticalAddinsonly=true:NoExecute"node-label:- "node=Master"- "rke2-2=Master"# rke2-4 [root@rke2-4 rke2]# cat /etc/rancher/rke2/config.yaml server: https://192.168.3.131:9345 token: K105a1bba0a11f93cf7231f0093d16d0d20156f8aa46cb1c5fc8ea8cc6df42a52df::server:5e9d82ee38c21ad5f794c5da30764de7 tls-san:- my-kubernetes-domain.com- another-kubernetes-domain.comnode-name: "rke2-4"#node-taint: # - "CriticalAddinsonly=true:NoExecute"node-label:- "node=Master"- "rke2-4=Master"# 加載后使其生效 systemctl daemon-reload systemctl restart rke2-server# 再次查看node [root@rke2-1 rke2]# /var/lib/rancher/rke2/bin/kubectl -n kube-system get node NAME STATUS ROLES AGE VERSION rke2-1 Ready control-plane,etcd,master 37m v1.21.4+rke2r3 rke2-2 Ready control-plane,etcd,master 23m v1.21.4+rke2r3 rke2-4 Ready control-plane,etcd,master 118s v1.21.4+rke2r3

安裝worker節點

1.運行安裝程序，將rke2-agent 服務 和 rke2 二進制文件安裝到機器上 curl -sfL https://get.rke2.io | INSTALL_RKE2_TYPE="agent" sh -2.設置開機啟動 systemctl enable rke2-agent.service3.配置rke2-agent服務 mkdir -p /etc/rancher/rke2 vim /etc/rancher/rke2/config.yamlconfig.yaml 的內容 server: /https://<server>:9345 tonken: <token from server node># rke2-3 scp /etc/rancher/rke2/config.yaml rke2-3:/etc/rancher/rke2/[root@rke2-3 rke2]# cat config.yaml server: https://192.168.3.131:9345 token: K105a1bba0a11f93cf7231f0093d16d0d20156f8aa46cb1c5fc8ea8cc6df42a52df::server:5e9d82ee38c21ad5f794c5da30764de7 node-name: "rke2-3" node-label:- "node=worker"- "rke2-3=worker"# 加載后使其生效 systemctl daemon-reload 注：該 rke2 server 進程在端口上監聽 9345 要注冊的新節點。kubernetes API 6443 仍然像往常一樣在port 上提供服務。4.啟動服務 systemctl start rke2-agent.service[root@rke2-3 ~]# systemctl status rke2-agent.service ● rke2-agent.service - Rancher Kubernetes Engine v2 (agent)Loaded: loaded (/usr/lib/systemd/system/rke2-agent.service; disabled; vendor preset: disabled)Active: active (running) since Mon 2021-09-13 15:46:35 CST; 12s agoDocs: https://github.com/rancher/rke2#readme5.查看日志 journalctl -fu rke2-agent 6.查看node [root@rke2-1 rke2]# /var/lib/rancher/rke2/bin/kubectl -n kube-system get node -w NAME STATUS ROLES AGE VERSION rke2-1 Ready control-plane,etcd,master 89m v1.21.4+rke2r3 rke2-2 Ready control-plane,etcd,master 74m v1.21.4+rke2r3 rke2-3 Ready <none> 6m24s v1.21.4+rke2r3 rke2-4 Ready control-plane,etcd,master 53m v1.21.4+rke2r3

**注意：**每臺機器必須有一個唯一的主機名。如果您的機器沒有唯一的主機名，請node-name在config.yaml文件中設置參數并為每個節點提供一個具有有效且唯一主機名的值。

要閱讀有關 config.yaml 文件的更多信息，請參閱安裝選項文檔。

其他

[root@rke2-1 rke2]# ls -l /run/k3s/containerd/containerd.sock srw-rw---- 1 root root 0 Sep 13 14:31 /run/k3s/containerd/containerd.sock| [root@rke2-1 rke2]# /var/lib/rancher/rke2/bin/crictl --runtime-endpoint=unix:///run/k3s/containerd/containerd.sock ps CONTAINER IMAGE CREATED STATE NAME ATTEMPT POD ID b210741aa5491 7589738b9ae11 2 hours ago Running coredns 0 643b9ef40c4b1 3d4c3184d1ff3 5aa19aa313a9b 2 hours ago Running autoscaler 5 6724f540c188c c4ef09c03a22d 5d05c5a9b5533 2 hours ago Running metrics-server 1 8dfba29b6803a 686f9ae82f6d9 55e81dd7316be 2 hours ago Running cloud-controller-manager 2 66ecf8d51a225 c5fbcfae8def6 9e2f766bd35d6 2 hours ago Running kube-scheduler 2 87a6b265d5da2 7f740352a479f 9e2f766bd35d6 2 hours ago Running kube-controller-manager 2 c19561eddcf4b 0eb2344d4d26b 9e2f766bd35d6 2 hours ago Running kube-apiserver 1 afe17cea25ea0 929a20b5f356b 271c0a695260e 2 hours ago Running etcd 1 c46cf018a870a 4de1d88f8f423 fffb9e128464f 2 hours ago Running rke2-ingress-nginx-controller 0 b82a44372ee28 2a95f5d414d64 7589738b9ae11 2 hours ago Running coredns 0 aadde4683420b e30a24115a4c7 366c64051af85 2 hours ago Running kube-flannel 0 1a11ecf1b650c d4aedfaf8ee17 736cae9d947ba 2 hours ago Running calico-node 0 1a11ecf1b650c 044e6e56b933c 9e2f766bd35d6 2 hours ago Running kube-proxy 1 # 命令太長 [root@rke2-1 rke2]# mkdir -p /etc/rancher/rke2/.kube [root@rke2-1 rke2]# ln -s /etc/rancher/rke2/rke2.yaml ~/.kube/config [root@rke2-1 rke2]# ll ~/.kube/config lrwxrwxrwx 1 root root 27 Sep 13 16:36 /root/.kube/config -> /etc/rancher/rke2/rke2.yaml[root@rke2-1 rke2]# ln -s /var/lib/rancher/rke2/agent/etc/crictl.yaml /etc/crictl.yaml [root@rke2-1 rke2]# chmod 600 ~/.kube/config[root@rke2-1 rke2]# /var/lib/rancher/rke2/bin/crictl ps CONTAINER IMAGE CREATED STATE NAME ATTEMPT POD ID b210741aa5491 7589738b9ae11 2 hours ago Running coredns 0 643b9ef40c4b1 3d4c3184d1ff3 5aa19aa313a9b 2 hours ago Running autoscaler 5 6724f540c188c c4ef09c03a22d 5d05c5a9b5533 2 hours ago Running metrics-server 1 8dfba29b6803a 686f9ae82f6d9 55e81dd7316be 2 hours ago Running cloud-controller-manager 2 66ecf8d51a225 c5fbcfae8def6 9e2f766bd35d6 2 hours ago Running kube-scheduler 2 87a6b265d5da2 7f740352a479f 9e2f766bd35d6 2 hours ago Running kube-controller-manager 2 c19561eddcf4b 0eb2344d4d26b 9e2f766bd35d6 2 hours ago Running kube-apiserver 1 afe17cea25ea0 929a20b5f356b 271c0a695260e 2 hours ago Running etcd 1 c46cf018a870a 4de1d88f8f423 fffb9e128464f 2 hours ago Running rke2-ingress-nginx-controller 0 b82a44372ee28 2a95f5d414d64 7589738b9ae11 2 hours ago Running coredns 0 aadde4683420b e30a24115a4c7 366c64051af85 2 hours ago Running kube-flannel 0 1a11ecf1b650c d4aedfaf8ee17 736cae9d947ba 2 hours ago Running calico-node 0 1a11ecf1b650c 044e6e56b933c 9e2f766bd35d6 2 hours ago Running kube-proxy

配置自己的鏡像倉庫地址

# 在/etc/rancher/rke2/ 下定義一個 registries.yaml mirrors:myregistry.com:endpoint:- "https://myregistry.com:5000" configs:"myregistry.com:5000"auth:username: xxxxpassword: xxxxtls:cert_file: /pathkey_file:ca_file:

Rke2 升級的問題

# server 升級 再執行 curl -sfL https://get.rke2.io | sh -# worker 升級 curl -sfL https://get.rke2.io | INSTALL_RKE2_TYPE="agent" sh -#server指定版本升級 curl -sfL https://get.rke2.io | INSTALL_RKE2_VERSION=vx.y.z sh -# worker 指定版升級 https://get.rke2.io | INSTALL_RKE2_TYPE="agent" INSTALL_RKE2_VERSION=vx.y.z sh -

ETCD的問題

# rke2 上本身啟動了一個ETCD快照功能，產生的快照文件在 如下目錄 [root@rke2-1 ~]# ls -l /var/lib/rancher/rke2/server/db/snapshots/ total 0# 默認每12個小時生成當前機器的etcd快照，僅限有ETCD的master節點； 在每個master節點配置# 可以更改備份時間，在 config.yaml 添加如下兩行：work節點無需添加 快照參數。 vi /etc/rancher/rke2/config.yaml etcd-snapshot-retention: 2 etcd-snapshot-schedule-cron: '*/2 * * * *' kubelet-arg:- "eviction-hard=nodefs.available<1%,memory.available<10Mi"- "eviction-soft-grace-period=nodefs.available=30s,imagefs.available=30s"- "eviction-soft=nodefs.available<5%,imagefs.available<1%"注釋： # 快照文件個數，只保存兩個，刪除舊的保存新的 etcd-snapshot-retention: 2 # 與定時任務寫法一樣，分時日月周; default 是 '* */12 * * * ' etcd-snapshot-schedule-cron: '*/10 * * * *' # 自定義快照文件存放位置 etcd-snapshot-dir: /xx/xxx/xxx# 自定義垃圾回收機制，添加到所所節點 kubelet-arg:- "eviction-hard=nodefs.available<1%,memory.available<10Mi" # 硬策略- "eviction-soft-grace-period=nodefs.available=30s,imagefs.available=30s" # 硬策略- "eviction-soft=nodefs.available<5%,imagefs.available<1%" # 軟策略，可用文件系統小于百分之五，可用鏡像文件系統小于1% 開始回收# reload 使其生效 systemctl daemon-reload systemctl restart rke2-server# 查看是否生效 ps -ef | grep -i kubelet# 默認快照存儲位置 ls /var/lib/rancher/rke2/server/db/snapshots/[root@rke2-1 ~]# ls /var/lib/rancher/rke2/server/db/snapshots/ etcd-snapshot-rke2-1-1631600520 etcd-snapshot-rke2-1-1631600640

其他配置參考：https://docs.rke2.io/backup_restore/#options

總結

以上是生活随笔為你收集整理的RKE2安装kubernetes（2）的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。