使用rke2安装高可用k8s集群
rke2高可用k8s集群部署
·
文章目录
使用rke2安装高可用k8s集群
- 服务器rke集群节点角色规划
| 用户 | 主机名 | 内网IP | SSH端口 | 系统 | 角色 |
|---|---|---|---|---|---|
| root | rke-server-01 | 192.168.2.131 | 22 | CentOS Linux release 7.6.1810 (Core) | controlplane、worker、etcd |
| root | rke-server-02 | 192.168.2.132 | 22 | CentOS Linux release 7.6.1810 (Core) | controlplane、worker、etcd |
| root | rke-server-03 | 192.168.2.133 | 22 | CentOS Linux release 7.6.1810 (Core) | controlplane、worker、etcd |
-
安装一些个人常用的基础安装包
yum -y install epel-release.noarch yum -y install psmisc gcc gcc-c++ texinfo wget unzip zip gcc libticonv-devel libcurl-devel curl nmap iotop dstat tree mlocate ntpdate openssh-clients net-tools vim ntsysv nmap curl lrzsz sysstat libselinux-python pcre pcre-devel zlib zlib-devel openssl openssl-devel readline-devel bzip2 httpd-devel python-devel python-pip python-setuptools lsof sqlite-devel nscd bind-utils telnet rsync tcpdump expect nc ntp lftp bash-completion ipset ipvsadm -
关闭防火墙
systemctl stop firewalld systemctl stop iptables systemctl disable firewalld systemctl disable iptables -
关闭selinux
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/sysconfig/selinux sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config setenforce 0 -
三台时间同步要一致
systemctl start ntpd systemctl enable ntpd -
关闭swap分区
swapoff -a sed -i '/swap/d' /etc/fstab mount -a- 然后修改/etc/fstab,把swap分区相关的配置注释掉
-
内核参数调整
cat >> /etc/sysctl.conf <<EOF fs.file-max = 2442652 net.ipv4.ip_local_port_range = 1024 65535 vm.swappiness=0 net.ipv4.ip_forward=1 net.bridge.bridge-nf-call-iptables=1 net.bridge.bridge-nf-call-ip6tables = 1 EOF modprobe br_netfilter sysctl -p -
配置资源限制
sh -c " cat >>/etc/security/limits.conf <<EOF * soft nofile 1048576 * hard nofile 1048576 * soft core unlimited * hard core unlimited * soft nproc unlimited * hard nproc unlimited EOF" sh -c "cat >> /etc/security/limits.d/20-nproc.conf << EOF * soft nproc unlimited * hard nproc unlimited EOF" -
NetworkManager 网络配置
systemctl status NetworkManager
cat >> /etc/NetworkManager/conf.d/rke2-canal.conf << EOF
[keyfile]
unmanaged-devices=interface-name:cali*;interface-name:flannel*
EOF
systemctl daemon-reload
systemctl restart NetworkManager
-
加载ipvs相关模块
由于ipvs已经加入到了内核的主干,所以为kube-proxy开启ipvs的前提需要加载以下的内核模块:cat > /etc/sysconfig/modules/ipvs.modules <<EOF #!/bin/bash modprobe -- ip_vs modprobe -- ip_vs_rr modprobe -- ip_vs_wrr modprobe -- ip_vs_sh modprobe -- nf_conntrack_ipv4 EOF chmod 755 /etc/sysconfig/modules/ipvs.modules bash /etc/sysconfig/modules/ipvs.modules lsmod | grep -e ip_vs -e nf_conntrack_ipv4 -
在线三个节点安装rke-server(controlplane、worker、etcd角色)
curl -sfL https://get.rke2.io | sh - -
在rke-sersver-01上启动rke-server
systemctl enable rke2-server.service systemctl start rke2-server.service- 安装完成后 /var/lib/rancher/rke2/bin/ 目录 生成有ctr、crictl、kubectl 等二进制文件
- A kubeconfig file will be written to /etc/rancher/rke2/rke2.yaml
- A token that can be used to register other server or agent nodes will be created at /var/lib/rancher/rke2/server/node-token
-
三个节点均创建rke-server高可用集群需要的/etc/rancher/rke2/config.yaml 配置文件,
server: https://192.168.2.131:9345 token: my-shared-secret #/var/lib/rancher/rke2/server/node-token中值 tls-san: - my-kubernetes-domain.com - another-kubernetes-domain.com node-label: - "host=k8s-master" #node-taint: ####(打污点) # - "host=k8s-master:NoExecute" -
验证集群
/var/lib/rancher/rke2/bin/kubectl \ --kubeconfig /etc/rancher/rke2/rke2.yaml get nodes -
集群添加agent(woker角色)节点
curl -sfL https://get.rke2.io | INSTALL_RKE2_TYPE="agent" sh - systemctl enable rke2-agent.service mkdir -p /etc/rancher/rke2/ cat > /etc/rancher/rke2/config.yaml <<EOF server: https://192.168.2.131:9345 token: my-shared-secret #/var/lib/rancher/rke2/server/node-token中值 EOF systemctl start rke2-agent.service -
停止某个节点上的服务
rke2-killall.sh -
清理某个节点上的rke 服务
rke2-uninstall.sh
K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容
更多推荐
0
0- 0
已为社区贡献13条内容
所有评论(0)