rke安装k8s集群
rke+helm部署k8s集群+高可用rancher
服务器 | 集群角色 | 服务配置 | |
---|---|---|---|
192.168.68.191 | controlplane,etcd,worker | 2核 4G | |
192.168.68.192 | controlplane,etcd,worker | 2核 4G | |
192.168.68.193 | controlplane,etcd,worker | 2核 4G | |
192.168.68.194 | worker | 2核 4G |
-
关闭防火墙:( 所有节点操作 )
- systemctl stop firewalld
- systemctl disable firewalld
-
关闭selinux ( 所有节点操作 )
-
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config # 永久关闭
-
setenforce 0 # 临时关闭
-
-
关闭swap ( 所有节点操作 )
-
swapoff -a # 临时关闭;
-
关闭swap主要是为了性能考虑 sed -ri 's/.*swap.*/#&/' /etc/fstab
-
-
Kernel性能调优 ( 所有节点操作 )
-
modprobe br_netfilter && echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.conf && echo 'net.bridge.bridge-nf-call-iptables=1' >> /etc/sysctl.conf && echo 'net.ipv4.neigh.default.gc_thresh1=4096' >> /etc/sysctl.conf && echo 'net.ipv4.neigh.default.gc_thresh2=6144' >> /etc/sysctl.conf && echo 'net.ipv4.neigh.default.gc_thresh3=8192' >> /etc/sysctl.conf && sysctl -p
-
echo 'fs.file-max = 2000000' >> /etc/sysctl.conf && sed -i 's/root soft nofile 65535/root soft nofile 1000000/g' /etc/security/limits.conf && sed -i 's/root hard nofile 65535/root hard nofile 1000000/g' /etc/security/limits.conf && sed -i 's/* soft nofile 65535/* soft nofile 1000000/g' /etc/security/limits.conf && sed -i 's/* hard nofile 65535/* hard nofile 1000000/g' /etc/security/limits.conf
-
echo "DefaultLimitNOFILE=1000000" >> /etc/systemd/system.conf && echo "DefaultLimitNPROC=1000000" >> /etc/systemd/system.conf
-
yum install epel-release -y
-
reboot生效
-
-
2:配置环境及docker用户
- 所有服务器部署docker
- wget -O /etc/yum.repos.d/epel.repo https://mirrors.aliyun.com/repo/epel-7.repo
- wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
- wget -O /etc/yum.repos.d/docker-ce.repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
- yum install docker-ce-19.03.8 -y
- 启动docker
- systemctl start docker
- 内网环境部署的话需要设置docker 代理(比如使用squid)
- sed -i '31iEnvironment=\"HTTP_PROXY=http://xx.xx.xx.xx:3128/\" \"HTTPS_PROXY=http://xx.xx.xx.xx:3128/\"' /usr/lib/systemd/system/docker.service
- sed -i '31iEnvironment=\"HTTP_PROXY=http://xx.xx.xx.xx:3128/\" \"HTTPS_PROXY=http://xx.xx.xx.xx:3128/\"' /usr/lib/systemd/system/docker.service
- 创建docker用户并添加权限,设置密码:groupadd docker && useradd docker -aG docker && echo "123456" | passwd --stdin rancher
- rke所在的放服务器配置docker的ssh免密登陆
- 切换到docker 用户 su - docker ;cd ~/.ssh/
- ssh-keygen -t rsa #一直回车
- ssh-copy-id -i ~/.ssh/id_rsa.pub docker@192.168.68.191
- ssh-copy-id -i ~/.ssh/id_rsa.pub docker@192.168.68.192
- ssh-copy-id -i ~/.ssh/id_rsa.pub docker@192.168.68.193
- ssh-copy-id -i ~/.ssh/id_rsa.pub docker@192.168.68.194
- 切换到docker 用户 su - docker ;cd ~/.ssh/
- rke所在的放服务器配置docker的ssh免密登陆
- Release Release v1.0.11 · rancher/rke · GitHub 下载完成后上传到服务器191,
- mv rke_linux-amd64 rke ;chmod +x rke
- vim cluster_development.yml
-
nodes: - address: 192.168.68.191 user: docker role: [controlplane,etcd,worker] - address: 192.168.68.192 user: docker role: [controlplane,etcd,worker] - address: 192.168.68.193 user: docker role: [controlplane,etcd,worker] - address: 192.168.68.194 user: docker role: [worker] services: etcd: snapshot: true creation: 6h retention: 24h ingress: provider: nginx options: use-forwarded-headers: "true" services: kubelet: extra_args: system-reserved: cpu=0.5,memory=200Mi kube-reserved: cpu=1,memory=400Mi enforce-node-allocatable: pods eviction-hard: memory.available<200Mi
-
执行安装:./rke up --update-only --config cluster_development.yml #安装时间比较长
- 安装完成后会生成 cluster_development.rkestate kube_config_cluster_development.yml 这2个文件
-
注意这个2个文件生成了不代表安装成功了
-
4:安装 kubectl 工具 (yum安装或者直接下载kubectl包解压使用也可以)
-
yum安装:配置yum源后,yum install kubectl -y cat <<EOF > /etc/yum.repos.d/kubernetes.repo [kubernetes] name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/ enabled=1 gpgcheck=1 repo_gpgcheck=1 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg EOF
-
curl 下载安装 :curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl chmod +x ./kubectl sudo mv ./kubectl /usr/local/bin/kubectl
-
5:查看集群状态
- 切换环境变量: export KUBECONFIG=$(pwd)/kube_config_cluster_development.yml
- 查看集群信息 :./kubectl get nodes #Ready表示集群状态正常
-
6:安装rancher
-
下载安装helm:
https://github.com/helm/charts/tree/master/stable 国内: https://github.com/cloudnativeapp/chartshttps://github.com/helm/charts/tree/master/stable 国内: https://github.com/cloudnativeapp/charts
-
解压安装包:tar -zxvf helm-v3.2.1-linux-amd64.tar.gz
- 添加helm源
- 国外源 ./helm repo add rancher-stable https://releases.rancher.com/server-charts/stable
- 国内源: ./helm repo add rancher-stable http://rancher-mirror.oss-cn-beijing.aliyuncs.com/server-charts/stable
- 搜索安装版本镜像 ./helm search repo rancher
- 创建命名空间:./kubectl create ns cattle-system #rancher 安装在这个命名空间下
- 执行安装 ./helm install rancher --namespace cattle-system --set rancherImageTag=v2.6.3 --set tls=external --set hostname=rancher.duochen.online rancher-stable/rancher
- 安装检测 ./kubectl get pods -A 直到下面这个几个pod状态全是running就行
- 注意如果是内网环境部署的情况下 helm需要设置代理
- export http_proxy=http://10.214.137.233:3128
export https_proxy=http://10.214.137.233:3128
export no_proxy="xx.xx.xx.xx/24"###你服务器所在网段,不设置此项连不上集群 - 如遇到nginx-igress不能安装的情况 可执行此命令尝试解决
- kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.34.1/deploy/static/provider/cloud/deploy.yaml()
-
-
更多推荐
所有评论(0)