安装 k8s 集群 Rancher RKE

内核

K8S 1.18开始使用了IPVS 所以4.x以下的内核无法再运行K8S 网络会有BUG 官方推荐4.19LTS及以上的内核

查看内核版本

uname -smr
建议升级到最新的长期支持版本

升级内核

安装 Docker

yum install -y yum-utils
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
yum install docker-ce-19.03.9 docker-ce-cli-19.03.9 containerd.io

启动 Docker

systemctl enable docker
systemctl start docker

安装 Rancher RKE

禁用 SELinux

/usr/sbin/sestatus -v |grep "SELinux status"
#结果为 enabled 为启用状态
vim /etc/selinux/config
将SELINUX=enforcing改为SELINUX=disabled

禁用 swap

free -h
#total        used        free      shared  buff/cache   available
#Mem:           7.8G        205M        6.9G        8.7M        715M        7.3G
#Swap:          5.0G          0B        5.0G
#Swap 有值代表启用了swap
vim /etc/fstab
使用 # 注释掉有 swap 的一行

关闭防火墙

firewall-cmd --state
systemctl stop firewalld.service
systemctl disable firewalld.service 

重启查看修改是否生效

reboot
/usr/sbin/sestatus -v |grep "SELinux status"
free -h

CentOS7不能使用root用户安装

adduser RKE -G docker
#设置 RKE 用户密码
passwd RKE 
#尝试使用rancher用户操作docker，观察是否有权限
su RKE
docker ps

配置主节点到各个节点rancher用户的免密登录

#一路回车按到底
ssh-keygen
ssh-copy-id RKE@节点IP

# 这个地方要给全部的机器配置ssh，包括自己
比如我有 172.12.17.167 172.12.17.166 两台机器
#在 172.12.17.167 上执行
ssh-keygen
ssh-copy-id RKE@172.12.17.167
ssh-copy-id RKE@172.12.17.166

#在 172.12.17.166 上执行
ssh-keygen
ssh-copy-id RKE@172.12.17.166
ssh-copy-id RKE@172.12.17.167

#如何有新的节点加入也需要在所以机器上配置ssh

#测试 ssh 并执行 docker ps 看是否正常工作
ssh  RKE@节点IP
docker ps

下载Rancher RKE 文件

cd /home/RKE
wget https://github.com/rancher/rke/releases/download/v1.2.5/rke_linux-amd64
chmod +x rke_linux-amd64

配置 rke_linux-amd64

只需要选择一台安装rke_linux-amd64,就可以完成整个集群的安装

./rke_linux-amd64 config

[+] Cluster Level SSH Private Key Path [~/.ssh/id_rsa]: ~/.ssh/id_rsa
[+] Number of Hosts [1]: 2
[+] SSH Address of host (1) [none]: 172.12.17.167
[+] SSH Port of host (1) [22]:
[+] SSH Private Key Path of host (172.12.17.167) [none]: ~/.ssh/id_rsa
[+] SSH User of host (172.12.17.167) [ubuntu]: RKE
[+] Is host (172.12.17.167) a Control Plane host (y/n)? [y]: y
[+] Is host (172.12.17.167) a Worker host (y/n)? [n]: n
[+] Is host (172.12.17.167) an etcd host (y/n)? [n]: y
[+] Override Hostname of host (172.12.17.167) [none]: hw-k8s-master
[+] Internal IP of host (172.12.17.167) [none]:
[+] Docker socket path on host (172.12.17.167) [/var/run/docker.sock]:
[+] SSH Address of host (2) [none]: 172.12.17.166
[+] SSH Port of host (2) [22]:
[+] SSH Private Key Path of host (172.12.17.166) [none]: ~/.ssh/hys
[+] SSH User of host (172.12.17.166) [ubuntu]: RKE
[+] Is host (172.12.17.166) a Control Plane host (y/n)? [y]: n
[+] Is host (172.12.17.166) a Worker host (y/n)? [n]: y
[+] Is host (172.12.17.166) an etcd host (y/n)? [n]: n
[+] Override Hostname of host (172.12.17.166) [none]: hw-k8s-worker1
[+] Internal IP of host (172.12.17.166) [none]:
[+] Docker socket path on host (172.12.17.166) [/var/run/docker.sock]:
[+] Network Plugin Type (flannel, calico, weave, canal) [canal]:
[+] Authentication Strategy [x509]:
[+] Authorization Mode (rbac, none) [rbac]:
[+] Kubernetes Docker image [rancher/hyperkube:v1.19.4-rancher1]:
[+] Cluster domain [cluster.local]:
[+] Service Cluster IP Range [10.43.0.0/16]:
[+] Enable PodSecurityPolicy [n]:
[+] Cluster Network CIDR [10.42.0.0/16]:
[+] Cluster DNS Service IP [10.43.0.10]:
[+] Add addon manifest URLs or YAML files [no]:

./rke_linux-amd64 up
当看到 INFO[0294] Finished building Kubernetes cluster successfully
恭喜你安装集群成功

配置使用 kubectl

mkdir ~/.kube
#kube_config_cluster.yml 集群安装成功后自动生成
cp kube_config_cluster.yml ~/.kube/config

curl -LO "https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl"
chmod +x kubectl
./kubectl get pod -A

[RKE@adsl-172-12-17-167 ~]$ ./kubectl get pod -A
NAMESPACE       NAME                                       READY   STATUS      RESTARTS   AGE
ingress-nginx   default-http-backend-65dd5949d9-sldzj      1/1     Running     0          23m
ingress-nginx   nginx-ingress-controller-7np89             1/1     Running     0          7m53s
kube-system     calico-kube-controllers-7fbff695b4-84hln   1/1     Running     0          24m
kube-system     canal-2jtlg                                2/2     Running     0          24m
kube-system     canal-bbh56                                2/2     Running     0          8m23s
kube-system     coredns-6f85d5fb88-sqvgp                   1/1     Running     0          24m
kube-system     coredns-autoscaler-79599b9dc6-5r4kv        1/1     Running     0          24m
kube-system     metrics-server-8449844bf-74jwk             1/1     Running     0          24m
kube-system     rke-coredns-addon-deploy-job-lq9fb         0/1     Completed   0          24m
kube-system     rke-ingress-controller-deploy-job-hhm6c    0/1     Completed   0          23m
kube-system     rke-metrics-addon-deploy-job-fwhx5         0/1     Completed   0          24m
kube-system     rke-network-plugin-deploy-job-8pwmh        0/1     Completed   0          25m

查看节点信息

[RKE@adsl-172-12-17-167 ~]$ ./kubectl get node
NAME             STATUS   ROLES               AGE   VERSION
hw-k8s-master    Ready    controlplane,etcd   52m   v1.19.7
hw-k8s-worker1   Ready    worker              35m   v1.19.7

扩容 Rancher RKE

配置 新节点 ssh

# 添加了一个新节点 172.12.17.165
#在新节点 172.12.17.165 上执行
ssh-keygen
ssh-copy-id RKE@172.12.17.165
ssh-copy-id RKE@172.12.17.166
ssh-copy-id RKE@172.12.17.167

#在 172.12.17.167
ssh-keygen //已经执行过不必再执行
ssh-copy-id RKE@172.12.17.165
ssh-copy-id RKE@172.12.17.167 //已经执行过不必再执行
ssh-copy-id RKE@172.12.17.166 //已经执行过不必再执行

#在 172.12.17.166

ssh-keygen //已经执行过不必再执行
ssh-copy-id RKE@172.12.17.165
ssh-copy-id RKE@172.12.17.167 //已经执行过不必再执行
ssh-copy-id RKE@172.12.17.166 //已经执行过不必再执行

添加新的 node 信息到安装阶段 rke_linux-amd64 生成的 cluster.yml

添加前

#只展示nodes的信息，其他信息忽略
nodes:
- address: 172.12.17.166
  port: "22"
  internal_address: ""
  role:
  - controlplane
  - etcd
  hostname_override: hw-k8s-master
  user: RKE
  docker_socket: /var/run/docker.sock
  ssh_key: ""
  ssh_key_path: ~/.ssh/id_rsa
  ssh_cert: ""
  ssh_cert_path: ""
  labels: {}
  taints: []
- address: 172.12.17.167
  port: "22"
  internal_address: ""
  role:
  - worker
  hostname_override: hw-k8s-worker1
  user: RKE
  docker_socket: /var/run/docker.sock
  ssh_key: ""
  ssh_key_path: ~/.ssh/id_rsa
  ssh_cert: ""
  ssh_cert_path: ""
  labels: {}
  taints: []

添加后

#只展示nodes的信息，其他信息忽略
nodes:
- address: 172.12.17.166
  port: "22"
  internal_address: ""
  role:
  - controlplane
  - etcd
  hostname_override: hw-k8s-master
  user: RKE
  docker_socket: /var/run/docker.sock
  ssh_key: ""
  ssh_key_path: ~/.ssh/id_rsa
  ssh_cert: ""
  ssh_cert_path: ""
  labels: {}
  taints: []
- address: 172.12.17.167
  port: "22"
  internal_address: ""
  role:
  - worker
  hostname_override: hw-k8s-worker1
  user: RKE
  docker_socket: /var/run/docker.sock
  ssh_key: ""
  ssh_key_path: ~/.ssh/id_rsa
  ssh_cert: ""
  ssh_cert_path: ""
  labels: {}
  taints: []
- address: 172.12.17.165
  port: "22"
  internal_address: ""
  role:
  - worker
  hostname_override: hw-k8s-worker2
  user: RKE
  docker_socket: /var/run/docker.sock
  ssh_key: ""
  ssh_key_path: ~/.ssh/id_rsa
  ssh_cert: ""
  ssh_cert_path: ""
  labels: {}
  taints: []

在线扩容

./rke_linux-amd64 up --update-only
当看到 INFO[0294] Finished building Kubernetes cluster successfully
恭喜你扩容集群成功

查看节点信息

[RKE@adsl-172-12-17-167 ~]$ ./kubectl get node
NAME             STATUS   ROLES               AGE   VERSION
hw-k8s-master    Ready    controlplane,etcd   52m   v1.19.7
hw-k8s-worker1   Ready    worker              35m   v1.19.7
hw-k8s-worker2   Ready    worker              86s   v1.19.7