內(nèi)核
K8S 1.18開始使用了IPVS 所以4.x以下的內(nèi)核無法再運行K8S 網(wǎng)絡(luò)會有BUG 官方推薦4.19LTS及以上的內(nèi)核
查看內(nèi)核版本
uname -smr
建議升級到最新的長期支持版本
升級內(nèi)核
安裝 Docker
yum install -y yum-utils
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
yum install docker-ce-19.03.9 docker-ce-cli-19.03.9 containerd.io
啟動 Docker
systemctl enable docker
systemctl start docker
安裝 Rancher RKE
禁用 SELinux
/usr/sbin/sestatus -v |grep "SELinux status"
#結(jié)果為 enabled 為啟用狀態(tài)
vim /etc/selinux/config
將SELINUX=enforcing改為SELINUX=disabled
禁用 swap
free -h
#total used free shared buff/cache available
#Mem: 7.8G 205M 6.9G 8.7M 715M 7.3G
#Swap: 5.0G 0B 5.0G
#Swap 有值代表啟用了swap
vim /etc/fstab
使用 # 注釋掉有 swap 的一行
關(guān)閉防火墻
firewall-cmd --state
systemctl stop firewalld.service
systemctl disable firewalld.service
重啟查看修改是否生效
reboot
/usr/sbin/sestatus -v |grep "SELinux status"
free -h
CentOS7不能使用root用戶安裝
adduser RKE -G docker
#設(shè)置 RKE 用戶密碼
passwd RKE
#嘗試使用rancher用戶操作docker,觀察是否有權(quán)限
su RKE
docker ps
配置主節(jié)點到各個節(jié)點rancher用戶的免密登錄
#一路回車按到底
ssh-keygen
ssh-copy-id RKE@節(jié)點IP
# 這個地方要給全部的機(jī)器配置ssh,包括自己
比如我有 172.12.17.167 172.12.17.166 兩臺機(jī)器
#在 172.12.17.167 上執(zhí)行
ssh-keygen
ssh-copy-id RKE@172.12.17.167
ssh-copy-id RKE@172.12.17.166
#在 172.12.17.166 上執(zhí)行
ssh-keygen
ssh-copy-id RKE@172.12.17.166
ssh-copy-id RKE@172.12.17.167
#如何有新的節(jié)點加入也需要在所以機(jī)器上配置ssh
#測試 ssh 并執(zhí)行 docker ps 看是否正常工作
ssh RKE@節(jié)點IP
docker ps
下載Rancher RKE 文件
cd /home/RKE
wget https://github.com/rancher/rke/releases/download/v1.2.5/rke_linux-amd64
chmod +x rke_linux-amd64
配置 rke_linux-amd64
只需要選擇一臺安裝rke_linux-amd64,就可以完成整個集群的安裝
./rke_linux-amd64 config
[+] Cluster Level SSH Private Key Path [~/.ssh/id_rsa]: ~/.ssh/id_rsa
[+] Number of Hosts [1]: 2
[+] SSH Address of host (1) [none]: 172.12.17.167
[+] SSH Port of host (1) [22]:
[+] SSH Private Key Path of host (172.12.17.167) [none]: ~/.ssh/id_rsa
[+] SSH User of host (172.12.17.167) [ubuntu]: RKE
[+] Is host (172.12.17.167) a Control Plane host (y/n)? [y]: y
[+] Is host (172.12.17.167) a Worker host (y/n)? [n]: n
[+] Is host (172.12.17.167) an etcd host (y/n)? [n]: y
[+] Override Hostname of host (172.12.17.167) [none]: hw-k8s-master
[+] Internal IP of host (172.12.17.167) [none]:
[+] Docker socket path on host (172.12.17.167) [/var/run/docker.sock]:
[+] SSH Address of host (2) [none]: 172.12.17.166
[+] SSH Port of host (2) [22]:
[+] SSH Private Key Path of host (172.12.17.166) [none]: ~/.ssh/hys
[+] SSH User of host (172.12.17.166) [ubuntu]: RKE
[+] Is host (172.12.17.166) a Control Plane host (y/n)? [y]: n
[+] Is host (172.12.17.166) a Worker host (y/n)? [n]: y
[+] Is host (172.12.17.166) an etcd host (y/n)? [n]: n
[+] Override Hostname of host (172.12.17.166) [none]: hw-k8s-worker1
[+] Internal IP of host (172.12.17.166) [none]:
[+] Docker socket path on host (172.12.17.166) [/var/run/docker.sock]:
[+] Network Plugin Type (flannel, calico, weave, canal) [canal]:
[+] Authentication Strategy [x509]:
[+] Authorization Mode (rbac, none) [rbac]:
[+] Kubernetes Docker image [rancher/hyperkube:v1.19.4-rancher1]:
[+] Cluster domain [cluster.local]:
[+] Service Cluster IP Range [10.43.0.0/16]:
[+] Enable PodSecurityPolicy [n]:
[+] Cluster Network CIDR [10.42.0.0/16]:
[+] Cluster DNS Service IP [10.43.0.10]:
[+] Add addon manifest URLs or YAML files [no]:
./rke_linux-amd64 up
當(dāng)看到 INFO[0294] Finished building Kubernetes cluster successfully
恭喜你安裝集群成功
配置使用 kubectl
mkdir ~/.kube
#kube_config_cluster.yml 集群安裝成功后自動生成
cp kube_config_cluster.yml ~/.kube/config
curl -LO "https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl"
chmod +x kubectl
./kubectl get pod -A
[RKE@adsl-172-12-17-167 ~]$ ./kubectl get pod -A
NAMESPACE NAME READY STATUS RESTARTS AGE
ingress-nginx default-http-backend-65dd5949d9-sldzj 1/1 Running 0 23m
ingress-nginx nginx-ingress-controller-7np89 1/1 Running 0 7m53s
kube-system calico-kube-controllers-7fbff695b4-84hln 1/1 Running 0 24m
kube-system canal-2jtlg 2/2 Running 0 24m
kube-system canal-bbh56 2/2 Running 0 8m23s
kube-system coredns-6f85d5fb88-sqvgp 1/1 Running 0 24m
kube-system coredns-autoscaler-79599b9dc6-5r4kv 1/1 Running 0 24m
kube-system metrics-server-8449844bf-74jwk 1/1 Running 0 24m
kube-system rke-coredns-addon-deploy-job-lq9fb 0/1 Completed 0 24m
kube-system rke-ingress-controller-deploy-job-hhm6c 0/1 Completed 0 23m
kube-system rke-metrics-addon-deploy-job-fwhx5 0/1 Completed 0 24m
kube-system rke-network-plugin-deploy-job-8pwmh 0/1 Completed 0 25m
查看節(jié)點信息
[RKE@adsl-172-12-17-167 ~]$ ./kubectl get node
NAME STATUS ROLES AGE VERSION
hw-k8s-master Ready controlplane,etcd 52m v1.19.7
hw-k8s-worker1 Ready worker 35m v1.19.7
擴(kuò)容 Rancher RKE
配置 新節(jié)點 ssh
# 添加了一個新節(jié)點 172.12.17.165
#在新節(jié)點 172.12.17.165 上執(zhí)行
ssh-keygen
ssh-copy-id RKE@172.12.17.165
ssh-copy-id RKE@172.12.17.166
ssh-copy-id RKE@172.12.17.167
#在 172.12.17.167
ssh-keygen //已經(jīng)執(zhí)行過不必再執(zhí)行
ssh-copy-id RKE@172.12.17.165
ssh-copy-id RKE@172.12.17.167 //已經(jīng)執(zhí)行過不必再執(zhí)行
ssh-copy-id RKE@172.12.17.166 //已經(jīng)執(zhí)行過不必再執(zhí)行
#在 172.12.17.166
ssh-keygen //已經(jīng)執(zhí)行過不必再執(zhí)行
ssh-copy-id RKE@172.12.17.165
ssh-copy-id RKE@172.12.17.167 //已經(jīng)執(zhí)行過不必再執(zhí)行
ssh-copy-id RKE@172.12.17.166 //已經(jīng)執(zhí)行過不必再執(zhí)行
添加新的 node 信息到安裝階段 rke_linux-amd64 生成的 cluster.yml
添加前
#只展示nodes的信息,其他信息忽略
nodes:
- address: 172.12.17.166
port: "22"
internal_address: ""
role:
- controlplane
- etcd
hostname_override: hw-k8s-master
user: RKE
docker_socket: /var/run/docker.sock
ssh_key: ""
ssh_key_path: ~/.ssh/id_rsa
ssh_cert: ""
ssh_cert_path: ""
labels: {}
taints: []
- address: 172.12.17.167
port: "22"
internal_address: ""
role:
- worker
hostname_override: hw-k8s-worker1
user: RKE
docker_socket: /var/run/docker.sock
ssh_key: ""
ssh_key_path: ~/.ssh/id_rsa
ssh_cert: ""
ssh_cert_path: ""
labels: {}
taints: []
添加后
#只展示nodes的信息,其他信息忽略
nodes:
- address: 172.12.17.166
port: "22"
internal_address: ""
role:
- controlplane
- etcd
hostname_override: hw-k8s-master
user: RKE
docker_socket: /var/run/docker.sock
ssh_key: ""
ssh_key_path: ~/.ssh/id_rsa
ssh_cert: ""
ssh_cert_path: ""
labels: {}
taints: []
- address: 172.12.17.167
port: "22"
internal_address: ""
role:
- worker
hostname_override: hw-k8s-worker1
user: RKE
docker_socket: /var/run/docker.sock
ssh_key: ""
ssh_key_path: ~/.ssh/id_rsa
ssh_cert: ""
ssh_cert_path: ""
labels: {}
taints: []
- address: 172.12.17.165
port: "22"
internal_address: ""
role:
- worker
hostname_override: hw-k8s-worker2
user: RKE
docker_socket: /var/run/docker.sock
ssh_key: ""
ssh_key_path: ~/.ssh/id_rsa
ssh_cert: ""
ssh_cert_path: ""
labels: {}
taints: []
在線擴(kuò)容
./rke_linux-amd64 up --update-only
當(dāng)看到 INFO[0294] Finished building Kubernetes cluster successfully
恭喜你擴(kuò)容集群成功
查看節(jié)點信息
[RKE@adsl-172-12-17-167 ~]$ ./kubectl get node
NAME STATUS ROLES AGE VERSION
hw-k8s-master Ready controlplane,etcd 52m v1.19.7
hw-k8s-worker1 Ready worker 35m v1.19.7
hw-k8s-worker2 Ready worker 86s v1.19.7
