rancher部署k8s

KeepSmiling_me發表於2024-11-01

一、基礎環境說明
節點名節點ip 角色作業系統
node1 10.42.8.13 control-plane,etcd,master CentOS7.9
node2 10.42.8.14 control-plane,etcd,master CentOS7.9
node3 10.42.8.15 control-plane,etcd,master CentOS7.9
二、k8s節點機基礎環境設定

1、設定 hostname（三臺節點分別執行）

node1
hostnamectl set-hostname node1

node2
hostnamectl set-hostname node2

node3
hostnamectl set-hostname node3

2、設定 /etc/hosts（三臺節點都執行）

cat < /etc/hosts
10.42.8.13 node1
10.42.8.14 node2
10.42.8.15 node3
EOF

3、設定 iptables（三臺節點都執行）

iptables -P FORWARD ACCEPT

4、關閉 swap（三臺節點都執行）

swapoff -a

防止開機自動掛載 swap 分割槽（將 /etc/fstab 中的內容註釋掉）
sed -i '/ swap / s/^(.*)$/#\1/g' /etc/fstab

5、關閉 selinux（三臺節點都執行）

將 selinux 由 enforcing 改為 disabled 。注意下面命令中 disabled 前面是數字 1，不是小寫的英文字母 l
sed -ri 's#(SELINUX=).*#\1disabled#' /etc/selinux/config

臨時關閉 enforce
setenforce 0

驗證 enforce 是否已關閉：如關閉，應返回結果：Disabled
getenforce

6、將 NetworkManager 配置為忽略 calico/flannel 相關的網路介面（三臺節點都執行）

cat > /etc/NetworkManager/conf.d/rke2-canal.conf <<EOF
[keyfile]
unmanaged-devices=interface-name:cali;interface-name:flannel
EOF

6、關閉並禁用firewalld和NetworkManager（三臺節點都執行）

systemctl stop firewalld && systemctl disable firewalld
systemctl stop NetworkManager && systemctl disable NetworkManager

7、修改核心引數（三臺節點都執行）

cat > /etc/sysctl.d/k8s.conf <<EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
vm.max_map_count = 262144
vm.swappiness=0
EOF
三、rke2部署k8s

參考文件：https://ranchermanager.docs.rancher.com/zh/how-to-guides/new-user-guides/kubernetes-cluster-setup/rke2-for-rancher

1、配置rke2配置檔案

說明：token可自定義字串，但注意所有節點的token要一樣

在node1上執行

mkdir -p /etc/rancher/rke2/
cat > /etc/rancher/rke2/config.yaml <<EOF
token: K108a91d54650d8ggiegn923ijgg2a9be9d1483fc932e2221f0750f14::server:57f9a32eee46999c96e936927d09af9b
tls-san: 10.42.8.13
system-default-registry: "registry.cn-hangzhou.aliyuncs.com"
cluster-cidr: 10.251.0.0/16
service-cidr: 10.252.0.0/16

ingress:
provider: nginx
options:
config-snipper: |
# 啟用 snippet
enable-snippet-annotation: "true"
EOF

在node2和node3上執行

mkdir -p /etc/rancher/rke2/
cat > /etc/rancher/rke2/config.yaml <<EOF
server: https://10.42.8.13:9345
token: K108a91d54650d8ggiegn923ijgg2a9be9d1483fc932e2221f0750f14::server:57f9a32eee46999c96e936927d09af9b
tls-san: 10.42.8.13
system-default-registry: "registry.cn-hangzhou.aliyuncs.com"
cluster-cidr: 10.251.0.0/16
service-cidr: 10.252.0.0/16
EOF

2、安裝並啟用rke2（三個節點都執行）。特別說明：需要等node1啟動成功rke2-server後，才能在node2和node3上執行

curl -sfL https://rancher-mirror.rancher.cn/rke2/install.sh | INSTALL_RKE2_MIRROR=cn INSTALL_RKE2_VERSION=v1.25.12+rke2r1 sh -
systemctl enable rke2-server && systemctl start rke2-server

3、軟連線叢集配置檔案和操作工具（只需在node1上執行）

ln -s /var/lib/rancher/rke2/bin/kubectl /usr/local/bin/kubectl
ln -s /var/lib/rancher/rke2/bin/crictl /usr/local/bin/crictl
ln -s /var/lib/rancher/rke2/bin/ctr /usr/local/bin/ctr
ln -s /etc/rancher/rke2/rke2.yaml ~/.kube/config

4、設定crictl的預設socket（只需在node1上執行）

說明：這裡是rke2的一個bug，預設設定的socket是unix:///run/containerd/containerd.sock，而實際的確是：unix:///run/k3s/containerd/containerd.sock

cat > /etc/crictl.yaml <<EOF
runtime-endpoint: unix:///run/k3s/containerd/containerd.sock
image-endpoint: unix:///run/k3s/containerd/containerd.sock
timeout: 10
debug: false
EOF

5、crt工具使用時，先設定alias別名

說明：這裡是rke2的一個bug，預設設定的socket是unix:///run/containerd/containerd.sock，而實際的確是：unix:///run/k3s/containerd/containerd.sock

cat >> ~/.bashrc <<EOF
alias ctr='ctr --address=/run/k3s/containerd/containerd.sock'
EOF

source ~/.bashrc

6、至此，k8s部署完成，檢查node和pod是否正常執行

[root@node1 ~]# kubectl get no
NAME STATUS ROLES AGE VERSION
node1 Ready control-plane,etcd,master 22d v1.25.12+rke2r1
node2 Ready control-plane,etcd,master 21d v1.25.12+rke2r1
node3 Ready control-plane,etcd,master 21d v1.25.12+rke2r1
[root@node1 ~]#
[root@node1 ~]# kubectl get pod -A
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system cloud-controller-manager-rke2-server-1 1/1 Running 0 2m28s
kube-system cloud-controller-manager-rke2-server-2 1/1 Running 0 61s
kube-system cloud-controller-manager-rke2-server-3 1/1 Running 0 49s
kube-system etcd-rke2-server-1 1/1 Running 0 2m13s
kube-system etcd-rke2-server-2 1/1 Running 0 87s
kube-system etcd-rke2-server-3 1/1 Running 0 56s
kube-system helm-install-rke2-canal-hs6sx 0/1 Completed 0 2m17s
kube-system helm-install-rke2-coredns-xmzm8 0/1 Completed 0 2m17s
kube-system helm-install-rke2-ingress-nginx-flwnl 0/1 Completed 0 2m17s
kube-system helm-install-rke2-metrics-server-7sggn 0/1 Completed 0 2m17s
kube-system kube-apiserver-rke2-server-1 1/1 Running 0 116s
kube-system kube-apiserver-rke2-server-2 1/1 Running 0 66s
kube-system kube-apiserver-rke2-server-3 1/1 Running 0 48s
kube-system kube-controller-manager-rke2-server-1 1/1 Running 0 2m30s
kube-system kube-controller-manager-rke2-server-2 1/1 Running 0 57s
kube-system kube-controller-manager-rke2-server-3 1/1 Running 0 42s
kube-system kube-proxy-rke2-server-1 1/1 Running 0 2m25s
kube-system kube-proxy-rke2-server-2 1/1 Running 0 59s
kube-system kube-proxy-rke2-server-3 1/1 Running 0 85s
kube-system kube-scheduler-rke2-server-1 1/1 Running 0 2m30s
kube-system kube-scheduler-rke2-server-2 1/1 Running 0 57s
kube-system kube-scheduler-rke2-server-3 1/1 Running 0 42s
kube-system rke2-canal-b9lvm 2/2 Running 0 91s
kube-system rke2-canal-khwp2 2/2 Running 0 2m5s
kube-system rke2-canal-swfmq 2/2 Running 0 105s
kube-system rke2-coredns-rke2-coredns-547d5499cb-6tvwb 1/1 Running 0 92s
kube-system rke2-coredns-rke2-coredns-547d5499cb-rdttj 1/1 Running 0 2m8s
kube-system rke2-coredns-rke2-coredns-autoscaler-65c9bb465d-85sq5 1/1 Running 0 2m8s
kube-system rke2-ingress-nginx-controller-69qxc 1/1 Running 0 52s
kube-system rke2-ingress-nginx-controller-7hprp 1/1 Running 0 52s
kube-system rke2-ingress-nginx-controller-x658h 1/1 Running 0 52s
kube-system rke2-metrics-server-6564db4569-vdfkn 1/1 Running 0 66s
四、安裝 Rancher Helm Chart（僅在node1上執行）

1、安裝helm

curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash

2、新增 Helm Chart 倉庫

helm repo add rancher-stable https://releases.rancher.com/server-charts/stable

3、為 Rancher 建立名稱空間

kubectl create namespace cattle-system

4、新增rancher所需的secret，注意秘鑰檔案路徑，可自定義，需要先把秘鑰檔案上傳到對應的目錄下

kubectl -n cattle-system create secret tls tls-rancher-ingress --cert=/opt/work/ssl_cert/skyeye.crt --key=/opt/work/ssl_cert/skyeye.key

5、透過 Helm 安裝 Rancher

helm install rancher rancher-stable/rancher --namespace cattle-system --version v2.7.5 --set hostname=rancher.platform.com --set bootstrapPassword=admin --set ingress.tls.source=secret

6、至此，rancher部署完成，rancher登入頁為：https://rancher.platform.com

相關文章

K8s微服務自動化部署容器(Rancher流水線)
2021-03-04
K8S微服務
使用Rancher在K8S上部署高效能PHP應用程式
2020-07-10
K8SPHP
Rancher 全球化部署最佳實踐
2022-11-22
Rancher 下圖形介面搭建 K8S 叢集
2021-11-12
K8S
亞馬遜k8s開局：建立圖形控制檯rancher
2021-07-17
亞馬遜K8S
k8s學習筆記（2）- Rancher2.x部署springboot應用及高可用、擴容
2021-10-17
K8S筆記Spring Boot
如何透過 Rancher 輕鬆實現多雲部署
2023-05-05
通過Rancher Desktop在桌面上執行K8s
2022-01-03
K8S
rancher新增k8s節點時顯示節點已新增
2024-05-21
K8S
使用Rancher在Kubernetes上部署EMQ X叢集
2019-12-23
MQ
k8s dashboard部署
2019-01-03
K8S
Rancher Prime 為平臺工程提供面向 K8s 的彈效能力
2023-03-04
K8S
K8s 部署 Prometheus + Grafana
2021-06-29
K8SPrometheusGrafana
k8s叢集部署
2021-02-08
K8S
centos 7 部署k8s
2024-08-21
CentOSK8S
Rancher2.1從搭建叢集到pipeline部署專案
2019-03-04
來了，k8s！-----------------k8s叢集部署
2020-11-30
K8S
在Rancher中修改K8S服務引數的萬金油法則
2021-07-27
K8S
k8s 部署 Java 專案
2020-12-05
K8SJava
helm部署traefik到k8s
2020-10-09
K8S
在 k8s 中部署 Prometheus
2018-05-22
K8SPrometheus
K8S部署Metrics-Server
2024-06-12
K8SServer
Helm部署k8s應用
2024-07-23
K8S
docker rancher搭建
2018-09-22
Docker
微服務從程式碼到k8s部署應有盡有大結局（k8s部署）
2022-03-15
微服務K8S
Rancher 系列文章-Rancher 對接 Active Directory 實戰
2023-03-29
k8s與監控--k8s部署grafana6.0
2019-02-28
K8SGrafana
使用 helm 部署 k8s 資源
2019-11-04
K8S
K8s 部署 Gitlab CI Runner
2021-08-22
K8SGitlab
k8s環境部署及使用方式
2018-12-15
K8S
部署 Prometheus 和 Grafana 到 k8s
2020-12-05
PrometheusGrafanaK8S
kubeadm部署K8S叢集
2021-01-18
K8S
k8s二進位制部署
2020-11-22
K8S
k8s單master叢集部署
2022-06-20
K8SAST
Kubeadm叢集部署k8s
2022-03-08
K8S
Ansible部署K8s叢集
2022-02-28
K8S
K8s 部署應用必備
2020-09-29
K8S
k8s 快速部署 sonarqube 詳解
2024-10-19
K8S