rke安装k8s集群

服务器	集群角色	服务配置
192.168.68.191	controlplane,etcd,worker	2核 4G
192.168.68.192	controlplane,etcd,worker	2核 4G
192.168.68.193	controlplane,etcd,worker	2核 4G
192.168.68.194	worker	2核 4G

• 关闭防火墙：( 所有节点操作 ）

  • systemctl stop firewalld  
  • systemctl disable firewalld

• 关闭selinux ( 所有节点操作 ）

  • sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config # 永久关闭

  • setenforce 0 # 临时关闭  

• 关闭swap ( 所有节点操作 ）

  • swapoff -a # 临时关闭；

  • 关闭swap主要是为了性能考虑 sed -ri 's/.*swap.*/#&/' /etc/fstab

• Kernel性能调优 ( 所有节点操作 ）

  • modprobe br_netfilter && echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.conf && echo 'net.bridge.bridge-nf-call-iptables=1' >> /etc/sysctl.conf && echo 'net.ipv4.neigh.default.gc_thresh1=4096' >> /etc/sysctl.conf && echo 'net.ipv4.neigh.default.gc_thresh2=6144' >> /etc/sysctl.conf && echo 'net.ipv4.neigh.default.gc_thresh3=8192' >> /etc/sysctl.conf && sysctl -p

  • echo 'fs.file-max = 2000000' >> /etc/sysctl.conf && sed -i 's/root soft nofile 65535/root soft nofile 1000000/g' /etc/security/limits.conf && sed -i 's/root hard nofile 65535/root hard nofile 1000000/g' /etc/security/limits.conf && sed -i 's/* soft nofile 65535/* soft nofile 1000000/g' /etc/security/limits.conf && sed -i 's/* hard nofile 65535/* hard nofile 1000000/g' /etc/security/limits.conf

  • echo "DefaultLimitNOFILE=1000000" >> /etc/systemd/system.conf && echo "DefaultLimitNPROC=1000000" >> /etc/systemd/system.conf

  • yum install epel-release -y

  • reboot生效

• 2：配置环境及docker用户

• 所有服务器部署docker
  • wget -O /etc/yum.repos.d/epel.repo https://mirrors.aliyun.com/repo/epel-7.repo
  • wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
  • wget -O /etc/yum.repos.d/docker-ce.repo  http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo  
  • yum install docker-ce-19.03.8 -y
  • 启动docker   
    • systemctl start docker 
    • 内网环境部署的话需要设置docker 代理(比如使用squid) 
      • sed -i '31iEnvironment=\"HTTP_PROXY=http://xx.xx.xx.xx:3128/\" \"HTTPS_PROXY=http://xx.xx.xx.xx:3128/\"' /usr/lib/systemd/system/docker.service
         
  • 创建docker用户并添加权限，设置密码：groupadd docker && useradd docker -aG docker && echo "123456" | passwd --stdin rancher
    • rke所在的放服务器配置docker的ssh免密登陆
      • 切换到docker 用户  su - docker  ;cd ~/.ssh/ 
        1.  ssh-keygen -t rsa #一直回车
        2.  ssh-copy-id -i ~/.ssh/id_rsa.pub docker@192.168.68.191 
        3.  ssh-copy-id -i ~/.ssh/id_rsa.pub docker@192.168.68.192
        4.  ssh-copy-id -i ~/.ssh/id_rsa.pub docker@192.168.68.193
        5.  ssh-copy-id -i ~/.ssh/id_rsa.pub docker@192.168.68.194
            
• Release Release v1.0.11 · rancher/rke · GitHub  下载完成后上传到服务器191，
•  mv rke_linux-amd64 rke ；chmod +x rke
• vim cluster_development.yml 

• nodes:
    - address: 192.168.68.191
      user: docker
      role: [controlplane,etcd,worker]
    - address: 192.168.68.192
      user: docker
      role: [controlplane,etcd,worker]
    - address: 192.168.68.193
      user: docker
      role: [controlplane,etcd,worker]
    - address: 192.168.68.194
      user: docker
      role: [worker]
  
  services:
    etcd:
      snapshot: true
      creation: 6h
      retention: 24h
  
  ingress:
    provider: nginx
    options:
      use-forwarded-headers: "true"
  
  services:
    kubelet:
      extra_args:
        system-reserved: cpu=0.5,memory=200Mi
        kube-reserved:  cpu=1,memory=400Mi
        enforce-node-allocatable: pods
        eviction-hard: memory.available<200Mi

• 执行安装：./rke up --update-only --config cluster_development.yml  #安装时间比较长

• 安装完成后会生成 cluster_development.rkestate kube_config_cluster_development.yml 这2个文件

  • 注意这个2个文件生成了不代表安装成功了

  • 4：安装 kubectl 工具 （yum安装或者直接下载kubectl包解压使用也可以）

  • yum安装：配置yum源后，yum install kubectl -y cat <<EOF > /etc/yum.repos.d/kubernetes.repo [kubernetes] name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/ enabled=1 gpgcheck=1 repo_gpgcheck=1 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg EOF

  • curl 下载安装 :curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl chmod +x ./kubectl sudo mv ./kubectl /usr/local/bin/kubectl

  • 5：查看集群状态

    •  切换环境变量： export KUBECONFIG=$(pwd)/kube_config_cluster_development.yml
    •  查看集群信息 ：./kubectl get nodes #Ready表示集群状态正常
    • 

        

        6：安装rancher 

•  下载安装helm:

  https://github.com/helm/charts/tree/master/stable
  国内: https://github.com/cloudnativeapp/chartshttps://github.com/helm/charts/tree/master/stable
  国内: https://github.com/cloudnativeapp/charts

  • 解压安装包：tar -zxvf helm-v3.2.1-linux-amd64.tar.gz 

  • 添加helm源 
  • 国外源     ./helm repo add rancher-stable https://releases.rancher.com/server-charts/stable
  • 国内源： ./helm repo add rancher-stable http://rancher-mirror.oss-cn-beijing.aliyuncs.com/server-charts/stable
  • 搜索安装版本镜像  ./helm search repo rancher
  • 创建命名空间：./kubectl create ns cattle-system #rancher 安装在这个命名空间下
  • 执行安装  ./helm   install rancher   --namespace cattle-system    --set rancherImageTag=v2.6.3   --set tls=external    --set hostname=rancher.duochen.online  rancher-stable/rancher   
  • 安装检测   ./kubectl get pods -A  直到下面这个几个pod状态全是running就行
  • 
  • 注意如果是内网环境部署的情况下  helm需要设置代理 
  • export http_proxy=http://10.214.137.233:3128
    export https_proxy=http://10.214.137.233:3128
    export no_proxy="xx.xx.xx.xx/24"###你服务器所在网段，不设置此项连不上集群
  • 如遇到nginx-igress不能安装的情况 可执行此命令尝试解决
  • kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.34.1/deploy/static/provider/cloud/deploy.yaml（）