内核
K8S 1.18开始使用了IPVS 所以4.x以下的内核无法再运行K8S 网络会有BUG 官方推荐4.19LTS及以上的内核
查看内核版本
uname -smr
建议升级到最新的长期支持版本
升级内核
安装 Docker
yum install -y yum-utils
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
yum install docker-ce-19.03.9 docker-ce-cli-19.03.9 containerd.io
启动 Docker
systemctl enable docker
systemctl start docker
安装 Rancher RKE
禁用 SELinux
/usr/sbin/sestatus -v |grep "SELinux status"
#结果为 enabled 为启用状态
vim /etc/selinux/config
将SELINUX=enforcing改为SELINUX=disabled
禁用 swap
free -h
#total used free shared buff/cache available
#Mem: 7.8G 205M 6.9G 8.7M 715M 7.3G
#Swap: 5.0G 0B 5.0G
#Swap 有值代表启用了swap
vim /etc/fstab
使用 # 注释掉有 swap 的一行
关闭防火墙
firewall-cmd --state
systemctl stop firewalld.service
systemctl disable firewalld.service
重启查看修改是否生效
reboot
/usr/sbin/sestatus -v |grep "SELinux status"
free -h
CentOS7不能使用root用户安装
adduser RKE -G docker
#设置 RKE 用户密码
passwd RKE
#尝试使用rancher用户操作docker,观察是否有权限
su RKE
docker ps
配置主节点到各个节点rancher用户的免密登录
#一路回车按到底
ssh-keygen
ssh-copy-id RKE@节点IP
# 这个地方要给全部的机器配置ssh,包括自己
比如我有 172.12.17.167 172.12.17.166 两台机器
#在 172.12.17.167 上执行
ssh-keygen
ssh-copy-id RKE@172.12.17.167
ssh-copy-id RKE@172.12.17.166
#在 172.12.17.166 上执行
ssh-keygen
ssh-copy-id RKE@172.12.17.166
ssh-copy-id RKE@172.12.17.167
#如何有新的节点加入也需要在所以机器上配置ssh
#测试 ssh 并执行 docker ps 看是否正常工作
ssh RKE@节点IP
docker ps
下载Rancher RKE 文件
cd /home/RKE
wget https://github.com/rancher/rke/releases/download/v1.2.5/rke_linux-amd64
chmod +x rke_linux-amd64
配置 rke_linux-amd64
只需要选择一台安装rke_linux-amd64,就可以完成整个集群的安装
./rke_linux-amd64 config
[+] Cluster Level SSH Private Key Path [~/.ssh/id_rsa]: ~/.ssh/id_rsa
[+] Number of Hosts [1]: 2
[+] SSH Address of host (1) [none]: 172.12.17.167
[+] SSH Port of host (1) [22]:
[+] SSH Private Key Path of host (172.12.17.167) [none]: ~/.ssh/id_rsa
[+] SSH User of host (172.12.17.167) [ubuntu]: RKE
[+] Is host (172.12.17.167) a Control Plane host (y/n)? [y]: y
[+] Is host (172.12.17.167) a Worker host (y/n)? [n]: n
[+] Is host (172.12.17.167) an etcd host (y/n)? [n]: y
[+] Override Hostname of host (172.12.17.167) [none]: hw-k8s-master
[+] Internal IP of host (172.12.17.167) [none]:
[+] Docker socket path on host (172.12.17.167) [/var/run/docker.sock]:
[+] SSH Address of host (2) [none]: 172.12.17.166
[+] SSH Port of host (2) [22]:
[+] SSH Private Key Path of host (172.12.17.166) [none]: ~/.ssh/id_rsa
[+] SSH User of host (172.12.17.166) [ubuntu]: RKE
[+] Is host (172.12.17.166) a Control Plane host (y/n)? [y]: n
[+] Is host (172.12.17.166) a Worker host (y/n)? [n]: y
[+] Is host (172.12.17.166) an etcd host (y/n)? [n]: n
[+] Override Hostname of host (172.12.17.166) [none]: hw-k8s-worker1
[+] Internal IP of host (172.12.17.166) [none]:
[+] Docker socket path on host (172.12.17.166) [/var/run/docker.sock]:
[+] Network Plugin Type (flannel, calico, weave, canal) [canal]:
[+] Authentication Strategy [x509]:
[+] Authorization Mode (rbac, none) [rbac]:
[+] Kubernetes Docker image [rancher/hyperkube:v1.19.4-rancher1]:
[+] Cluster domain [cluster.local]:
[+] Service Cluster IP Range [10.43.0.0/16]:
[+] Enable PodSecurityPolicy [n]:
[+] Cluster Network CIDR [10.42.0.0/16]:
[+] Cluster DNS Service IP [10.43.0.10]:
[+] Add addon manifest URLs or YAML files [no]:
./rke_linux-amd64 up
当看到 INFO[0294] Finished building Kubernetes cluster successfully
恭喜你安装集群成功
如要外部通过公网访问,请在 cluster.yml 修改
之前
authentication:
strategy: x509
sans: [] #在里面输入公网的全部节点IP地址
webhook: null
之后
authentication:
strategy: x509
sans:
- "外网IP"
- "外网IP"
webhook: null
配置使用 kubectl
mkdir ~/.kube
#kube_config_cluster.yml 集群安装成功后自动生成
cp kube_config_cluster.yml ~/.kube/config
curl -LO "https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl"
chmod +x kubectl
./kubectl get pod -A
[RKE@adsl-172-12-17-167 ~]$ ./kubectl get pod -A
NAMESPACE NAME READY STATUS RESTARTS AGE
ingress-nginx default-http-backend-65dd5949d9-sldzj 1/1 Running 0 23m
ingress-nginx nginx-ingress-controller-7np89 1/1 Running 0 7m53s
kube-system calico-kube-controllers-7fbff695b4-84hln 1/1 Running 0 24m
kube-system canal-2jtlg 2/2 Running 0 24m
kube-system canal-bbh56 2/2 Running 0 8m23s
kube-system coredns-6f85d5fb88-sqvgp 1/1 Running 0 24m
kube-system coredns-autoscaler-79599b9dc6-5r4kv 1/1 Running 0 24m
kube-system metrics-server-8449844bf-74jwk 1/1 Running 0 24m
kube-system rke-coredns-addon-deploy-job-lq9fb 0/1 Completed 0 24m
kube-system rke-ingress-controller-deploy-job-hhm6c 0/1 Completed 0 23m
kube-system rke-metrics-addon-deploy-job-fwhx5 0/1 Completed 0 24m
kube-system rke-network-plugin-deploy-job-8pwmh 0/1 Completed 0 25m
查看节点信息
[RKE@adsl-172-12-17-167 ~]$ ./kubectl get node
NAME STATUS ROLES AGE VERSION
hw-k8s-master Ready controlplane,etcd 52m v1.19.7
hw-k8s-worker1 Ready worker 35m v1.19.7
扩容 Rancher RKE
配置 新节点 ssh
# 添加了一个新节点 172.12.17.165
#在新节点 172.12.17.165 上执行
ssh-keygen
ssh-copy-id RKE@172.12.17.165
ssh-copy-id RKE@172.12.17.166
ssh-copy-id RKE@172.12.17.167
#在 172.12.17.167
ssh-keygen //已经执行过不必再执行
ssh-copy-id RKE@172.12.17.165
ssh-copy-id RKE@172.12.17.167 //已经执行过不必再执行
ssh-copy-id RKE@172.12.17.166 //已经执行过不必再执行
#在 172.12.17.166
ssh-keygen //已经执行过不必再执行
ssh-copy-id RKE@172.12.17.165
ssh-copy-id RKE@172.12.17.167 //已经执行过不必再执行
ssh-copy-id RKE@172.12.17.166 //已经执行过不必再执行
添加新的 node 信息到安装阶段 rke_linux-amd64 生成的 cluster.yml
添加前
#只展示nodes的信息,其他信息忽略
nodes:
- address: 172.12.17.166
port: "22"
internal_address: ""
role:
- controlplane
- etcd
hostname_override: hw-k8s-master
user: RKE
docker_socket: /var/run/docker.sock
ssh_key: ""
ssh_key_path: ~/.ssh/id_rsa
ssh_cert: ""
ssh_cert_path: ""
labels: {}
taints: []
- address: 172.12.17.167
port: "22"
internal_address: ""
role:
- worker
hostname_override: hw-k8s-worker1
user: RKE
docker_socket: /var/run/docker.sock
ssh_key: ""
ssh_key_path: ~/.ssh/id_rsa
ssh_cert: ""
ssh_cert_path: ""
labels: {}
taints: []
添加后
#只展示nodes的信息,其他信息忽略
nodes:
- address: 172.12.17.166
port: "22"
internal_address: ""
role:
- controlplane
- etcd
hostname_override: hw-k8s-master
user: RKE
docker_socket: /var/run/docker.sock
ssh_key: ""
ssh_key_path: ~/.ssh/id_rsa
ssh_cert: ""
ssh_cert_path: ""
labels: {}
taints: []
- address: 172.12.17.167
port: "22"
internal_address: ""
role:
- worker
hostname_override: hw-k8s-worker1
user: RKE
docker_socket: /var/run/docker.sock
ssh_key: ""
ssh_key_path: ~/.ssh/id_rsa
ssh_cert: ""
ssh_cert_path: ""
labels: {}
taints: []
- address: 172.12.17.165
port: "22"
internal_address: ""
role:
- worker
hostname_override: hw-k8s-worker2
user: RKE
docker_socket: /var/run/docker.sock
ssh_key: ""
ssh_key_path: ~/.ssh/id_rsa
ssh_cert: ""
ssh_cert_path: ""
labels: {}
taints: []
在线扩容
./rke_linux-amd64 up --update-only
当看到 INFO[0294] Finished building Kubernetes cluster successfully
恭喜你扩容集群成功
查看节点信息
[RKE@adsl-172-12-17-167 ~]$ ./kubectl get node
NAME STATUS ROLES AGE VERSION
hw-k8s-master Ready controlplane,etcd 52m v1.19.7
hw-k8s-worker1 Ready worker 35m v1.19.7
hw-k8s-worker2 Ready worker 86s v1.19.7