2.2Kubernetes集群搭建-RKE

本文转载自RKE部署rancher高可用集群

建议使用如下命令把镜像下载下来

docker pull rancher/calico-node:v3.13.0
docker pull rancher/calico-pod2daemon-flexvol:v3.13.0
docker pull rancher/calico-cni:v3.13.0
docker pull rancher/calico-kube-controllers:v3.13.0
docker pull rancher/rke-tools:v0.1.52
docker pull rancher/coreos-etcd:v3.4.3-rancher1
docker pull rancher/metrics-server:v0.3.6
docker pull rancher/cluster-proportional-autoscaler:1.7.1
docker pull rancher/nginx-ingress-controller:nginx-0.25.1-rancher1
docker pull weaveworks/weave-npc:2.5.2
docker pull weaveworks/weave-kube:2.5.2
docker pull rancher/coreos-flannel:v0.11.0
docker pull rancher/k8s-dns-kube-dns:1.15.0
docker pull rancher/k8s-dns-dnsmasq-nanny:1.15.0
docker pull rancher/k8s-dns-sidecar:1.15.0
docker pull rancher/nginx-ingress-controller-defaultbackend:1.5-rancher1
docker pull rancher/calico-ctl:v2.0.0
docker pull rancher/pause:3.1
docker pull rancher/coredns-coredns:1.6.5
docker pull rancher/coreos-flannel:v0.11.0-rancher1
docker pull rancher/flannel-cni:v0.3.0-rancher5
docker pull rancher/hyperkube:v1.17.4-rancher1
docker pull rancher/kubelet-pause:v0.1.3

节点规划

节点名称	节点最低配置	集群角色	IP地址	docker版本	rancher版本	操作系统版本	系统盘
node01	2c8g	master	172.16.1.11	18.09.3	rancher2.2	CentOS7.5	>=80G
node02	2c8g	node	172.16.1.12	18.09.3	rancher2.2	CentOS7.5	>=80G

节点基础配置

注意：本章节操作需要在每个节点执行

1.配置yum源

curl http://mirrors.aliyun.com/repo/Centos-7.repo >/etc/yum.repos.d/centos-7.repo
curl http://mirrors.aliyun.com/repo/epel-7.repo >/etc/yum.repos.d/epel-7.repo

sed -i '/aliyuncs/d' /etc/yum.repos.d/centos-7.repo

cat >/etc/yum.repos.d/docker-ce.repo <<EOF
[docker-ce]
name=docker
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/x86_64/stable/
gpgcheck=0
enabled=1
EOF

2.刷新yum源缓存

yum clean all && yum makecache

3.关闭firewalld

systemctl disable firewalld
systemctl stop firewalld

4.关闭selinux,并重启节点

sed -i "7s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config

5.安装docker

yum install docker-ce -y

6.从docker1.13版本开始，docker会自动设置iptables的FORWARD默认策略为DROP，所以需要修改docker的启动配置文件/usr/lib/systemd/system/docker.service

[Service]
Type=notify
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
ExecStartPost=/usr/sbin/iptables -P FORWARD ACCEPT
ExecReload=/bin/kill -s HUP $MAINPID

7.启动docker服务

systemctl enable docker
systemctl start docker

8.配置docker加速器

tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://1z45x7d0.mirror.aliyuncs.com"],
"insecure-registries": ["172.16.1.11:4000"],
"storage-driver": "overlay2",
"log-driver": "json-file",
"log-opts": {
    "max-size": "100m",
    "max-file": "3"
    }
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker

9.添加节点hosts

172.16.1.11	node01
172.16.1.12	node02

10.创建rancher用户

useradd -G docker rancher
passwd rancher

11.配置rancher用户节点互相

配置节点双机互信

ssh-keygen -f /home/rancher/.ssh/id_rsa -N '' 
ssh-copy-id -i /home/rancher/.ssh/id_rsa.pub node01
ssh-copy-id -i /home/rancher/.ssh/id_rsa.pub node02
scp /home/rancher/.ssh/id_rsa node01:/home/rancher/.ssh/
scp /home/rancher/.ssh/id_rsa node02:/home/rancher/.ssh/

rke部署k8s集群

下载并配置rke

wget https://github.com/rancher/rke/releases/download/v0.1.17/rke_linux-amd64

chmod 777 rke_linux-amd64
mv rke_linux-amd64 /usr/local/bin/rke

创建集群配置文件

cat >/home/rancher/rancher-cluster.yml <<EOF
nodes:
  - address: 172.16.1.11
    user: rancher
    role: [controlplane,worker,etcd]
  - address: 172.16.1.12
    user: rancher
    role: [controlplane,worker,etcd]

services:
  etcd:
    snapshot: true
    creation: 6h
    retention: 24h
EOF

chmod 777 /home/rancher/rancher-cluster.yml

创建k8s集群

su - rancher
rke up --config rancher-cluster.yml

下载并配置kubectl

wget https://www.cnrancher.com/download/kubectl/kubectl_amd64-linux

chmod 777 kubectl_amd64-linux
mv kubectl_amd64-linux /usr/local/bin/kubectl

为root用户配置kubectl访问k8s集群

mkdir /root/.kube
cp /home/rancher/kube_config_rancher-cluster.yml /root/.kube/config

检查k8s集群pod状态

kubectl get pods --all-namespaces

[root@node01 ~]# kubectl get pods --all-namespaces
NAMESPACE       NAME                                      READY   STATUS      RESTARTS   AGE
ingress-nginx   default-http-backend-7f8fbb85db-rxs9r     1/1     Running     0          106s
ingress-nginx   nginx-ingress-controller-9vhbj            1/1     Running     0          10m
ingress-nginx   nginx-ingress-controller-lhvk4            1/1     Running     0          10m
kube-system     canal-9lhlr                               2/2     Running     0          10m
kube-system     canal-xxz5p                               2/2     Running     0          10m
kube-system     kube-dns-5fd74c7488-54dgp                 3/3     Running     0          10m
kube-system     kube-dns-autoscaler-c89df977f-fb42z       1/1     Running     0          10m
kube-system     metrics-server-7fbd549b78-8hftl           1/1     Running     0          10m
kube-system     rke-ingress-controller-deploy-job-8c9c2   0/1     Completed   0          10m
kube-system     rke-kubedns-addon-deploy-job-lp5tc        0/1     Completed   0          10m
kube-system     rke-metrics-addon-deploy-job-j585d        0/1     Completed   0          10m
kube-system     rke-network-plugin-deploy-job-xssrc       0/1     Completed   0          10m

pod的状态只有以上两种状态为正常状态，若有其他状态则需要查看pod日志

kubectl describe pod pod-xxx -n namespace

helm将rancher部署在k8s集群

安装并配置helm客户端

wget https://storage.googleapis.com/kubernetes-helm/helm-v2.12.3-linux-amd64.tar.gz
tar xf helm-linux.tar.gz 
cp linux-amd64/helm /usr/local/bin/
cp linux-amd64/tiller /usr/local/bin/

配置helm客户端具有访问k8s集群的权限

kubectl -n kube-system create serviceaccount tiller
kubectl create clusterrolebinding tiller --clusterrole cluster-admin --serviceaccount=kube-system:tiller

将helm server（titler）部署到k8s集群

helm init --service-account tiller --tiller-image hongxiaolu/tiller:v2.12.3 --stable-repo-url https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts

检查tiller pod运行正常,若tiller pod不正常需要修复。

kubectl get pods --all-namespaces

为helm客户端配置chart仓库

helm repo add rancher-stable https://releases.rancher.com/server-charts/stable

检查rancher chart仓库可用

helm search rancher

NAME                  	CHART VERSION	APP VERSION	DESCRIPTION                                                 
rancher-stable/rancher	2019.3.1     	v2.1.7     	Install Rancher Server to manage Kubernetes clusters acro...

安装证书管理器

helm install stable/cert-manager \
  --name cert-manager \
  --namespace kube-system

检查证书管理器pod是否正常

kubectl get pods --all-namespaces|grep cert-manager

安装rancher

helm install rancher-stable/rancher \
  --name rancher \
  --namespace cattle-system \
  --set hostname=acai.rancher.com

由于rancher HA需要通过域名访问，所有在本地添加hosts解析后。浏览器访问

https://acai.rancher.com

• 本文作者： 郭宝才

• 本文链接： http://www.acaiblog.cn/2019/03/15/RKE部署rancher高可用集群/

• 版权声明： 本博客所有文章除特别声明外，均采用 CC BY-NC-SA 4.0 许可协议。转载请注明出处！