Rancher Kubernetes引擎(RKE)是一个cncf认证的Kubernetes发行版,它可以在裸机和虚拟化服务器上工作。RKE解决了Kubernetes安装复杂性的问题,有了RKE, Kubernetes的安装和操作既简化又易于自动化,而且完全独立于您正在运行的操作系统和平台。只要可以运行受支持的Docker版本,就可以使用RKE部署和运行Kubernetes。
环境准备
更新yum源并安装docker
yum update -y
yum install docker -y
然后使之生效
systemctl daemon-reload
设置docker开机自启
systemctl enable docker
启动docker
systemctl start docker
关闭防火墙:
$ systemctl stop firewalld
$ systemctl disable firewalld
$ iptables -F
关闭selinux:
$ sed -i "s/^SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
$ sed -i "s/^SELINUX=permissive/SELINUX=disabled/g" /etc/selinux/config
$ setenforce 0
$ cat /etc/selinux/config
永久禁用swap,注释掉swap项
# vi /etc/fstab
配置yum 国内源
# 备份
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
# 下载国内源到/etc/yum.repo.d/
wget -O /etc/yum.repos.d/CentOS-Base.repo <http://mirrors.aliyun.com/repo/Centos-7.repo>
性能调优
cat >> /etc/sysctl.conf<<EOF
net.ipv4.ip_forward=1
net.bridge.bridge-nf-call-iptables=1
net.ipv4.neigh.default.gc_thresh1=4096
net.ipv4.neigh.default.gc_thresh2=6144
net.ipv4.neigh.default.gc_thresh3=8192
EOF
sysctl -p
RKE安装
https://github.com/rancher/rke/releases
下载二进制包,并解压rke_linux-amd64重命名为rke
chmod +x rke
rke --version
查看rke支持的Kubernetes版本
$ rke config --list-version --all
v1.15.3-rancher2-1
v1.13.10-rancher1-2
v1.14.6-rancher2-1
v1.16.0-beta.1-rancher1-1
安装k8s集群
编辑yml文件https://rancher.com/docs/rke/latest/en/example-yamls/#minimal-cluster-yml-example,注意缩进
cat cluster.yml
#节点信息
nodes:
#master和etcd节点
- address: 10.0.32.1
user: docker_user
role: [controlplane,etcd]
#工作节点
- address: 10.0.32.2
user: docker_user
ssh_key_path: ~/.ssh/id_rsa
role: [worker]
- address: 10.0.32.3
ssh_key_path: ~/.ssh/id_rsa
user: docker_user
role: [worker]
#服务信息
services:
etcd:
image: quay.io/coreos/etcd:latest
kube-api:
pod_security_policy: false
image: rancher/k8s:v1.8.5-rancher4
service_cluster_ip_range: 10.233.0.0/18
kube-controller:
cluster_cidr: 10.233.64.0/18
image: rancher/k8s:v1.8.5-rancher4
scheduler:
image: rancher/k8s:v1.8.5-rancher4
kubelet:
cluster_domain: cluster.local
cluster_dns_server: 10.233.0.3
infra_container_image: gcr.io/google_containers/pause-amd64:3.0
image: rancher/k8s:v1.8.5-rancher4
kubeproxy:
image: rancher/k8s:v1.8.5-rancher4
#网络模式
network:
plugin: flannel
#镜像
system_images:
flannel: rancher/coreos-flannel:v0.9.1
kubedns: rancher/k8s-dns-kube-dns-amd64:1.14.5
dnsmasq: rancher/k8s-dns-dnsmasq-nanny-amd64:1.14.5
kubedns_sidecar: rancher/k8s-dns-sidecar-amd64:1.14.5
kubedns_autoscaler: rancher/cluster-proportional-autoscaler-amd64:1.0.0
dashboard: k8s.gcr.io/kubernetes-dashboard-amd64:v1.8.3
#认证模式
authentication:
strategy: x509
注意,要增加一个普通用户,rke不支持root安装
useradd rancher
passwd rancher
usermod -aG dockerroot rancher
service docker restart
chmod a+rw /var/run/docker.sock
免密登录,在master 10.0.32.1上执行
#ssh-keygen
#ssh-copy-id rancher@10.0.32.1
#ssh-copy-id rancher@10.0.32.2
#ssh-copy-id rancher@10.0.32.3
注意YML文件中的用户指建立的用户
./rke0.2.0 up --config ./cluster.yml
完成后当前目录会生成kube_config_cluster.yml文件和cluster.rkestate文件,把kube_config_rancher-cluster.yml文件复制为 ~/.kube/config
export KUBECONFIG=/home/admin/kube_config_cluster.yml
mkdir ~/.kube
cp kube_config_rancher-cluster.yml ~/.kube/config
安装kubectl
增加YUM库
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg <https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg>
EOF
更新YUM
yum update -y
执行安装
yum -y install kubelet kubeadm kubectl
测试
kubctl version
通过RKE安装k8s集群成功,启动的时候有些节点启动的比较慢。需要稍微等待一段时间
查看pods的状态,都启动成功及表示安装成功
kubectl get pods -A
安装 helm
https://github.com/helm/helm/releases
helm init --client-only --stable-repo-url https://aliacs-app-catalog.oss-cn-hangzhou.aliyuncs.com/charts/
helm repo add incubator https://aliacs-app-catalog.oss-cn-hangzhou.aliyuncs.com/charts-incubator/
helm repo update
kubectl和helm命令补全
yum install -y bash-completion
source <(kubectl completion bash)
echo "source <(kubectl completion bash)" >> ~/.bashrc
source <(helm completion bash)
echo "source <(helm completion bash)" >> ~/.bashrc
source /usr/share/bash-completion/bash_completion
安装网络插件
RKE是一个幂等工具,可以运行多次,且每次均产生相同的输出。如下的网络插件它均可以支持部署:
- Calico
- Flannel (default)
- Canal
要使用不同的网络插件,您可以在配置文件中指定:
network:
plugin: calico
添加删除集群节点
要添加其他节点,只需要更新具有其他节点的集群配置文件,并使用相同的文件运行集群配置即可
rke up --update-only
删除集群
rke removecluster.yml