使用 RKE 部署 K8S 集群

RKE简介

  • Rancher Kubernetes Engine,简称 RKE,是一个经过 CNCF 认证的 Kubernetes 安装程序。RKE 支持多种操作系统,包括 macOS、Linux 和 Windows,可以在裸金属服务器和虚拟服务器上运行
  • 市面上的其他 Kubernetes 部署工具存在一个共性问题:在使用工具之前需要满足的先决条件比较多,例如,在使用工具前需要完成安装 kubelet、配置网络等一系列的繁琐操作。而 RKE 简化了部署 Kubernetes 集群的过程,只有一个先决条件:只要您使用的 Docker 是 RKE 支持的版本,就可以通过 RKE 安装 Kubernetes,部署和运行 Kubernetes 集群
  • RKE 既可以单独使用,作为创建 Kubernetes 集群的工具,也可以配合 Rancher2.x 使用,作为 Rancher2.x 的组件,在 Rancher 中部署和运行 Kubernetes 集群

集群部署说明

  • 本次部署教程使用 RKE 单机模式( v1.3.24 版本),部署 rancher 封装的 1.23.16-rancher2-3 K8S 版本,系统初始化脚本基于 Rocky Linux 8.10 官方发布原始镜像版本
  • 采用2台虚拟机部署 K8S 集群,分别是 Master 节点(192.168.2.71/24)、Worker 节点(192.168.2.72/24) RKE 和 Master 节点复用,1 台机器部署 Rancher 应用 (192.168.2.77/24)

系统要求

  • RKE 可以在大多数已安装 Docker 的 Linux 操作系统上运行。SSH 用户 – 使用 SSH 访问节点的用户必须是节点上 docker 用户组的成员

  • 禁用所有节点上的交换功能(Swap),建议新部署的操作系统直接不划分交换分区

  • 请查看网络插件文件,了解任何额外的要求(例如,内核模块)

  • 修改 sysctl 与加载内核模块,下面列举了一些核心参数配置,基于内核优化请参考文档中初始化脚本内容

    # 设置所需的 sysctl 参数,参数在重新启动后保持不变
    cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
    net.bridge.bridge-nf-call-ip6tables = 1
    net.bridge.bridge-nf-call-iptables = 1
    net.ipv4.ip_forward = 1  # 开启网络转发
    EOF
    
    cat <<EOF | sudo tee /etc/modules-load.d/modules.conf
    br_netfilter  # 启用Netfilter 框架,允许对桥接网络中的流量进行过滤和 NAT
    overlay  # 支持 Overlay 虚拟网络
    EOF
  • 本次部署教程基于 Rocky Linux 8.10 版本,内核更新至最新 LTS 版本

软件要求

系统初始化脚本

#!/bin/bash
#*************************************************************************************************************
#Author:        kubecc
#Date:           2024-09-08
#FileName:   rocky8_init_k8s.sh
#blog:           www.kubecc.com
#Description:   本脚用于 k8s 部署前系统初始化工作,基于rocky Linux 8.10版本
#Copyright (C): 2024 All rights reserved
#*************************************************************************************************************
COLOR="echo -e \\033[01;31m"
END='\033[0m'

set_mirror() {
    echo "设置阿里云软件源..."
    sed -e 's|^mirrorlist=|#mirrorlist=|g' \
        -e 's|^#baseurl=http://dl.rockylinux.org/$contentdir|baseurl=https://mirrors.aliyun.com/rockylinux|g' \
        -i.bak \
        /etc/yum.repos.d/Rocky-*.repo
    rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org && dnf install -y https://www.elrepo.org/elrepo-release-8.el8.elrepo.noarch.rpm
    sed -i 's/mirrorlist=/#mirrorlist=/g' /etc/yum.repos.d/elrepo.repo && sed -i 's#elrepo.org/linux#mirrors.tuna.tsinghua.edu.cn/elrepo#g' /etc/yum.repos.d/elrepo.repo
    dnf config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
    dnf clean all && dnf makecache
    echo "设置完成,更新源缓存!"
}

install_software() {
    echo "正在安装常用工具和服务..."
    dnf install telnet lsof vim git unzip wget curl tcpdump bash-completion net-tools epel-release rsyslog dnsutils chrony ipvsadm ipset sysstat conntrack libseccomp  perl -y
    echo "软件安装完成!"
}

update_kernel() {
    echo "更新内核版本..."
    dnf --disablerepo=\* --enablerepo=elrepo-kernel list kernel* | grep kernel-lt
    sleep 10
    dnf --disablerepo=\* --enablerepo=elrepo-kernel install -y kernel-lt.x86_64 kernel-lt-devel.x86_64 
    echo "当前默认启动内核:$(grubby --default-kernel)"
}

datetime_chrony() {
    echo "正在配置时间同步..."
    sed -i '/^pool 2.rocky.pool.ntp.org iburst/d' /etc/chrony.conf
    echo "server ntp.aliyun.com iburst" >>/etc/chrony.conf
    echo "server ntp.tuna.tsinghua.edu.cn iburst" >>/etc/chrony.conf
    systemctl enable --now chronyd
    chronyc -a makestep
    echo "当前系统时间:$(date)"
}

disable_firewall_selinux() {
    echo "正在关闭并禁用防火墙..."
    systemctl disable --now firewalld
    echo -n "防火墙状态:" && echo -n $(firewall-cmd --state)
    echo "正在设置SELinux为disabled状态..."
    sed -ri 's#(SELINUX=).*#\1disabled#' /etc/selinux/config && setenforce 0
    echo -n "当前SELinux状态:" && getenforce
}

kernel_system_config() {
    echo "优化文件"
    echo -e "* soft nofile 65536\n* hard nofile 131072\n* soft nproc 65535\n* hard nproc 655350\n* soft memlock unlimited\n* hard memlock unlimited" >>/etc/security/limits.conf  
    echo "验证配置结果......"
    cat /etc/security/limits.conf | grep -v "#"
    cat <<EOF | tee /etc/modules-load.d/modules.conf
overlay
br_netfilter
EOF
    cat <<EOF | tee /etc/modules-load.d/ipvs.conf
ip_vs
ip_vs_lc
ip_vs_wlc
ip_vs_rr
ip_vs_wrr
ip_vs_lblc
ip_vs_lblcr
ip_vs_dh
ip_vs_sh
ip_vs_fo
ip_vs_nq
ip_vs_sed
ip_vs_ftp
ip_vs_sh
nf_conntrack
ip_tables
ip_set
xt_set
ipt_set
ipt_rpfilter
ipt_REJECT
ipip
EOF
    systemctl enable --now systemd-modules-load.service
}

add_k8s_conf() {
    cat <<EOF >/etc/sysctl.d/k8s.conf
# 1.文件系统相关参数
fs.may_detach_mounts = 1
fs.inotify.max_user_watches=89100
fs.file-max=52706963
fs.nr_open=52706963
# 2.内存相关参数
vm.panic_on_oom=0
vm.overcommit_memory=1
# 3.网络相关参数
net.ipv4.conf.all.route_localnet = 1
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.tcp_keepalive_time = 600
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.tcp_keepalive_intvl =15
net.ipv4.tcp_max_tw_buckets = 36000
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_max_orphans = 327680
net.ipv4.tcp_orphan_retries = 3
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.ip_conntrack_max = 65536
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_timestamps = 0
net.core.somaxconn = 16384
net.netfilter.nf_conntrack_max=2310720
EOF
    sysctl --system
}

execute_all() {
    set_mirror
    install_software
    update_kernel
    datetime_chrony
    disable_firewall_selinux
    kernel_system_config
    add_k8s_conf
}
restart_os(){
    echo "正在重启服务器,请稍后重新尝试连接服务器..."
    shutdown -r now
}
menu() {
    while true; do
        echo -e "\E[$((RANDOM % 7 + 31));1m"
        cat <<-EOF
********************************************************************
*                           k8s初始化脚本菜单   
* 1.设置源   
* 2.安装必要常用软件
* 3.更新内核
* 4.chrony时间同步
* 5.关闭防火墙&禁用SELinux  
* 6.内核优化配置   
* 7.添加k8s配置文件
* 8.全部执行   
* 9.重启服务器
* 10.退出脚本   
********************************************************************
EOF
        echo -e '\E[0m'

        read -p "请选择相应的编号(1-8): " choice
        case ${choice} in
        1)
            set_mirror
            ;;
        2)
            install_software
            ;;
        3)
            update_kernel
            ;;
        4)
            datetime_chrony
            ;;
        5)
            disable_firewall_selinux
            ;;
        6)
            kernel_system_config
            ;;
        7)
            add_k8s_conf
            ;;
        8)
            execute_all
            ;;
        9)
            restart_os
            ;;
        10)
            break
            ;;
        *)
            ${COLOR}"输入错误,请输入正确的数字(1-8)!"${END}
            ;;
        esac
    done
}
main() {
    menu
}

main

安装 Docker 服务

# 根据需求安装指定的 docker 版本,本次安装 docker v20.10.24 版本

[root@localhost ~]# dnf list docker-ce.x86_64 --showduplicates | sort -r
Last metadata expiration check: 3:33:06 ago on Tue 21 Jan 2025 03:56:14 PM CST.
Installed Packages
docker-ce.x86_64               3:26.1.3-1.el8                  docker-ce-stable 
docker-ce.x86_64               3:26.1.2-1.el8                  docker-ce-stable 
docker-ce.x86_64               3:26.1.1-1.el8                  docker-ce-stable 
docker-ce.x86_64               3:26.1.0-1.el8                  docker-ce-stable 
docker-ce.x86_64               3:26.0.2-1.el8                  docker-ce-stable 
docker-ce.x86_64               3:26.0.1-1.el8                  docker-ce-stable 
docker-ce.x86_64               3:26.0.0-1.el8                  docker-ce-stable 
docker-ce.x86_64               3:25.0.5-1.el8                  docker-ce-stable 
docker-ce.x86_64               3:25.0.4-1.el8                  docker-ce-stable 
docker-ce.x86_64               3:25.0.3-1.el8                  docker-ce-stable 
docker-ce.x86_64               3:25.0.2-1.el8                  docker-ce-stable 
docker-ce.x86_64               3:25.0.1-1.el8                  docker-ce-stable 
docker-ce.x86_64               3:25.0.0-1.el8                  docker-ce-stable 
docker-ce.x86_64               3:24.0.9-1.el8                  docker-ce-stable 
docker-ce.x86_64               3:24.0.8-1.el8                  docker-ce-stable 
.................................省略..........................................
[root@localhost ~]# dnf install docker-ce-20.10.24 docker-ce-cli-20.10.24 containerd.io docker-buildx-plugin docker-compose-plugin
Docker CE Stable - x86_64                                                                                                                          320 kB/s |  66 kB     00:00  
Dependencies resolved.
===================================================================================================================================================================================
 Package                                       Architecture               Version                                                       Repository                            Size
===================================================================================================================================================================================
Installing:
 containerd.io                                 x86_64                     1.6.32-3.1.el8                                                docker-ce-stable                      35 M
 docker-buildx-plugin                          x86_64                     0.14.0-1.el8                                                  docker-ce-stable                      14 M
 docker-ce                                     x86_64                     3:20.10.24-3.el8                                              docker-ce-stable                      21 M
 docker-ce-cli                                 x86_64                     1:20.10.24-3.el8                                              docker-ce-stable                      30 M
 docker-compose-plugin                         x86_64                     2.27.0-1.el8                                                  docker-ce-stable                      13 M
Installing dependencies:
 container-selinux                             noarch                     2:2.229.0-2.module+el8.10.0+1896+b18fa106                     appstream                             70 k
 docker-ce-rootless-extras                     x86_64                     26.1.3-1.el8                                                  docker-ce-stable                     5.0 M
 fuse-overlayfs                                x86_64                     1.13-1.module+el8.10.0+1896+b18fa106                          appstream                             69 k
 fuse3                                         x86_64                     3.3.0-19.el8                                                  baseos                                54 k
 fuse3-libs                                    x86_64                     3.3.0-19.el8                                                  baseos                                95 k
 libcgroup                                     x86_64                     0.41-19.el8                                                   baseos                                69 k
 libslirp                                      x86_64                     4.4.0-2.module+el8.10.0+1896+b18fa106                         appstream                             69 k
 slirp4netns                                   x86_64                     1.2.3-1.module+el8.10.0+1896+b18fa106                         appstream                             55 k
Enabling module streams:
 container-tools                                                          rhel8   

Transaction Summary
===================================================================================================================================================================================
Install  13 Packages

Total download size: 119 M
Installed size: 471 M
Is this ok [y/N]: y

# 启动 docker 服务
systemctl enable --now docker && docker version

# 配置镜像加速服务
[root@localhost ~]# vim /etc/docker/daemon.json 
{
    "registry-mirrors": [
        "https://hub.littlediary.cn",
        "https://docker.1ms.run"
    ]
}
# 重载配置,重启 docker 服务
systemctl daemon-reload && systemctl restart docker.servic

配置主机名

# 1.设置主机 hostname
hostnamectl set-hostname m01 && bash  # master 节点执行
hostnamectl set-hostname n01 && bash  # worker 节点执行

# 2.两台主机分别加入 hosts 解析
[root@m01 ~]$ vim /etc/hosts 
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.2.71 m01
192.168.2.72 n01

创建 RKE 用户并配置免密登录

# 1.创建 rke 用户并设置用户密码
useradd rke && echo 123.com|passwd --stdin rke  # 注意替换为自己的密码

# 2.将 rke 用户加入到 docker 用户组,安装 docker 后可能不会有 docker 这用户组,可以使用 groupadd docker 创建 
usermod -aG docker rke

# 3.为了方便后续操作,我们赋予 rke 用户 sudo 权限,此步骤视情况,谨慎操作
echo "rke ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers  # rke 添加到 /etc/sudoers 文件中,赋予 rke 用户无需密码即可执行任何 sudo 命令的权限
gpasswd -a rke root # 将用户 rke 添加到 root 组
newgrp root  # 切换用户 rke 的主组为 root 组

# 4. m01 节点切换到 rke 用户配置 m01 节点免密登录自己或 n01
[root@m01 ~]# su - rke 
Last login: Tue Jan 21 16:02:27 CST 2025 on pts/1
[rke@m01 ~]$ ssh-keygen -t rsa -b 4096  ## 生成密钥,一路回车即可
[rke@m01 ~]$ ssh-copy-id rke@m01 # 按照提示输入 rke 用户密码
[rke@m01 ~]$ ssh-copy-id rke@n01 # 按照提示输入 rke 用户密码

部署 RKE (单机版)

RKE 提供了三种下载安装包的方法:通过 GitHub、Homebrew 或 MacPorts 都可以下载 RKE 安装包,我们通过Github下载二进制安装包 Github

# 在 m01 节点上使用 root 用户执行

# 1.下载 rke 二进制包
wget https://github.com/rancher/rke/releases/download/v1.3.24/rke_linux-amd64 -O /usr/local/bin/rke

# 2.赋予执行权限
chmod +x /usr/local/bin/rke

# 3.核对版本信息
[root@m01 ~]# rke --version
rke version v1.3.24

使用 RKE 生成 K8S 集群配置文件

创建集群配置文件 cluster.yml 的方式有2种:

  • 使用 minimal cluster.yml 创建集群配置文件,然后将您使用的节点的相关信息添加到文件中
  • 使用 rke config 命令创建集群配置文件,然后将集群参数逐个输入到该文件中

我们这里使用 rke config --name cluster.yml 创建部署文件,在当前路径下创建 cluster.yml文件。这条命令会引导您输入创建集群所需的所有参数,详情请参考集群配置选项。配置过程如下:

[rke@m01 ~]$ rke config --name cluster.yml
[+] Cluster Level SSH Private Key Path [~/.ssh/id_rsa]: 
[+] Number of Hosts [1]: 2
[+] SSH Address of host (1) [none]: m01
[+] SSH Port of host (1) [22]: 
[+] SSH Private Key Path of host (m01) [none]: 
[-] You have entered empty SSH key path, trying fetch from SSH key parameter
[+] SSH Private Key of host (m01) [none]: 
[-] You have entered empty SSH key, defaulting to cluster level SSH key: ~/.ssh/id_rsa
[+] SSH User of host (m01) [ubuntu]: rke 
[+] Is host (m01) a Control Plane host (y/n)? [y]: y
[+] Is host (m01) a Worker host (y/n)? [n]: n
[+] Is host (m01) an etcd host (y/n)? [n]: y
[+] Override Hostname of host (m01) [none]: 
[+] Internal IP of host (m01) [none]: 192.168.2.71
[+] Docker socket path on host (m01) [/var/run/docker.sock]: 
[+] SSH Address of host (2) [none]: n01
[+] SSH Port of host (2) [22]: 
[+] SSH Private Key Path of host (n01) [none]: 
[-] You have entered empty SSH key path, trying fetch from SSH key parameter
[+] SSH Private Key of host (n01) [none]: 
[-] You have entered empty SSH key, defaulting to cluster level SSH key: ~/.ssh/id_rsa
[+] SSH User of host (n01) [ubuntu]: rke
[+] Is host (n01) a Control Plane host (y/n)? [y]: n
[+] Is host (n01) a Worker host (y/n)? [n]: y
[+] Is host (n01) an etcd host (y/n)? [n]: n
[+] Override Hostname of host (n01) [none]: n01
[+] Internal IP of host (n01) [none]: 192.168.2.72
[+] Docker socket path on host (n01) [/var/run/docker.sock]: 
[+] Network Plugin Type (flannel, calico, weave, canal, aci) [canal]: calico
[+] Authentication Strategy [x509]: 
[+] Authorization Mode (rbac, none) [rbac]: 
[+] Kubernetes Docker image [rancher/hyperkube:v1.24.17-rancher1]: v1.23.16-rancher2-3
[+] Cluster domain [cluster.local]: 
[+] Service Cluster IP Range [10.43.0.0/16]: 
[+] Enable PodSecurityPolicy [n]: n
[+] Cluster Network CIDR [10.42.0.0/16]: 
[+] Cluster DNS Service IP [10.43.0.10]: 
[+] Add addon manifest URLs or YAML files [no]: 

配置文件内容如下,可以根据需求编辑此文件

[rke@m01 ~]$ cat cluster.yml 
# If you intended to deploy Kubernetes in an air-gapped environment,
# please consult the documentation on how to configure custom RKE images.
nodes:
- address: m01
  port: "22"
  internal_address: 192.168.2.71
  role:
  - controlplane
  - etcd
  hostname_override: ""
  user: rke
  docker_socket: /var/run/docker.sock
  ssh_key: ""
  ssh_key_path: ~/.ssh/id_rsa
  ssh_cert: ""
  ssh_cert_path: ""
  labels: {}
  taints: []
- address: n01
  port: "22"
  internal_address: 192.168.2.72
  role:
  - worker
  hostname_override: n01
  user: rke
  docker_socket: /var/run/docker.sock
  ssh_key: ""
  ssh_key_path: ~/.ssh/id_rsa
  ssh_cert: ""
  ssh_cert_path: ""
  labels: {}
  taints: []
services:
  etcd:
    image: ""
    extra_args: {}
    extra_args_array: {}
    extra_binds: []
    extra_env: []
    win_extra_args: {}
    win_extra_args_array: {}
    win_extra_binds: []
    win_extra_env: []
    external_urls: []
    ca_cert: ""
    cert: ""
    key: ""
    path: ""
    uid: 0
    gid: 0
    snapshot: null
    retention: ""
    creation: ""
    backup_config: null
  kube-api:
    image: ""
    extra_args: {}
    extra_args_array: {}
    extra_binds: []
    extra_env: []
    win_extra_args: {}
    win_extra_args_array: {}
    win_extra_binds: []
    win_extra_env: []
    service_cluster_ip_range: 10.43.0.0/16
    service_node_port_range: ""
    pod_security_policy: false
    always_pull_images: false
    secrets_encryption_config: null
    audit_log: null
    admission_configuration: null
    event_rate_limit: null
  kube-controller:
    image: ""
    extra_args: {}
    extra_args_array: {}
    extra_binds: []
    extra_env: []
    win_extra_args: {}
    win_extra_args_array: {}
    win_extra_binds: []
    win_extra_env: []
    cluster_cidr: 10.42.0.0/16
    service_cluster_ip_range: 10.43.0.0/16
  scheduler:
    image: ""
    extra_args: {}
    extra_args_array: {}
    extra_binds: []
    extra_env: []
    win_extra_args: {}
    win_extra_args_array: {}
    win_extra_binds: []
    win_extra_env: []
  kubelet:
    image: ""
    extra_args: {}
    extra_args_array: {}
    extra_binds: []
    extra_env: []
    win_extra_args: {}
    win_extra_args_array: {}
    win_extra_binds: []
    win_extra_env: []
    cluster_domain: cluster.local
    infra_container_image: ""
    cluster_dns_server: 10.43.0.10
    fail_swap_on: false
    generate_serving_certificate: false
  kubeproxy:
    image: ""
    extra_args: {}
    extra_args_array: {}
    extra_binds: []
    extra_env: []
    win_extra_args: {}
    win_extra_args_array: {}
    win_extra_binds: []
    win_extra_env: []
network:
  plugin: calico
  options: {}
  mtu: 0
  node_selector: {}
  update_strategy: null
  tolerations: []
authentication:
  strategy: x509
  sans: []
  webhook: null
addons: ""
addons_include: []
system_images:
  etcd: rancher/mirrored-coreos-etcd:v3.5.3
  alpine: rancher/rke-tools:v0.1.88
  nginx_proxy: rancher/rke-tools:v0.1.88
  cert_downloader: rancher/rke-tools:v0.1.88
  kubernetes_services_sidecar: rancher/rke-tools:v0.1.88
  kubedns: rancher/mirrored-k8s-dns-kube-dns:1.21.1
  dnsmasq: rancher/mirrored-k8s-dns-dnsmasq-nanny:1.21.1
  kubedns_sidecar: rancher/mirrored-k8s-dns-sidecar:1.21.1
  kubedns_autoscaler: rancher/mirrored-cluster-proportional-autoscaler:1.8.5
  coredns: rancher/mirrored-coredns-coredns:1.9.0
  coredns_autoscaler: rancher/mirrored-cluster-proportional-autoscaler:1.8.5
  nodelocal: rancher/mirrored-k8s-dns-node-cache:1.21.1
  kubernetes: rancher/hyperkube:v1.23.16-rancher2
  flannel: rancher/mirrored-coreos-flannel:v0.15.1
  flannel_cni: rancher/flannel-cni:v0.3.0-rancher6
  calico_node: rancher/mirrored-calico-node:v3.22.5
  calico_cni: rancher/calico-cni:v3.22.5-rancher1
  calico_controllers: rancher/mirrored-calico-kube-controllers:v3.22.5
  calico_ctl: rancher/mirrored-calico-ctl:v3.22.5
  calico_flexvol: rancher/mirrored-calico-pod2daemon-flexvol:v3.22.5
  canal_node: rancher/mirrored-calico-node:v3.22.5
  canal_cni: rancher/calico-cni:v3.22.5-rancher1
  canal_controllers: rancher/mirrored-calico-kube-controllers:v3.22.5
  canal_flannel: rancher/mirrored-flannelcni-flannel:v0.17.0
  canal_flexvol: rancher/mirrored-calico-pod2daemon-flexvol:v3.22.5
  weave_node: weaveworks/weave-kube:2.8.1
  weave_cni: weaveworks/weave-npc:2.8.1
  pod_infra_container: rancher/mirrored-pause:3.6
  ingress: rancher/nginx-ingress-controller:nginx-1.5.1-rancher2
  ingress_backend: rancher/mirrored-nginx-ingress-controller-defaultbackend:1.5-rancher1
  ingress_webhook: rancher/mirrored-ingress-nginx-kube-webhook-certgen:v1.1.1
  metrics_server: rancher/mirrored-metrics-server:v0.6.1
  windows_pod_infra_container: rancher/mirrored-pause:3.6
  aci_cni_deploy_container: noiro/cnideploy:5.2.7.1.81c2369
  aci_host_container: noiro/aci-containers-host:5.2.7.1.81c2369
  aci_opflex_container: noiro/opflex:5.2.7.1.81c2369
  aci_mcast_container: noiro/opflex:5.2.7.1.81c2369
  aci_ovs_container: noiro/openvswitch:5.2.7.1.81c2369
  aci_controller_container: noiro/aci-containers-controller:5.2.7.1.81c2369
  aci_gbp_server_container: noiro/gbp-server:5.2.7.1.81c2369
  aci_opflex_server_container: noiro/opflex-server:5.2.7.1.81c2369
ssh_key_path: ~/.ssh/id_rsa
ssh_cert_path: ""
ssh_agent_auth: false
authorization:
  mode: rbac
  options: {}
ignore_docker_version: null
enable_cri_dockerd: null
kubernetes_version: ""
private_registries: []
ingress:
  provider: ""
  options: {}
  node_selector: {}
  extra_args: {}
  dns_policy: ""
  extra_envs: []
  extra_volumes: []
  extra_volume_mounts: []
  update_strategy: null
  http_port: 0
  https_port: 0
  network_mode: ""
  tolerations: []
  default_backend: null
  default_http_backend_priority_class_name: ""
  nginx_ingress_controller_priority_class_name: ""
  default_ingress_class: null
cluster_name: ""
cloud_provider:
  name: ""
prefix_path: ""
win_prefix_path: ""
addon_job_timeout: 0
bastion_host:
  address: ""
  port: ""
  user: ""
  ssh_key: ""
  ssh_key_path: ""
  ssh_cert: ""
  ssh_cert_path: ""
  ignore_proxy_env_vars: false
monitoring:
  provider: ""
  options: {}
  node_selector: {}
  update_strategy: null
  replicas: null
  tolerations: []
  metrics_server_priority_class_name: ""
restore:
  restore: false
  snapshot_name: ""
rotate_encryption_key: false
dns: null

创建 K8S 集群

# 执行 rke up 我们就可以启动集群啦
[rke@m01 ~]$ rke up --config ./rancher-cluster.yml
INFO[0000] Running RKE version: v1.3.24   
INFO[0000] Initiating Kubernetes cluster  
INFO[0000] [dialer] Setup tunnel for host [m01]   
INFO[0000] [dialer] Setup tunnel for host [n01]   
INFO[0000] Finding container [cluster-state-deployer] on host [m01], try #1 
INFO[0000] Finding container [cluster-state-deployer] on host [n01], try #1 
INFO[0000] [certificates] Generating CA kubernetes certificates 
INFO[0000] [certificates] Generating Kubernetes API server aggregation layer requestheader client CA certificates 
INFO[0000] [certificates] GenerateServingCertificate is disabled, checking if there are unused kubelet certificates 
INFO[0000] [certificates] Generating Kubernetes API server certificates 
INFO[0000] [certificates] Generating Service account token key 
INFO[0000] [certificates] Generating Kube Controller certificates 
INFO[0001] [certificates] Generating Kube Scheduler certificates 
INFO[0001] [certificates] Generating Kube Proxy certificates 
INFO[0001] [certificates] Generating Node certificate   
INFO[0001] [certificates] Generating admin certificates and kubeconfig 
INFO[0001] [certificates] Generating Kubernetes API server proxy client certificates 
INFO[0001] [certificates] Generating kube-etcd-192-168-2-71 certificate and key 
INFO[0001] Successfully Deployed state file at [./cluster.rkestate] 
INFO[0001] Building Kubernetes cluster  
INFO[0001] [dialer] Setup tunnel for host [n01]   
INFO[0001] [dialer] Setup tunnel for host [m01]   
INFO[0002] [network] Deploying port listener containers 
INFO[0002] Image [rancher/rke-tools:v0.1.88] exists on host [m01] 
INFO[0002] Starting container [rke-etcd-port-listener] on host [m01], try #1 
INFO[0002] [network] Successfully started [rke-etcd-port-listener] container on host [m01] 
INFO[0002] Image [rancher/rke-tools:v0.1.88] exists on host [m01] 
INFO[0003] Starting container [rke-cp-port-listener] on host [m01], try #1 
INFO[0003] [network] Successfully started [rke-cp-port-listener] container on host [m01] 
INFO[0003] Image [rancher/rke-tools:v0.1.88] exists on host [n01] 
INFO[0003] Starting container [rke-worker-port-listener] on host [n01], try #1 
INFO[0003] [network] Successfully started [rke-worker-port-listener] container on host [n01] 
INFO[0003] [network] Port listener containers deployed successfully 
INFO[0003] [network] Running control plane -> etcd port checks 
INFO[0003] [network] Checking if host [m01] can connect to host(s) [192.168.2.71] on port(s) [2379], try #1 
INFO[0003] Image [rancher/rke-tools:v0.1.88] exists on host [m01] 
INFO[0004] Starting container [rke-port-checker] on host [m01], try #1 
INFO[0004] [network] Successfully started [rke-port-checker] container on host [m01] 
INFO[0004] Removing container [rke-port-checker] on host [m01], try #1 
INFO[0004] [network] Running control plane -> worker port checks 
INFO[0004] [network] Checking if host [m01] can connect to host(s) [192.168.2.72] on port(s) [10250], try #1 
INFO[0004] Image [rancher/rke-tools:v0.1.88] exists on host [m01] 
INFO[0004] Starting container [rke-port-checker] on host [m01], try #1 
INFO[0004] [network] Successfully started [rke-port-checker] container on host [m01] 
INFO[0004] Removing container [rke-port-checker] on host [m01], try #1 
INFO[0004] [network] Running workers -> control plane port checks 
INFO[0004] [network] Checking if host [n01] can connect to host(s) [192.168.2.71] on port(s) [6443], try #1 
INFO[0004] Image [rancher/rke-tools:v0.1.88] exists on host [n01] 
INFO[0005] Starting container [rke-port-checker] on host [n01], try #1 
INFO[0005] [network] Successfully started [rke-port-checker] container on host [n01] 
INFO[0005] Removing container [rke-port-checker] on host [n01], try #1 
INFO[0005] [network] Checking KubeAPI port Control Plane hosts 
INFO[0005] [network] Removing port listener containers  
INFO[0005] Removing container [rke-etcd-port-listener] on host [m01], try #1 
INFO[0005] [remove/rke-etcd-port-listener] Successfully removed container on host [m01] 
INFO[0005] Removing container [rke-cp-port-listener] on host [m01], try #1 
INFO[0005] [remove/rke-cp-port-listener] Successfully removed container on host [m01] 
INFO[0005] Removing container [rke-worker-port-listener] on host [n01], try #1 
INFO[0005] [remove/rke-worker-port-listener] Successfully removed container on host [n01] 
INFO[0005] [network] Port listener containers removed successfully 
INFO[0005] [certificates] Deploying kubernetes certificates to Cluster nodes 
INFO[0005] Finding container [cert-deployer] on host [n01], try #1 
INFO[0005] Finding container [cert-deployer] on host [m01], try #1 
INFO[0005] Image [rancher/rke-tools:v0.1.88] exists on host [n01] 
INFO[0005] Image [rancher/rke-tools:v0.1.88] exists on host [m01] 
INFO[0006] Starting container [cert-deployer] on host [m01], try #1 
INFO[0006] Starting container [cert-deployer] on host [n01], try #1 
INFO[0006] Finding container [cert-deployer] on host [m01], try #1 
INFO[0006] Finding container [cert-deployer] on host [n01], try #1 
INFO[0011] Finding container [cert-deployer] on host [m01], try #1 
INFO[0011] Removing container [cert-deployer] on host [m01], try #1 
INFO[0011] Finding container [cert-deployer] on host [n01], try #1 
INFO[0011] Removing container [cert-deployer] on host [n01], try #1 
INFO[0011] [reconcile] Rebuilding and updating local kube config 
INFO[0011] Successfully Deployed local admin kubeconfig at [./kube_config_cluster.yml] 
WARN[0011] [reconcile] host [m01] is a control plane node without reachable Kubernetes API endpoint in the cluster 
WARN[0011] [reconcile] no control plane node with reachable Kubernetes API endpoint in the cluster found 
INFO[0011] [certificates] Successfully deployed kubernetes certificates to Cluster nodes 
INFO[0011] [file-deploy] Deploying file [/etc/kubernetes/audit-policy.yaml] to node [m01] 
INFO[0011] Image [rancher/rke-tools:v0.1.88] exists on host [m01] 
INFO[0011] Starting container [file-deployer] on host [m01], try #1 
INFO[0012] Successfully started [file-deployer] container on host [m01] 
INFO[0012] Waiting for [file-deployer] container to exit on host [m01] 
INFO[0012] Waiting for [file-deployer] container to exit on host [m01] 
INFO[0012] Container [file-deployer] is still running on host [m01]: stderr: [], stdout: [] 
INFO[0013] Removing container [file-deployer] on host [m01], try #1 
INFO[0013] [remove/file-deployer] Successfully removed container on host [m01] 
INFO[0013] [/etc/kubernetes/audit-policy.yaml] Successfully deployed audit policy file to Cluster control nodes 
INFO[0013] [reconcile] Reconciling cluster state  
INFO[0013] [reconcile] This is newly generated cluster  
INFO[0013] Pre-pulling kubernetes images  
INFO[0013] Image [rancher/hyperkube:v1.23.16-rancher2] exists on host [m01] 
INFO[0013] Image [rancher/hyperkube:v1.23.16-rancher2] exists on host [n01] 
INFO[0013] Kubernetes images pulled successfully  
INFO[0013] [etcd] Building up etcd plane..  
INFO[0013] Image [rancher/rke-tools:v0.1.88] exists on host [m01] 
INFO[0013] Starting container [etcd-fix-perm] on host [m01], try #1 
INFO[0013] Successfully started [etcd-fix-perm] container on host [m01] 
INFO[0013] Waiting for [etcd-fix-perm] container to exit on host [m01] 
INFO[0013] Waiting for [etcd-fix-perm] container to exit on host [m01] 
INFO[0013] Container [etcd-fix-perm] is still running on host [m01]: stderr: [], stdout: [] 
INFO[0014] Removing container [etcd-fix-perm] on host [m01], try #1 
INFO[0014] [remove/etcd-fix-perm] Successfully removed container on host [m01] 
INFO[0014] Image [rancher/mirrored-coreos-etcd:v3.5.3] exists on host [m01] 
INFO[0014] Starting container [etcd] on host [m01], try #1 
INFO[0014] [etcd] Successfully started [etcd] container on host [m01] 
INFO[0014] [etcd] Running rolling snapshot container [etcd-snapshot-once] on host [m01] 
INFO[0014] Pulling image [rancher/rke-tools:v0.1.90] on host [m01], try #1 
INFO[0038] Image [rancher/rke-tools:v0.1.90] exists on host [m01] 
INFO[0039] Starting container [etcd-rolling-snapshots] on host [m01], try #1 
INFO[0039] [etcd] Successfully started [etcd-rolling-snapshots] container on host [m01] 
INFO[0044] Image [rancher/rke-tools:v0.1.90] exists on host [m01] 
INFO[0045] Starting container [rke-bundle-cert] on host [m01], try #1 
INFO[0045] [certificates] Successfully started [rke-bundle-cert] container on host [m01] 
INFO[0045] Waiting for [rke-bundle-cert] container to exit on host [m01] 
INFO[0045] Container [rke-bundle-cert] is still running on host [m01]: stderr: [], stdout: [] 
INFO[0046] [certificates] successfully saved certificate bundle [/opt/rke/etcd-snapshots//pki.bundle.tar.gz] on host [m01] 
INFO[0046] Removing container [rke-bundle-cert] on host [m01], try #1 
INFO[0046] Image [rancher/rke-tools:v0.1.88] exists on host [m01] 
INFO[0046] Starting container [rke-log-linker] on host [m01], try #1 
INFO[0047] [etcd] Successfully started [rke-log-linker] container on host [m01] 
INFO[0047] Removing container [rke-log-linker] on host [m01], try #1 
INFO[0047] [remove/rke-log-linker] Successfully removed container on host [m01] 
INFO[0047] Image [rancher/rke-tools:v0.1.88] exists on host [m01] 
INFO[0047] Starting container [rke-log-linker] on host [m01], try #1 
INFO[0047] [etcd] Successfully started [rke-log-linker] container on host [m01] 
INFO[0047] Removing container [rke-log-linker] on host [m01], try #1 
INFO[0047] [remove/rke-log-linker] Successfully removed container on host [m01] 
INFO[0047] [etcd] Successfully started etcd plane.. Checking etcd cluster health 
INFO[0047] [etcd] etcd host [m01] reported healthy=true 
INFO[0047] [controlplane] Building up Controller Plane.. 
INFO[0047] Finding container [service-sidekick] on host [m01], try #1 
INFO[0047] Image [rancher/rke-tools:v0.1.88] exists on host [m01] 
INFO[0048] Image [rancher/hyperkube:v1.23.16-rancher2] exists on host [m01] 
INFO[0048] Starting container [kube-apiserver] on host [m01], try #1 
INFO[0048] [controlplane] Successfully started [kube-apiserver] container on host [m01] 
INFO[0048] [healthcheck] Start Healthcheck on service [kube-apiserver] on host [m01] 
INFO[0053] [healthcheck] service [kube-apiserver] on host [m01] is healthy 
INFO[0053] Image [rancher/rke-tools:v0.1.88] exists on host [m01] 
INFO[0053] Starting container [rke-log-linker] on host [m01], try #1 
INFO[0053] [controlplane] Successfully started [rke-log-linker] container on host [m01] 
INFO[0053] Removing container [rke-log-linker] on host [m01], try #1 
INFO[0054] [remove/rke-log-linker] Successfully removed container on host [m01] 
INFO[0054] Image [rancher/hyperkube:v1.23.16-rancher2] exists on host [m01] 
INFO[0054] Starting container [kube-controller-manager] on host [m01], try #1 
INFO[0054] [controlplane] Successfully started [kube-controller-manager] container on host [m01] 
INFO[0054] [healthcheck] Start Healthcheck on service [kube-controller-manager] on host [m01] 
INFO[0059] [healthcheck] service [kube-controller-manager] on host [m01] is healthy 
INFO[0059] Image [rancher/rke-tools:v0.1.88] exists on host [m01] 
INFO[0059] Starting container [rke-log-linker] on host [m01], try #1 
INFO[0059] [controlplane] Successfully started [rke-log-linker] container on host [m01] 
INFO[0059] Removing container [rke-log-linker] on host [m01], try #1 
INFO[0060] [remove/rke-log-linker] Successfully removed container on host [m01] 
INFO[0060] Image [rancher/hyperkube:v1.23.16-rancher2] exists on host [m01] 
INFO[0060] Starting container [kube-scheduler] on host [m01], try #1 
INFO[0060] [controlplane] Successfully started [kube-scheduler] container on host [m01] 
INFO[0060] [healthcheck] Start Healthcheck on service [kube-scheduler] on host [m01] 
INFO[0065] [healthcheck] service [kube-scheduler] on host [m01] is healthy 
INFO[0065] Image [rancher/rke-tools:v0.1.88] exists on host [m01] 
INFO[0065] Starting container [rke-log-linker] on host [m01], try #1 
INFO[0065] [controlplane] Successfully started [rke-log-linker] container on host [m01] 
INFO[0065] Removing container [rke-log-linker] on host [m01], try #1 
INFO[0065] [remove/rke-log-linker] Successfully removed container on host [m01] 
INFO[0065] [controlplane] Successfully started Controller Plane.. 
INFO[0065] [authz] Creating rke-job-deployer ServiceAccount 
INFO[0065] [authz] rke-job-deployer ServiceAccount created successfully 
INFO[0065] [authz] Creating system:node ClusterRoleBinding 
INFO[0065] [authz] system:node ClusterRoleBinding created successfully 
INFO[0065] [authz] Creating kube-apiserver proxy ClusterRole and ClusterRoleBinding 
INFO[0065] [authz] kube-apiserver proxy ClusterRole and ClusterRoleBinding created successfully 
INFO[0065] Successfully Deployed state file at [./cluster.rkestate] 
INFO[0065] [state] Saving full cluster state to Kubernetes 
INFO[0065] [state] Successfully Saved full cluster state to Kubernetes ConfigMap: full-cluster-state 
INFO[0065] [worker] Building up Worker Plane..  
INFO[0065] Finding container [service-sidekick] on host [m01], try #1 
INFO[0065] [sidekick] Sidekick container already created on host [m01] 
INFO[0065] Image [rancher/hyperkube:v1.23.16-rancher2] exists on host [m01] 
INFO[0066] Starting container [kubelet] on host [m01], try #1 
INFO[0066] [worker] Successfully started [kubelet] container on host [m01] 
INFO[0066] [healthcheck] Start Healthcheck on service [kubelet] on host [m01] 
INFO[0066] Image [rancher/rke-tools:v0.1.88] exists on host [n01] 
INFO[0066] Starting container [nginx-proxy] on host [n01], try #1 
INFO[0066] [worker] Successfully started [nginx-proxy] container on host [n01] 
INFO[0066] Image [rancher/rke-tools:v0.1.88] exists on host [n01] 
INFO[0067] Starting container [rke-log-linker] on host [n01], try #1 
INFO[0067] [worker] Successfully started [rke-log-linker] container on host [n01] 
INFO[0067] Removing container [rke-log-linker] on host [n01], try #1 
INFO[0067] [remove/rke-log-linker] Successfully removed container on host [n01] 
INFO[0067] Finding container [service-sidekick] on host [n01], try #1 
INFO[0067] Image [rancher/rke-tools:v0.1.88] exists on host [n01] 
INFO[0068] Image [rancher/hyperkube:v1.23.16-rancher2] exists on host [n01] 
INFO[0068] Starting container [kubelet] on host [n01], try #1 
INFO[0068] [worker] Successfully started [kubelet] container on host [n01] 
INFO[0068] [healthcheck] Start Healthcheck on service [kubelet] on host [n01] 
INFO[0081] [healthcheck] service [kubelet] on host [m01] is healthy 
INFO[0081] Image [rancher/rke-tools:v0.1.88] exists on host [m01] 
INFO[0081] Starting container [rke-log-linker] on host [m01], try #1 
INFO[0082] [worker] Successfully started [rke-log-linker] container on host [m01] 
INFO[0082] Removing container [rke-log-linker] on host [m01], try #1 
INFO[0082] [remove/rke-log-linker] Successfully removed container on host [m01] 
INFO[0082] Image [rancher/hyperkube:v1.23.16-rancher2] exists on host [m01] 
INFO[0082] Starting container [kube-proxy] on host [m01], try #1 
INFO[0082] [worker] Successfully started [kube-proxy] container on host [m01] 
INFO[0082] [healthcheck] Start Healthcheck on service [kube-proxy] on host [m01] 
INFO[0083] [healthcheck] service [kubelet] on host [n01] is healthy 
INFO[0083] Image [rancher/rke-tools:v0.1.88] exists on host [n01] 
INFO[0084] Starting container [rke-log-linker] on host [n01], try #1 
INFO[0084] [worker] Successfully started [rke-log-linker] container on host [n01] 
INFO[0084] Removing container [rke-log-linker] on host [n01], try #1 
INFO[0084] [remove/rke-log-linker] Successfully removed container on host [n01] 
INFO[0084] Image [rancher/hyperkube:v1.23.16-rancher2] exists on host [n01] 
INFO[0084] Starting container [kube-proxy] on host [n01], try #1 
INFO[0084] [worker] Successfully started [kube-proxy] container on host [n01] 
INFO[0084] [healthcheck] Start Healthcheck on service [kube-proxy] on host [n01] 
INFO[0087] [healthcheck] service [kube-proxy] on host [m01] is healthy 
INFO[0087] Image [rancher/rke-tools:v0.1.88] exists on host [m01] 
INFO[0087] Starting container [rke-log-linker] on host [m01], try #1 
INFO[0088] [worker] Successfully started [rke-log-linker] container on host [m01] 
INFO[0088] Removing container [rke-log-linker] on host [m01], try #1 
INFO[0088] [remove/rke-log-linker] Successfully removed container on host [m01] 
INFO[0090] [healthcheck] service [kube-proxy] on host [n01] is healthy 
INFO[0090] Image [rancher/rke-tools:v0.1.88] exists on host [n01] 
INFO[0090] Starting container [rke-log-linker] on host [n01], try #1 
INFO[0090] [worker] Successfully started [rke-log-linker] container on host [n01] 
INFO[0091] Removing container [rke-log-linker] on host [n01], try #1 
INFO[0091] [remove/rke-log-linker] Successfully removed container on host [n01] 
INFO[0091] [worker] Successfully started Worker Plane.. 
INFO[0091] Image [rancher/rke-tools:v0.1.88] exists on host [n01] 
INFO[0091] Image [rancher/rke-tools:v0.1.88] exists on host [m01] 
INFO[0091] Starting container [rke-log-cleaner] on host [n01], try #1 
INFO[0091] Starting container [rke-log-cleaner] on host [m01], try #1 
INFO[0091] [cleanup] Successfully started [rke-log-cleaner] container on host [m01] 
INFO[0091] Removing container [rke-log-cleaner] on host [m01], try #1 
INFO[0091] [cleanup] Successfully started [rke-log-cleaner] container on host [n01] 
INFO[0091] Removing container [rke-log-cleaner] on host [n01], try #1 
INFO[0091] [remove/rke-log-cleaner] Successfully removed container on host [m01] 
INFO[0091] [remove/rke-log-cleaner] Successfully removed container on host [n01] 
INFO[0091] [sync] Syncing nodes Labels and Taints   
INFO[0091] [sync] Successfully synced nodes Labels and Taints 
INFO[0091] [network] Setting up network plugin: calico  
INFO[0091] [addons] Saving ConfigMap for addon rke-network-plugin to Kubernetes 
INFO[0091] [addons] Successfully saved ConfigMap for addon rke-network-plugin to Kubernetes 
INFO[0091] [addons] Executing deploy job rke-network-plugin 
INFO[0097] [addons] Setting up coredns  
INFO[0097] [addons] Saving ConfigMap for addon rke-coredns-addon to Kubernetes 
INFO[0097] [addons] Successfully saved ConfigMap for addon rke-coredns-addon to Kubernetes 
INFO[0097] [addons] Executing deploy job rke-coredns-addon 
INFO[0102] [addons] CoreDNS deployed successfully   
INFO[0102] [dns] DNS provider coredns deployed successfully 
INFO[0102] [addons] Setting up Metrics Server   
INFO[0102] [addons] Saving ConfigMap for addon rke-metrics-addon to Kubernetes 
INFO[0102] [addons] Successfully saved ConfigMap for addon rke-metrics-addon to Kubernetes 
INFO[0102] [addons] Executing deploy job rke-metrics-addon 
INFO[0107] [addons] Metrics Server deployed successfully 
INFO[0107] [ingress] Setting up nginx ingress controller 
INFO[0107] [ingress] removing admission batch jobs if they exist 
INFO[0107] [addons] Saving ConfigMap for addon rke-ingress-controller to Kubernetes 
INFO[0107] [addons] Successfully saved ConfigMap for addon rke-ingress-controller to Kubernetes 
INFO[0107] [addons] Executing deploy job rke-ingress-controller 
INFO[0112] [ingress] removing default backend service and deployment if they exist 
INFO[0112] [ingress] ingress controller nginx deployed successfully 
INFO[0112] [addons] Setting up user addons  
INFO[0112] [addons] no user addons defined  
INFO[0112] Finished building Kubernetes cluster successfully # 看到这个信息就部署启动完成了

安装 Kuebctl

# 1.下载 kubectl 二进制文件
wget https://cdn.dl.k8s.io/release/v1.23.16/bin/linux/amd64/kubectl -O /usr/local/bin/kubectl

# 2.赋予可执行权限
chmod +x /usr/local/bin/kubectl

# 3.验证 kubectl 版本
[rke@m01 ~]$ kubectl version
Client Version: version.Info{Major:"1", Minor:"23", GitVersion:"v1.23.16", GitCommit:"60e5135f758b6e43d0523b3277e8d34b4ab3801f", GitTreeState:"clean", BuildDate:"2023-01-18T16:01:10Z", GoVersion:"go1.19.5", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"23", GitVersion:"v1.23.16", GitCommit:"60e5135f758b6e43d0523b3277e8d34b4ab3801f", GitTreeState:"clean", BuildDate:"2023-01-18T15:54:23Z", GoVersion:"go1.19.5", Compiler:"gc", Platform:"linux/amd64"}

# 4.使用 rke 用户配置 kubectl 命令,以后将使用 rke 用户管理集群
[rke@m01 ~]$ ls
cluster.rkestate  cluster.yml  kube_config_cluster.yml
[rke@m01 ~]$ mkdir ~/.kube
[rke@m01 ~]$ cp kube_config_cluster.yml ~/.kube
[rke@m01 ~]$ cp ~/.kube/kube_config_cluster.yml ~/.kube/config
[rke@m01 ~]$ echo "source <(kubectl completion bash)" >> ~/.bashrc
[rke@m01 ~]$ source ~/.bashrc

# 5.备份集群部署配置文件,把 cluster.yml 和 cluster.rkestate 也备份一份过来,以免丢失
[rke@m01 ~]$ cp cluster.yml ~/.kube/ 
[rke@m01 ~]$ cp cluster.rkestate ~/.kube/

# 6.查看集群状态
[rke@m01 ~]$ kubectl  get nodes -owide
NAME   STATUS   ROLES               AGE   VERSION    INTERNAL-IP    EXTERNAL-IP   OS-IMAGE                            KERNEL-VERSION                CONTAINER-RUNTIME
m01    Ready    controlplane,etcd   24h   v1.23.16   192.168.2.71   <none>        Rocky Linux 8.10 (Green Obsidian)   5.4.289-1.el8.elrepo.x86_64   docker://20.10.24
n01    Ready    worker              24h   v1.23.16   192.168.2.72   <none>        Rocky Linux 8.10 (Green Obsidian)   5.4.289-1.el8.elrepo.x86_64   docker://20.10.24
[rke@m01 ~]$ kubectl  get pods -A -owide
NAMESPACE       NAME                                      READY   STATUS      RESTARTS   AGE   IP             NODE   NOMINATED NODE   READINESS GATES
ingress-nginx   ingress-nginx-admission-create-c4lcm      0/1     Completed   0          24h   10.42.77.2     n01    <none>           <none>
ingress-nginx   ingress-nginx-admission-patch-zpw72       0/1     Completed   0          24h   10.42.77.3     n01    <none>           <none>
ingress-nginx   nginx-ingress-controller-tv9sq            1/1     Running     0          24h   10.42.77.7     n01    <none>           <none>
kube-system     calico-kube-controllers-56b7c9f8d-chftd   1/1     Running     0          24h   10.42.77.5     n01    <none>           <none>
kube-system     calico-node-57chf                         1/1     Running     0          24h   192.168.2.71   m01    <none>           <none>
kube-system     calico-node-cx2ld                         1/1     Running     0          24h   192.168.2.72   n01    <none>           <none>
kube-system     coredns-548ff45b67-gvbdb                  1/1     Running     0          24h   10.42.77.1     n01    <none>           <none>
kube-system     coredns-autoscaler-d5944f655-f4ljx        1/1     Running     0          24h   10.42.77.4     n01    <none>           <none>
kube-system     metrics-server-5c4895ffbd-hh9mv           1/1     Running     0          24h   10.42.77.6     n01    <none>           <none>
kube-system     rke-coredns-addon-deploy-job-6svz4        0/1     Completed   0          24h   192.168.2.71   m01    <none>           <none>
kube-system     rke-ingress-controller-deploy-job-9sxsw   0/1     Completed   0          24h   192.168.2.71   m01    <none>           <none>
kube-system     rke-metrics-addon-deploy-job-ccs85        0/1     Completed   0          24h   192.168.2.71   m01    <none>           <none>
kube-system     rke-network-plugin-deploy-job-nsjb6       0/1     Completed   0          24h   192.168.2.71   m01    <none>           <none>

部署 Rancher 可视化面板

我们使用 Rancher 来管理 K8S 集群,UI界面比较适合开发的同学,部署 Rancher ,有 2 种方法:

  • 一是在 K8S 集群内部部署,直接配置管理集群
  • 二是单独部署 Rancher 应用,导入集群(不限制 K8S 部署方式)

为了简单快速实现部署,我们直接在 192.168.2.77 服务器上,使用 Docker 服务启动一个 Rancher 应用,启动方法如下:

# 1.启动 Rancher 服务, 注意 Rancher 应用与 K8S 版本适配关系
docker run -d --restart=unless-stopped   -p 80:80 -p 443:443   --privileged   rancher/rancher:v2.7-head

启动完成后,我们访问 https://192.168.2.77/ ,我们根据界面引导,登入 Rancher 管理界面,在集群管理功能中根据界面引导、填好相关信息,复制 Agent 部署信息到 m01 节点上执行

1737528009623

# 在界面点击创建后,我们会得到一条部署命令,我们在 m01 节点上执行部署
[rke@m01 ~]$ curl --insecure -sfL https://192.168.2.77/v3/import/l4b4k94wwzrw8rvgjbpl2hmrpdwrjjdgq8598lvzm9qch92lw5xkv7_c-m-v4vxch7p.yaml | kubectl apply -f -

# 启动完成后如下,我们会发现多了一个 namespace ,我们就可以在面板上看到新加入的集群信息了
[rke@m01 ~]$ kubectl  get pods -n cattle-system
NAME                                   READY   STATUS    RESTARTS   AGE
cattle-cluster-agent-dc6f5d649-9jgwh   1/1     Running   0          10h
cattle-cluster-agent-dc6f5d649-bp7rx   1/1     Running   0          10h
rancher-webhook-f874c7d7-j8cc4         1/1     Running   0          10h

1737528464126

Rancher Agents

Rancher 通过 cluster-agent 与集群进行通信(通过 cattle-cluster-agent 调用 Kubernetes API 与集群通讯),并通过 cattle-node-agent 与节点进行通信

如果 cattle-cluster-agent 无法连接到已有的 Rancher Server 也就是 server-url,集群将保留在 Pending 状态,错误显示为 Waiting for full cluster configuration

总结

  1. 我们通过 RKE 单机模式部署了 K8S 集群,并实现了 Rancher 可视化界面的方式管理 K8S 集群,通过这篇文章,大家可以对集群部署过程有个简单的了解
  2. 后续我会结合这篇文章内容对整个集群的部署方式和部署内容进行扩展,比如,RKE 集群模式、K8S 集群高可用、使用 Helm 部署 Rancher 应用等等
用一杯咖啡支持我们,我们的每一篇[文档]都经过实际操作和精心打磨,而不是简单地从网上复制粘贴。期间投入了大量心血,只为能够真正帮助到您。
暂无评论

发送评论 编辑评论


				
|´・ω・)ノ
ヾ(≧∇≦*)ゝ
(☆ω☆)
(╯‵□′)╯︵┴─┴
 ̄﹃ ̄
(/ω\)
∠( ᐛ 」∠)_
(๑•̀ㅁ•́ฅ)
→_→
୧(๑•̀⌄•́๑)૭
٩(ˊᗜˋ*)و
(ノ°ο°)ノ
(´இ皿இ`)
⌇●﹏●⌇
(ฅ´ω`ฅ)
(╯°A°)╯︵○○○
φ( ̄∇ ̄o)
ヾ(´・ ・`。)ノ"
( ง ᵒ̌皿ᵒ̌)ง⁼³₌₃
(ó﹏ò。)
Σ(っ °Д °;)っ
( ,,´・ω・)ノ"(´っω・`。)
╮(╯▽╰)╭
o(*////▽////*)q
>﹏<
( ๑´•ω•) "(ㆆᴗㆆ)
😂
😀
😅
😊
🙂
🙃
😌
😍
😘
😜
😝
😏
😒
🙄
😳
😡
😔
😫
😱
😭
💩
👻
🙌
🖕
👍
👫
👬
👭
🌚
🌝
🙈
💊
😶
🙏
🍦
🍉
😣
Source: github.com/k4yt3x/flowerhd
颜文字
Emoji
小恐龙
花!
上一篇
下一篇