通过RKE 安装kubernetes
PS:内容选取自网络,仅用于学习记录
集群节点说明
10.0.0.10 mke.kuber.com
10.0.0.11 master.kuber.com
10.0.0.12 node12.kuber.com
10.0.0.13 node13.kuber.com
安装前的操作调整
基础操作
sudo sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config # 关闭selinux
systemctl stop firewalld.service && systemctl disable firewalld.service # 关闭防火墙
echo 'LANG="en_US.UTF-8"' >> /etc/profile;source /etc/profile #修改系统语言
ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime # 修改时区(如果需要修改)
# 添加hosts文件
# 性能调优
cat >> /etc/sysctl.conf<<EOF
net.ipv4.ip_forward=1
net.bridge.bridge-nf-call-iptables=1
net.ipv4.neigh.default.gc_thresh1=4096
net.ipv4.neigh.default.gc_thresh2=6144
net.ipv4.neigh.default.gc_thresh3=8192
EOF
sysctl -p
配置yum 国内源
# 备份
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
# 下载国内源到/etc/yum.repo.d/
wget -O /etc/yum.repos.d/CentOS-Base.repo <http://mirrors.aliyun.com/repo/Centos-7.repo>
配置相关转发
cat <<EOF > /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
vm.swappiness=0
EOF
sysctl --system
配置kubernetes源(所有机器上操作)
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg <https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg>
EOF
配置docker源,安装docker(所有机器上操作)
yum -y install yum-utils
yum-config-manager --add-repo <http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo>
yum install -y device-mapper-persistent-data lvm2
sudo yum makecache fast
yum -y remove container-selinux.noarch
yum install <https://download.docker.com/linux/centos/7/x86_64/stable/Packages/docker-ce-selinux-17.03.2.ce-1.el7.centos.noarch.rpm> -y
yum install docker-ce-17.03.0.ce -y (安装17.03,要不然会出现问题)
systemctl start docker && systemctl enable docker
创建docker用户(所有节点上) 这一步特别重要,我们后面起的服务全部都要在docker这个用户下启动
[root@RKE ~]# grep ^docker /etc/group 如果有docker组就不需要创建
docker:x:994:
useradd -g docker docker
echo "1" | passwd --stdin docker
在RKE上分发秘钥
ssh-keygen -t rsa
ssh-copy-id -i ~/.ssh/id_rsa.pub docker@10.0.0.10
ssh-copy-id -i ~/.ssh/id_rsa.pub docker@10.0.0.11
ssh-copy-id -i ~/.ssh/id_rsa.pub docker@10.0.0.12
ssh-copy-id -i ~/.ssh/id_rsa.pub docker@10.0.0.13
安装nginx,为了我们能在外面访问(多master负载使用,在MKE安装)
nginx的配置如下:
[docker@MKE ~]$ cat /etc/nginx/nginx.conf
worker_processes auto;
pid /run/nginx.pid;
events {
use epoll;
worker_connections 65536;
accept_mutex off;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$upstream_addr" "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" "$request_time"';
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 900;
# keepalive_timeout 0;
keepalive_requests 100;
types_hash_max_size 2048;
server {
listen 80;
return 301 https://$host$request_uri;
}
}
stream {
upstream rancher_servers {
least_conn;
server 10.0.0.11:443 max_fails=3 fail_timeout=5s;
}
server {
listen 443;
proxy_pass rancher_servers;
}
}
启用docker nginx服务
docker run -d --restart=unless-stopped \\
-p 80:80 -p 443:443 \\
-v /etc/nginx/nginx.conf:/etc/nginx/nginx.conf \\
nginx:1.14
RKE 安装kubernetes(在MKE机器上操作)
下载RKE wget https://github.com/rancher/rke/releases/download/v0.1.11/rke_linux-amd64 (不建议在不能×××的机器上安装,我们可以下载下来传上去)
rancher-cluster.yml
nodes:
- address: 10.0.0.11
user: docker
ssh_key_path: ~/.ssh/id_rsa
role: [controlplane, worker, etcd]
- address: 10.0.0.12
user: docker
ssh_key_path: ~/.ssh/id_rsa
role: [worker, etcd]
- address: 10.0.0.13
user: docker
ssh_key_path: ~/.ssh/id_rsa
role: [worker, etcd]
services:
etcd:
snapshot: true
creation: 6h
retention: 24
# 当使用外部 TLS 终止,并且使用 ingress-nginx v0.22或以上版本时,必须。
ingress:
provider: nginx
options:
use-forwarded-headers: "true"
安装kubectl 检查集群
yum -y install kuberctl
