Offends/Kubernetes
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

synchronization

Browse Source
This commit is contained in:
offends
2025-08-25 17:53:08 +08:00
commit c201eb5ef9
318 changed files with 23092 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
部署文档/Rancher/Rancher组件公开Metrics访问.md Normal file
View File

@@ -0,0 +1,24 @@
> 本文作者:丁辉
# Rancher组件公开Metrics访问
## RKE1添加Arg
```bash
vi cluster.yml
```
修改如下内容(当前只有这俩默认不对外开放)
```yaml
services:
etcd:
image: ""
extra_args:
listen-metrics-urls: "http://0.0.0.0:2381"
...
kubeproxy:
image: ""
extra_args:
metrics-bind-address: "0.0.0.0:10249"
```

396
部署文档/Rancher/Rke1部署Kubernetes集群.md Normal file
View File

@@ -0,0 +1,396 @@
> 本文作者:丁辉
# Rke1部署Kubernetes集群
[RKE1文档](https://rke.docs.rancher.com/)
[Rancher中文文档](https://docs.rancher.cn/)
| 节点名称 | IP | Kubernetes角色 |
| :------------------: | :----------: | :----------------------: |
| k8s-master-1,Rke管理 | 192.168.1.10 | controlplane,etcd,worker |
| k8s-master-2 | 192.168.1.20 | controlplane,etcd,worker |
| k8s-master-3 | 192.168.1.30 | controlplane,etcd,worker |
## 环境准备
> !!!每次部署都写挺麻烦的索性都放在一个文件内了请查看 [Kubernetes基础环境准备](https://gitee.com/offends/Kubernetes/blob/main/%E9%83%A8%E7%BD%B2%E6%96%87%E6%A1%A3/Kubernetes%E5%9F%BA%E7%A1%80%E7%8E%AF%E5%A2%83%E5%87%86%E5%A4%87.md) ,请按照此文档初始化环境
### 所有节点执行
1. 配置 SSH
```bash
sed -i 's/#AllowTcpForwarding yes/AllowTcpForwarding yes/g' /etc/ssh/sshd_config
```
重启 SSH
```bash
systemctl restart sshd
```
2. 将用户添加到 docker 组
```bash
groupadd docker
useradd -m docker -g docker
```
> 使用其他用户
>
> ```bash
> useradd rke # 创建用户
> usermod -aG docker rke 将rke用户加入docker组
> ```
3. 配置 docker 用户免密登录
```bash
mkdir -p /home/docker/.ssh/
touch /home/docker/.ssh/authorized_keys
chmod 700 /home/docker/.ssh/
chown -R docker.docker /home/docker/.ssh/
chmod 600 /home/docker/.ssh/authorized_keys
```
### Rke管理节点执行
1. 生成密钥
```bash
ssh-keygen -t rsa -N "" -f ~/.ssh/id_rsa -q
```
2. 查看主节点密钥
> 密钥需要到 RKE 初始化节点上获取,所有节点都是用此密钥
```bash
cat ~/.ssh/id_rsa.pub
```
### 所有节点执行
1. 粘贴密钥内容到此文件内(提示所有节点粘贴Rke管理节密钥)
```bash
vi /home/docker/.ssh/authorized_keys
```
2. 验证是否可以免密登录
```bash
ssh docker@192.168.1.10
```
## Docker安装
1. Docker安装
```bash
curl https://releases.rancher.com/install-docker/20.10.sh | sh
```
> 传递参数使用国内源
>
> ```bash
> curl -fsSL https://releases.rancher.com/install-docker/20.10.sh | sh -s -- --mirror Aliyun
> ```
2. Docker参数配置
[文件参考](https://gitea.offends.cn/Offends/Kubernetes/src/branch/main/Docker/Files/daemon.json)
```bash
curl -so /etc/docker/daemon.json https://gitee.com/offends/Kubernetes/raw/main/Docker/Files/daemon.json
```
3. 启动 Docker
```bash
systemctl enable docker
systemctl start docker
```
## 安装并初始化Rke
[RKE二进制文件](https://github.com/rancher/rke/releases/)
1. 下载 RKE 二进制文件,并添加到可执行路径下
> 1.8 版本是 RKE 1.x 系列的最终版本
```bash
wget https://github.com/rancher/rke/releases/download/v1.8.6/rke_linux-amd64
```
2. 授权
```bash
chmod 777 rke_linux-amd64 && mv rke_linux-amd64 /usr/local/bin/rke
```
### 方法一 (不推荐怪麻烦的请看"方法二")
> 如果 `Number of Hosts` 填的是多节点则会提示输入多次节点信息
```bash
rke config --name cluster.yml
```
```bash
[+] Cluster Level SSH Private Key Path [~/.ssh/id_rsa]: #默认回车
[+] Number of Hosts [1]: #节点数量
[+] SSH Address of host (1) [none]: 192.168.1.10 #节点IP地址
[+] SSH Port of host (1) [22]: #默认回车
[+] SSH Private Key Path of host (192.168.1.10) [none]: #默认回车
[-] You have entered empty SSH key path, trying fetch from SSH key parameter
[+] SSH Private Key of host (192.168.1.10) [none]: #默认回车
[-] You have entered empty SSH key, defaulting to cluster level SSH key: ~/.ssh/id_rsa
[+] SSH User of host (192.168.1.10) [ubuntu]: docker #SSH用户
[+] Is host (192.168.1.10) a Control Plane host (y/n)? [y]: y #是否为控制节点
[+] Is host (192.168.1.10) a Worker host (y/n)? [n]: y #是否为计算节点
[+] Is host (192.168.1.10) an etcd host (y/n)? [n]: y #是否为etcd节点
[+] Override Hostname of host (192.168.1.10) [none]: #默认回车
[+] Internal IP of host (192.168.1.10) [none]: 192.168.1.10 #主机内部IP
[+] Docker socket path on host (192.168.1.10) [/var/run/docker.sock]: #默认回车
[+] Network Plugin Type (flannel, calico, weave, canal, aci) [canal]: flannel #选择网络插件类型
[+] Authentication Strategy [x509]: #默认回车
[+] Authorization Mode (rbac, none) [rbac]: #默认回车
[+] Kubernetes Docker image [rancher/hyperkube:v1.26.8-rancher1]: #选择 k8s 版本
[+] Cluster domain [cluster.local]: #集群域
[+] Service Cluster IP Range [10.43.0.0/16]: #服务集群IP范围
[+] Enable PodSecurityPolicy [n]: #默认回车
[+] Cluster Network CIDR [10.42.0.0/16]: #集群网络CIDR
[+] Cluster DNS Service IP [10.43.0.10]: #集群DNS服务IP
[+] Add addon manifest URLs or YAML files [no]: #默认回车
```
基础参数修改
```bash
sed -i '/^ingress:$/,/^ provider:/ s/provider: ""/provider: "none"/' cluster.yml
```
### 方法二
1. 生成初始文件
```bash
rke config --empty --name cluster.yml
```
2. 按需要修改 address 参数
> 多节点则写多个 `address` 并通过调整 role 指定节点属性
```yml
nodes:
- address: 192.168.1.10
port: "22"
internal_address: 192.168.1.10
role:
- controlplane #管理
- worker #计算
- etcd #etcd节点
hostname_override: ""
user: docker
docker_socket: /var/run/docker.sock
ssh_key: ""
ssh_key_path: ~/.ssh/id_rsa
ssh_cert: ""
ssh_cert_path: ""
labels: {}
taints: []
# 格式一样此处省略 20,30 节点配置 ...
services:
...
```
3. 基础参数修改
```bash
sed -i 's/service_cluster_ip_range: ""/service_cluster_ip_range: 10.43.0.0\/16/' cluster.yml
sed -i 's/cluster_cidr: ""/cluster_cidr: 10.42.0.0\/16/' cluster.yml
sed -i 's/cluster_domain: ""/cluster_domain: cluster.local/' cluster.yml
sed -i 's/cluster_dns_server: ""/cluster_dns_server: 10.43.0.10/' cluster.yml
sed -i 's/plugin: ""/plugin: flannel/' cluster.yml
sed -i 's/strategy: ""/strategy: x509/' cluster.yml
sed -i 's/^\s*mode: ""$/ mode: rbac/' cluster.yml
sed -i '/^ingress:$/,/^ provider:/ s/provider: ""/provider: "none"/' cluster.yml
sed -i '/^[^ ]/ s/ssh_key_path: ""/ssh_key_path: ~\/.ssh\/id_rsa/g' cluster.yml
sed -i '0,/^\s*ssh_key_path: ""$/{s,^\s*ssh_key_path: ""$, ssh_key_path: ~/.ssh/id_rsa,}' cluster.yml
```
## 初始化 Kubernetes 集群
```bash
rke up
```
> - 禁用 metrics-server 组件
>
> ```bash
> sed -i '/^monitoring:$/,/^ provider:/ s/provider: ""/provider: "none"/' cluster.yml
> ```
>
> - 调整节点端口范围
>
> > 默认端口范围30000-32767
>
> ```bash
> sed -i 's/service_node_port_range: ""/service_node_port_range: "10000-30000"/' cluster.yml
> ```
>
> - 关闭 Docker 版本检测
>
> ```bash
> sed -i 's/ignore_docker_version: null/ignore_docker_version: true/' cluster.yml
> ```
>
> - 调整部署版本
>
> - 查看当前 RKE 支持的Kubernetes版本
>
> ```bash
> rke config --list-version --all
> ```
>
> - 替换版本
>
> ```bash
> sed -i 's/kubernetes_version: ""/kubernetes_version: "v1.24.17-rancher1-1"/' cluster.yml
> ```
>
> - 更新集群
>
> ```bash
> rke up --update-only
> ```
## 安装 kubectl
[Kubectl二进制文件](https://kubernetes.io/docs/tasks/tools/install-kubectl-linux/)
1. 下载 kubectl
```bash
curl -LO https://dl.k8s.io/release/v1.26.8/bin/linux/amd64/kubectl
```
2. 授权
```bash
chmod 777 kubectl && mv kubectl /usr/local/bin/
```
3. 添加 kubctl 文件
```bash
mkdir ~/.kube && cp kube_config_cluster.yml ~/.kube/config && chmod 600 ~/.kube/config
```
4. 验证
```bash
kubectl get node
```
> 本文中没有禁用 `monitoring` 所以也可以使用 `kubectl top node` 测试
## 卸载
1. 卸载 RKE 集群
```bash
rke remove
```
2. 清理残余容器
```bash
for i in $(docker ps -a | grep rancher | awk '{print $1}');do docker rm -f $i;done
for i in $(docker ps -a | grep rke | awk '{print $1}');do docker rm -f $i;done
```
3. 清除 Docker 引擎的废弃资源和缓存
```bash
docker system prune --all
```
4. 卸载挂载
```bash
mount | grep /var/lib/kubelet/pods/ | awk '{print $1}' | xargs umount -l
```
5. 删除持久化目录
```bash
rm -rf /var/lib/kubelet/
rm -rf /run/flannel/
```
## 备份和恢复
> 非常重要,他奶奶的吃大亏了
### 创建一次性快照
> RKE 会将节点快照保存在 `/opt/rke/etcd-snapshots` 路径下
```bash
rke etcd snapshot-save --config cluster.yml --name <快照名称>
```
### 恢复集群
```bash
rke etcd snapshot-restore --config cluster.yml --name <快照名称>
```
## 恢复 Rke配置文件
> 准备依赖 `jq`
>
> - Centos
>
> ```
> yum install jq -y
> ```
>
> - Ubuntu
>
> ```bash
> apt install jq -y
> ```
- 恢复 Kubectl 配置文件
> 修改 `--master-ip=` 为任意 K8S Master节点IP
```bash
curl -sfL https://gitee.com/offends/Kubernetes/raw/main/File/Shell/restore-rkestate-kubeconfig.sh | bash -s -- --master-ip=<K8S Master节点IP>
```
- 恢复 rkestate 状态文件
- 通过本地 kubectl 找回
```bash
kubectl get configmap -n kube-system full-cluster-state -o json | jq -r .data.\"full-cluster-state\" | jq -r . > cluster.rkestate
```
- 通过 master 节点找回
```bash
curl -sfL https://gitee.com/offends/Kubernetes/raw/main/File/Shell/restore-rkestate-config.sh | bash -s
```

126
部署文档/Rancher/Rke2单机快速部署Kubernetes.md Normal file
View File

@@ -0,0 +1,126 @@
> 本文作者:丁辉
[Rke2文档](https://docs.rke2.io/)
[Rancher中文文档](https://docs.rancher.cn/)
# Rke2单机快速部署Kubernetes
| 节点名称 | IP | Kubernetes角色 |
| :----------: | :----------: | :----------------------------------------: |
| k8s-master-1 | 192.168.1.10 | Controlplane,etcd,worker,keepalived-master |
## 环境准备
> !!!每次部署都写挺麻烦的索性都放在一个文件内了请查看 [Kubernetes基础环境准备](https://gitee.com/offends/Kubernetes/blob/main/%E9%83%A8%E7%BD%B2%E6%96%87%E6%A1%A3/Kubernetes%E5%9F%BA%E7%A1%80%E7%8E%AF%E5%A2%83%E5%87%86%E5%A4%87.md) ,请按照此文档初始化环境
### 所有节点执行
1. 更改主机名
```bash
hostnamectl set-hostname k8s-master-1 && bash
```
3. 在三台节点上配置 NetworkManager
- 配置 cali 和 flannel 的网卡不被 NetworkManager 管理
```bash
mkdir -p /etc/NetworkManager/conf.d
```
内容如下
```bash
cat <<EOF > /etc/NetworkManager/conf.d/rke2-canal.conf
[keyfile]
unmanaged-devices=interface-name:cali*;interface-name:flannel*
EOF
```
- 重启 NetworkManager
```bash
systemctl daemon-reload
systemctl restart NetworkManager
```
### 开始部署
[Rke2-Github-releases](https://github.com/rancher/rke2/releases)
1. 安装 RKE2
```bash
curl -sfL https://get.rke2.io | sh -
```
> - 使用国内源
>
> ```bash
> curl -sfL http://rancher-mirror.rancher.cn/rke2/install.sh | INSTALL_RKE2_MIRROR=cn INSTALL_RKE2_TYPE="server" sh -
> ```
>
> - 指定版本
>
> ```bash
> curl -sfL https://rancher-mirror.rancher.cn/rke2/install.sh | INSTALL_RKE2_MIRROR=cn INSTALL_RKE2_TYPE="server" INSTALL_RKE2_VERSION="v1.29.3+rke2r1" sh -
> ```
2. 开始部署主节点
```bash
systemctl enable rke2-server.service
systemctl start rke2-server.service
```
> 启动失败查看日志
>
> ```bash
> rke2 server --config /etc/rancher/rke2/config.yaml --debug
> ```
3. 配置 RKE2 可执行文件加入到系统的 PATH 中
```bash
echo "export PATH=$PATH:/var/lib/rancher/rke2/bin" >> /etc/profile && source /etc/profile
```
4. 配置 config 文件
```bash
mkdir ~/.kube && cp /etc/rancher/rke2/rke2.yaml ~/.kube/config
```
5. 验证
```bash
kubectl get node
```
6. 配置 crictl 软链接
```bash
ln -s /var/lib/rancher/rke2/agent/etc/crictl.yaml /etc/crictl.yaml
```
7. 验证
```bash
crictl ps
```
## 卸载节点
1. 停止 Rke2
```bash
rke2-killall.sh
```
2. 卸载 Rke2
```bash
rke2-uninstall.sh
```

476
部署文档/Rancher/Rke2部署Kubernetes集群.md Normal file
View File

@@ -0,0 +1,476 @@
> 本文作者:丁辉
[Rke2文档](https://docs.rke2.io/)
[Rancher中文文档](https://docs.rancher.cn/)
# Rke2部署Kubernetes集群
| 节点名称 | IP | Kubernetes角色 |
| :----------: | :----------: | :----------------------------------------: |
| k8s-master-1 | 192.168.1.10 | Controlplane,etcd,worker,keepalived-master |
| k8s-master-2 | 192.168.1.20 | Controlplane,etcd,worker,keepalived-backup |
| k8s-master-3 | 192.168.1.30 | controlplane,etcd,worker,keepalived-backup |
| k8s-worker-1 | 192.168.1.40 | worker |
> Master节点VIP: 192.168.1.100
## 环境准备
> !!!每次部署都写挺麻烦的索性都放在一个文件内了请查看 [Kubernetes基础环境准备](https://gitee.com/offends/Kubernetes/blob/main/%E9%83%A8%E7%BD%B2%E6%96%87%E6%A1%A3/Kubernetes%E5%9F%BA%E7%A1%80%E7%8E%AF%E5%A2%83%E5%87%86%E5%A4%87.md) ,请按照此文档初始化环境
### 所有节点执行
1. 更改主机名
- 192.168.1.10
```bash
hostnamectl set-hostname k8s-master-1 && bash
```
- 192.168.1.20
```bash
hostnamectl set-hostname k8s-master-2 && bash
```
- 192.168.1.30
```bash
hostnamectl set-hostname k8s-master-3 && bash
```
- 192.168.1.40
```bash
hostnamectl set-hostname k8s-node-1 && bash
```
2. 编辑 /etc/hosts 文件
```bash
vi /etc/hosts
```
添加如下内容
```bash
192.168.1.10 k8s-master-1
192.168.1.20 k8s-master-2
192.168.1.30 k8s-master-3
192.168.1.40 k8s-node-1
```
3. 在三台节点上配置 NetworkManager
- 配置 cali 和 flannel 的网卡不被 NetworkManager 管理
```bash
mkdir -p /etc/NetworkManager/conf.d
```
内容如下
```bash
cat <<EOF > /etc/NetworkManager/conf.d/rke2-canal.conf
[keyfile]
unmanaged-devices=interface-name:cali*;interface-name:flannel*
EOF
```
- 重启 NetworkManager
```bash
systemctl daemon-reload
systemctl restart NetworkManager
```
### 安装主节点
[Rke2-Github-releases](https://github.com/rancher/rke2/releases)
1. 安装 RKE2
```bash
curl -sfL https://get.rke2.io | sh -
```
> - 使用国内源
>
> ```bash
> curl -sfL http://rancher-mirror.rancher.cn/rke2/install.sh | INSTALL_RKE2_MIRROR=cn INSTALL_RKE2_TYPE="server" sh -
> ```
>
> - 指定版本
>
> ```bash
> curl -sfL https://rancher-mirror.rancher.cn/rke2/install.sh | INSTALL_RKE2_MIRROR=cn INSTALL_RKE2_TYPE="server" INSTALL_RKE2_VERSION="v1.29.3+rke2r1" sh -
> ```
2. 创建 RKE2 配置文件
[Server 配置参考](https://docs.rke2.io/zh/reference/server_config)
[高级选项和配置](https://docs.rke2.io/zh/advanced)
```bash
mkdir -p /etc/rancher/rke2/
vi /etc/rancher/rke2/config.yaml
```
内容如下
```yaml
#server: "https://192.168.1.100:9345" # 全部 Master 启动后解除注释, 重启服务"
# 创建 token
token: rke2-create-token
# 负载均衡统一入口 IP 或 域名
tls-san:
- "192.168.1.100"
# 阿里镜像源加速, 通常由社区志愿者维护, 镜像同步通常存在滞后性
#system-default-registry: "registry.cn-hangzhou.aliyuncs.com"
# 节点 NAME
node-name: k8s-master-1 # 与当前主机名保持一致
# 节点污点, 禁止 master 节点运行容器
node-taint:
- "CriticalAddonsOnly=true:NoExecute"
disable: # 取消安装 Rke2 默认安装 Charts
- "rke2-ingress-nginx"
- "rke2-metrics-server"
#### 网络配置
# 指定网络模式, [ ipvs , iptables ] 默认是:iptables
kube-proxy-arg:
- "proxy-mode=iptables"
# Kubernetes 集群域名
cluster-domain: "cluster.local"
# 指定要部署的 CNIContainer Network Interface插件[ none , calico , flannel , canal , cilium ] 默认: canal
cni: "canal"
# 指定 Pod IP 的 IPv4/IPv6 网络 CIDR
cluster-cidr: "10.42.0.0/16"
# 指定 Service IP 的 IPv4/IPv6 网络 CIDR
service-cidr: "10.43.0.0/16"
# 指定用于具有 NodePort 访问权限的 Service 的端口范围
service-node-port-range: "30000-32767"
#### ETCD存储配置
# 快照备份时间
etcd-snapshot-schedule-cron: "0 */12 * * *"
# 快照文件保留个数
etcd-snapshot-retention: "10"
# 快照存储目录, 默认位置 /var/lib/rancher/rke2/server/db/snapshots
etcd-snapshot-dir: "${data-dir}/db/snapshots"
#### 存储目录配置
# kube-config 文件位置
write-kubeconfig: "/root/.kube/config"
# kube-config 文件权限
write-kubeconfig-mode: "0644"
# Rke2文件存储目录
data-dir: "/var/lib/rancher/rke2"
```
> 其他参数配置
>
> ```yaml
> # 自定义垃圾回收机制
> kubelet-arg:
> # 设置硬性回收阈值,当节点的文件系统可用空间低于 10% 或内存可用空间低于 2048Mi 时kubelet 将触发硬性回收,即强制驱逐 Pod 以释放资源
> - "eviction-hard=nodefs.available<10%,memory.available<2048Mi"
> # 置软性回收的宽限期当节点的文件系统可用空间或镜像文件系统可用空间低于一定阈值时kubelet 将在触发硬性回收之前等待 30 秒
> - "eviction-soft-grace-period=nodefs.available=30s,imagefs.available=30s"
> # 设置软性回收的阈值,当节点的文件系统可用空间低于 10% 或镜像文件系统可用空间低于 10% 时kubelet 将触发软性回收,尝试释放资源
> - "eviction-soft=nodefs.available<10%,imagefs.available<10%"
>
> kube-controller-manager-extra-env:
> # 设置 Kubernetes 集群签名证书的路径
> - "cluster-signing-cert-file=/etc/kubernetes/ssl/kube-ca.pem"
> # 设置 Kubernetes 集群签名密钥的路径
> - "cluster-signing-key-file=/etc/kubernetes/ssl/kube-ca-key.pem"
>
> kube-apiserver-extra-env:
> # apiserver启用metadata.selfLink 字段
> - "feature-gates='RemoveSelfLink=false'"
> ```
3. 开始部署主节点
```bash
systemctl enable rke2-server.service
systemctl start rke2-server.service
```
> 启动失败查看日志
>
> ```bash
> rke2 server --config /etc/rancher/rke2/config.yaml --debug
> ```
4. 配置 RKE2 可执行文件加入到系统的 PATH 中
```bash
echo "export PATH=$PATH:/var/lib/rancher/rke2/bin" >> /etc/profile && source /etc/profile
```
5. 验证
```bash
kubectl get node
```
6. 配置 crictl 软链接
```bash
ln -s /var/lib/rancher/rke2/agent/etc/crictl.yaml /etc/crictl.yaml
```
7. 验证
```bash
crictl ps
```
10. 查看集群 Token
```bash
cat /var/lib/rancher/rke2/server/node-token
```
## 添加管理节点[2,3节点同理]
1. 安装 RKE2
```bash
curl -sfL https://get.rke2.io | sh -
```
> - 使用国内源
>
> ```bash
> curl -sfL http://rancher-mirror.rancher.cn/rke2/install.sh | INSTALL_RKE2_MIRROR=cn INSTALL_RKE2_TYPE="server" sh -
> ```
>
> - 指定版本
>
> ```bash
> curl -sfL https://rancher-mirror.rancher.cn/rke2/install.sh | INSTALL_RKE2_MIRROR=cn INSTALL_RKE2_TYPE="server" INSTALL_RKE2_CHANNEL=v1.20 sh -
> ```
2. 创建 RKE2 配置文件
```bash
mkdir -p /etc/rancher/rke2/
vi /etc/rancher/rke2/config.yaml
```
内容如下
```yaml
# 指定要连接的集群服务器地址
server: https://192.168.1.100:9345
# Master 节点 token
token: <token> #主节点获取的token值
# 负载均衡统一入口 IP 或 域名
tls-san:
- "192.168.1.100"
# 阿里镜像源加速, 通常由社区志愿者维护, 镜像同步通常存在滞后性
#system-default-registry: "registry.cn-hangzhou.aliyuncs.com"
# 节点 NAME
node-name: k8s-master-2 # 与当前主机名保持一致
# 节点污点, 禁止 master 节点运行容器
node-taint:
- "CriticalAddonsOnly=true:NoExecute"
disable: # 取消安装 Rke2 默认安装 Charts
- "rke2-ingress-nginx"
- "rke2-metrics-server"
#### 网络配置
# 指定网络模式, [ ipvs , iptables ] 默认是:iptables
kube-proxy-arg:
- "proxy-mode=iptables"
# Kubernetes 集群域名
cluster-domain: "cluster.local"
# 指定要部署的 CNIContainer Network Interface插件[ none , calico , flannel , canal , cilium ] 默认: canal
cni: "canal"
# 指定 Pod IP 的 IPv4/IPv6 网络 CIDR
cluster-cidr: "10.42.0.0/16"
# 指定 Service IP 的 IPv4/IPv6 网络 CIDR
service-cidr: "10.43.0.0/16"
# 指定用于具有 NodePort 访问权限的 Service 的端口范围
service-node-port-range: "30000-32767"
#### ETCD存储配置
# 快照备份时间
etcd-snapshot-schedule-cron: "0 */12 * * *"
# 快照文件保留个数
etcd-snapshot-retention: "10"
# 快照存储目录, 默认位置 /var/lib/rancher/rke2/server/db/snapshots
etcd-snapshot-dir: "${data-dir}/db/snapshots"
#### 存储目录配置
# kube-config 文件位置
write-kubeconfig: "/root/.kube/config"
# kube-config 文件权限
write-kubeconfig-mode: "0644"
# Rke2文件存储目录
data-dir: "/var/lib/rancher/rke2"
```
4. 启动
```bash
systemctl enable rke2-server.service
systemctl start rke2-server.service
```
## 添加计算节点
[Agent 配置参考](https://docs.rke2.io/zh/reference/linux_agent_config)
1. 安装 RKE2
```bash
curl -sfL https://get.rke2.io | INSTALL_RKE2_TYPE="agent" sh -
```
> - 使用国内源
>
> ```bash
> curl -sfL http://rancher-mirror.rancher.cn/rke2/install.sh | INSTALL_RKE2_MIRROR=cn INSTALL_RKE2_TYPE="agent" sh -
> ```
>
> - 指定版本
>
> ```bash
> curl -sfL https://rancher-mirror.rancher.cn/rke2/install.sh | INSTALL_RKE2_MIRROR=cn INSTALL_RKE2_TYPE="agent" INSTALL_RKE2_CHANNEL=v1.20 sh -
> ```
2. 创建 RKE2 配置文件
```bash
mkdir -p /etc/rancher/rke2/
vi /etc/rancher/rke2/config.yaml
```
内容如下
```yaml
# 指定要连接的集群服务器地址
server: https://192.168.1.100:9345
# Master 节点 token
token: <token> #主节点获取的token值
# 节点 NAME
node-name: k8s-node-1 # 与当前主机名保持一致
# 阿里镜像源加速, 通常由社区志愿者维护, 镜像同步通常存在滞后性
#system-default-registry: "registry.cn-hangzhou.aliyuncs.com"
#### 网络配置
# 指定网络模式, [ ipvs , iptables ] 默认是:iptables
kube-proxy-arg:
- "proxy-mode=iptables"
```
3. 部署计算节点
```bash
systemctl enable rke2-agent.service
systemctl start rke2-agent.service
```
4. 计算节点添加角色标签
```bash
kubectl label node ${node} node-role.kubernetes.io/worker=true --overwrite
```
## 卸载节点
1. 删除 node 节点
```bash
kubectl delete node ${node}
```
2. 停止 Rke2
```bash
rke2-killall.sh
```
3. 卸载 Rke2
```bash
rke2-uninstall.sh
```
## RKE2高可用部署Kubernetes
1. 编辑 Nginx 配置文件
```bash
vi nginx.conf
```
内容如下
```nginx
events {
worker_connections 1024;
}
stream {
upstream kube-apiserver {
server host1:6443 max_fails=3 fail_timeout=30s;
server host2:6443 max_fails=3 fail_timeout=30s;
server host3:6443 max_fails=3 fail_timeout=30s;
}
upstream rke2 {
server host1:9345 max_fails=3 fail_timeout=30s;
server host2:9345 max_fails=3 fail_timeout=30s;
server host3:9345 max_fails=3 fail_timeout=30s;
}
server {
listen 6443;
proxy_connect_timeout 2s;
proxy_timeout 900s;
proxy_pass kube-apiserver;
}
server {
listen 9345;
proxy_connect_timeout 2s;
proxy_timeout 900s;
proxy_pass rke2;
}
}
```
2. 启动 Nginx
```bash
docker run -itd -p 9345:9345 -p 6443:6443 -v ~/nginx.conf:/etc/nginx/nginx.conf nginx
```
3. 更改之前的 config.yaml
```bash
vi /etc/rancher/rke2/config.yaml
```
内容如下
```bash
tls-san:
- xxx.xxx.xxx.xxx
```