背景

由于rancher的一个bug,导致无法通过docker形式安装,于是采用RKE方式。查看rancher的文档,了解到RKE相对比较简单

注意
由于PVE的LXC不支持k8s,最终采用VM

系统准备

操作系统:Debian***

软件环境

软件 版本
docker 20.10.12
操作系统 Debian
Kubernetes v1.22.6

服务器

角色 ip role
host 192.168.1.200 controlplane、rancher、rke
master 192.168.1.201 controlplane、etc
worker1 192.168.1.202 worker
worker2 192.168.1.203 worker
worker3 192.168.1.204 worker

系统软件更新

1
2
3
debian@debian:~# sudo apt-get update -y
...
debian@debian:~# sudo apt-get upgrade -y

安装基础软件

1
2
3
4
5
6
debian@debian:~# sudo apt-get install \ 
apt-transport-https \
ca-certificates \
curl \
gnupg2 \
software-properties-common -y

添加 Docker GPG 密钥

1
debian@debian:~# sudo curl -fsSL https://mirrors.ustc.edu.cn/docker-ce/linux/debian/gpg | sudo apt-key add -

设置docker稳定版仓库

1
2
3
debian@debian:~# sudo add-apt-repository \
"deb [arch=amd64] https://mirrors.ustc.edu.cn/docker-ce/linux/debian \
$(lsb_release -cs) stable"

安装docker

1
2
3
debian@debian:~# sudo apt-get install -y docker-ce
debian@debian:~# sudo systemctl enable docker
debian@debian:~# sudo systemctl start docker

创建用户、登录文件夹、文件夹权限

1
2
3
4
5
debian@debian:~# useradd -g docker docker

debian@debian:~# mkdir /home/docker
debian@debian:~# chown -R docker /home/docker
debian@debian:~# passwd docker #设置docker密码

准备安装

在一台可以访问所有机器的设备上创建

k8s集群设备ssh免密登录

1
2
3
4
5
debian@debian:~# ssh-keygen -t rsa
debian@debian:~# ssh-copy-id docker@192.168.1.201
debian@debian:~# ssh-copy-id docker@192.168.1.202
debian@debian:~# ssh-copy-id docker@192.168.1.203
debian@debian:~# ssh-copy-id docker@192.168.1.204

部署集群

下载RKE工具

本机是debian,下载adm64版本即可,v1.3.7

执行权限

1
debian@debian:~# chmod +x rke_linux-amd64

配置kubernetes集群

1
debian@debian:~# ./rke_linux-amd64 config

配置好以后会生成一个yml文件,cluster.yml

1
2
debian@debian:~# ls
cluster.yml rke_linux-amd64

配置文件内容

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
# If you intended to deploy Kubernetes in an air-gapped environment,
# please consult the documentation on how to configure custom RKE images.
nodes:
- address: 192.168.1.201
port: "22"
internal_address: ""
role:
- controlplane
- etcd
hostname_override: ""
user: docker
docker_socket: /var/run/docker.sock
ssh_key: ""
ssh_key_path: ~/.ssh/id_rsa
ssh_cert: ""
ssh_cert_path: ""
labels: {}
taints: []
- address: 192.168.1.202
port: "22"
internal_address: ""
role:
- worker
hostname_override: ""
user: docker
docker_socket: /var/run/docker.sock
ssh_key: ""
ssh_key_path: ~/.ssh/id_rsa
ssh_cert: ""
ssh_cert_path: ""
labels: {}
taints: []
- address: 192.168.1.203
port: "22"
internal_address: ""
role:
- worker
hostname_override: ""
user: docker
docker_socket: /var/run/docker.sock
ssh_key: ""
ssh_key_path: ~/.ssh/id_rsa
ssh_cert: ""
ssh_cert_path: ""
labels: {}
taints: []
- address: 192.168.1.204
port: "22"
internal_address: ""
role:
- worker
hostname_override: ""
user: docker
docker_socket: /var/run/docker.sock
ssh_key: ""
ssh_key_path: ~/.ssh/id_rsa
ssh_cert: ""
ssh_cert_path: ""
labels: {}
taints: []
services:
etcd:
image: ""
extra_args: {}
extra_binds: []
extra_env: []
win_extra_args: {}
win_extra_binds: []
win_extra_env: []
external_urls: []
ca_cert: ""
cert: ""
key: ""
path: ""
uid: 0
gid: 0
snapshot: null
retention: ""
creation: ""
backup_config: null
kube-api:
image: ""
extra_args: {}
extra_binds: []
extra_env: []
win_extra_args: {}
win_extra_binds: []
win_extra_env: []
service_cluster_ip_range: 10.43.0.0/16
service_node_port_range: ""
pod_security_policy: false
always_pull_images: false
secrets_encryption_config: null
audit_log: null
admission_configuration: null
event_rate_limit: null
kube-controller:
image: ""
extra_args: {}
extra_binds: []
extra_env: []
win_extra_args: {}
win_extra_binds: []
win_extra_env: []
cluster_cidr: 10.42.0.0/16
service_cluster_ip_range: 10.43.0.0/16
scheduler:
image: ""
extra_args: {}
extra_binds: []
extra_env: []
win_extra_args: {}
win_extra_binds: []
win_extra_env: []
kubelet:
image: ""
extra_args: {}
extra_binds: []
extra_env: []
win_extra_args: {}
win_extra_binds: []
win_extra_env: []
cluster_domain: cluster.local
infra_container_image: ""
cluster_dns_server: 10.43.0.10
fail_swap_on: false
generate_serving_certificate: false
kubeproxy:
image: ""
extra_args: {}
extra_binds: []
extra_env: []
win_extra_args: {}
win_extra_binds: []
win_extra_env: []
network:
plugin: canal
options: {}
mtu: 0
node_selector: {}
update_strategy: null
tolerations: []
authentication:
strategy: x509
sans: []
webhook: null
addons: ""
addons_include: []
system_images:
etcd: rancher/mirrored-coreos-etcd:v3.5.2
alpine: rancher/rke-tools:v0.1.79
nginx_proxy: rancher/rke-tools:v0.1.79
cert_downloader: rancher/rke-tools:v0.1.79
kubernetes_services_sidecar: rancher/rke-tools:v0.1.79
kubedns: rancher/mirrored-k8s-dns-node-cache:1.21.1
dnsmasq: rancher/mirrored-k8s-dns-dnsmasq-nanny:1.21.1
kubedns_sidecar: rancher/mirrored-k8s-dns-sidecar:1.21.1
kubedns_autoscaler: rancher/mirrored-cluster-proportional-autoscaler:1.8.5
coredns: coredns/coredns:1.9.0
coredns_autoscaler: rancher/mirrored-cluster-proportional-autoscaler:1.8.5
nodelocal: rancher/mirrored-k8s-dns-node-cache:1.21.1
kubernetes: rancher/hyperkube:v1.23.4-rancher1
flannel: rancher/mirrored-coreos-flannel:v0.15.1
flannel_cni: rancher/flannel-cni:v0.3.0-rancher6
calico_node: rancher/mirrored-calico-node:v3.22.0
calico_cni: rancher/mirrored-calico-cni:v3.22.0
calico_controllers: rancher/mirrored-calico-kube-controllers:v3.22.0
calico_ctl: rancher/mirrored-calico-ctl:v3.22.0
calico_flexvol: rancher/mirrored-calico-pod2daemon-flexvol:v3.22.0
canal_node: rancher/mirrored-calico-node:v3.22.0
canal_cni: rancher/mirrored-calico-cni:v3.22.0
canal_controllers: rancher/mirrored-calico-kube-controllers:v3.22.0
canal_flannel: rancher/mirrored-coreos-flannel:v0.15.1
canal_flexvol: rancher/mirrored-calico-pod2daemon-flexvol:v3.22.0
weave_node: weaveworks/weave-kube:2.8.1
weave_cni: weaveworks/weave-npc:2.8.1
pod_infra_container: rancher/mirrored-pause:3.6
ingress: rancher/nginx-ingress-controller:nginx-1.1.1-rancher1
ingress_backend: rancher/mirrored-nginx-ingress-controller-defaultbackend:1.5-rancher1
ingress_webhook: rancher/mirrored-ingress-nginx-kube-webhook-certgen:v1.1.1
metrics_server: rancher/mirrored-metrics-server:v0.6.1
windows_pod_infra_container: rancher/kubelet-pause:v0.1.6
aci_cni_deploy_container: noiro/cnideploy:5.1.1.0.1ae238a
aci_host_container: noiro/aci-containers-host:5.1.1.0.1ae238a
aci_opflex_container: noiro/opflex:5.1.1.0.1ae238a
aci_mcast_container: noiro/opflex:5.1.1.0.1ae238a
aci_ovs_container: noiro/openvswitch:5.1.1.0.1ae238a
aci_controller_container: noiro/aci-containers-controller:5.1.1.0.1ae238a
aci_gbp_server_container: noiro/gbp-server:5.1.1.0.1ae238a
aci_opflex_server_container: noiro/opflex-server:5.1.1.0.1ae238a
ssh_key_path: ~/.ssh/id_rsa
ssh_cert_path: ""
ssh_agent_auth: false
authorization:
mode: rbac
options: {}
ignore_docker_version: null
enable_cri_dockerd: null
kubernetes_version: ""
private_registries: []
ingress:
provider: ""
options: {}
node_selector: {}
extra_args: {}
dns_policy: ""
extra_envs: []
extra_volumes: []
extra_volume_mounts: []
update_strategy: null
http_port: 0
https_port: 0
network_mode: ""
tolerations: []
default_backend: null
default_http_backend_priority_class_name: ""
nginx_ingress_controller_priority_class_name: ""
default_ingress_class: null
cluster_name: ""
cloud_provider:
name: ""
prefix_path: ""
win_prefix_path: ""
addon_job_timeout: 0
bastion_host:
address: ""
port: ""
user: ""
ssh_key: ""
ssh_key_path: ""
ssh_cert: ""
ssh_cert_path: ""
ignore_proxy_env_vars: false
monitoring:
provider: ""
options: {}
node_selector: {}
update_strategy: null
replicas: null
tolerations: []
metrics_server_priority_class_name: ""
restore:
restore: false
snapshot_name: ""
rotate_encryption_key: false
dns: null

启动安装

1
debian@debian:~# ./rke_linux-amd64 up

等待执行完

1
debian@debian:~# INFO[0465] Finished building Kubernetes cluster successfully 

安装kubectl

下载kubernetes签名秘钥

1
debian@debian:~# curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add - 

添加kubernetes apt仓库

1
2
3
debian@debian:~# cat <<EOF > /etc/apt/sources.list.d/kubernetes.list
deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main
EOF

更新apt包

1
debian@debian:~# sudo apt-get update -y

安装kubectl

1
debian@debian:~# sudo apt-get install -y kubectl

kubectl设置集群

1
2
debian@debian:~# mkdir ~/.kube
debian@debian:~# cp kube_config_cluster.yml ~/.kube/config

查看k8s节点

1
2
3
4
5
6
debian@debian:~# kubectl get nodes
NAME STATUS ROLES AGE VERSION
192.168.1.201 Ready controlplane,etcd 31m v1.23.4
192.168.1.202 Ready worker 31m v1.23.4
192.168.1.203 Ready worker 31m v1.23.4
192.168.1.204 Ready worker 31m v1.23.4

移除k8s集群

1
debian@debian:~# ./rke_linux-amd64 remove