三台rancher虚拟机,一台master,一台worker,都是centos7.9,rancher和master虚拟机均为2U4GB内存
以下是rke2部署K8S并用helm安装rancher的步骤(在rancher虚拟机执行):
1、设置 hostname(三台节点分别执行)省略
2、设置 /etc/hosts(三台节点都执行)省略
3、设置 iptables(三台节点都执行)
iptables -P FORWARD ACCEPT
4、关闭 swap(三台节点都执行)
swapoff -a
sed -i ‘/ swap / s/^(.)$/#\1/g’ /etc/fstab
5、关闭 selinux(三台节点都执行)
sed -ri 's#(SELINUX=).#\1disabled#’ /etc/selinux/config
setenforce 0
6、将 NetworkManager 配置为忽略 calico/flannel 相关的网络接口(三台节点都执行)
cat > /etc/NetworkManager/conf.d/rke2-canal.conf <<EOF
[keyfile]
unmanaged-devices=interface-name:cali*;interface-name:flannel*
EOF
关闭并禁用firewalld和NetworkManager(三台节点都执行)
systemctl stop firewalld && systemctl disable firewalld
systemctl stop NetworkManager && systemctl disable NetworkManager
7、修改内核参数(三台节点都执行)省略
在node1上执行:
mkdir -p /etc/rancher/rke2/
cat > /etc/rancher/rke2/config.yaml <<EOF
token: rke2rancher
tls-san: 192.168.102.13
system-default-registry: “newharbor.brightoilonline.com”
cluster-cidr: 10.251.0.0/16
service-cidr: 10.252.0.0/16
ingress:
provider: nginx
options:
config-snipper: |
# 启用 snippet
enable-snippet-annotation: “true”
EOF
在node2和node3上执行:
mkdir -p /etc/rancher/rke2/
cat > /etc/rancher/rke2/config.yaml <<EOF
server: https://192.168.102.13:9345
token: rke2rancher
tls-san: 192.168.102.13
system-default-registry: “newharbor.brightoilonline.com”
cluster-cidr: 10.251.0.0/16
service-cidr: 10.252.0.0/16
EOF
8、安装并启用rke2(三个节点都执行)。特别说明:需要等node1启动成功rke2-server后,才能在node2和node3上执行:
curl -sfL https://rancher-mirror.rancher.cn/rke2/install.sh | INSTALL_RKE2_MIRROR=cn INSTALL_RKE2_VERSION=v1.32.5+rke2r1 sh -
systemctl enable rke2-server && systemctl start rke2-server
9、软连接集群配置文件和操作工具(只需在node1上执行):
ln -s /var/lib/rancher/rke2/bin/kubectl /usr/local/bin/kubectl
ln -s /var/lib/rancher/rke2/bin/crictl /usr/local/bin/crictl
ln -s /var/lib/rancher/rke2/bin/ctr /usr/local/bin/ctr
mkdir -p /root/.kube
ln -s /etc/rancher/rke2/rke2.yaml ~/.kube/config
10、设置crictl的默认socket(只需在node1上执行)
说明:这里是rke2的一个bug,默认设置的socket是unix:///run/containerd/containerd.sock,而实际的确是unix:///run/k3s/containerd/containerd.sock:
cat > /etc/crictl.yaml <<EOF
runtime-endpoint: unix:///run/k3s/containerd/containerd.sock
image-endpoint: unix:///run/k3s/containerd/containerd.sock
timeout: 10
debug: false
EOF
11、crt工具使用时,先设置alias别名-node1
cat >> ~/.bashrc <<EOF
alias ctr=‘ctr --address=/run/k3s/containerd/containerd.sock’
EOF
source ~/.bashrc
12、至此,k8s部署完成,检查node和pod正常运行-node1
13、安装helm-node1:
curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash
14、安装rancher-node1:
kubectl create namespace cattle-system
使用权威证书
kubectl -n cattle-system create secret tls tls-rancher-ingress --cert=/opt/quickegret.com.crt --key=/opt/quickegret.com.key
helm install rancher rancher/
–version 2.11.3
–namespace cattle-system
–set ingress.tls.source=secret
–set hostname=cfc-rancher.quickegret.com
–set systemDefaultRegistry=newharbor.brightoilonline.com
–set rancherImage=newharbor.brightoilonline.com/rancher/rancher
–set useBundledSystemChart=true
–set bootstrapPassword=admin
–set replicas=3
rancher部署很顺利,local集群一切正常:
然后创建自定义集群:
就只改了网络插件为canal,和目录为/data/rancher,其他都是默认没动
分别在master和worker执行注册命令:
master的报错:
worker的报错:
我使用过2.5.15,觉得挺好部署的,到这个2.11.3完全变了,感觉以前用的都白用了似得,求大佬解答
