一、环境介绍¶

这里使用三台机器做k8s集群,架构为一master两node节点

主机名	角色	IP地址	操作系统
rocky9-20	master01	10.0.0.20	Rocky9.4
rocky9-21	node01	10.0.0.21	Rocky9.4
rocky9-22	node02	10.0.0.22	Rocky9.4

二、初始化环境¶

1、所有节点禁用并停止防火墙服务

systemctl disable --now firewalld
systemctl disable --now dnsmasq

2、所有节点临时禁用selinux

setenforce 0

3、所有节点永久禁用 SELinux,确保 SELinux 在系统重启后仍然处于禁用状态

sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/sysconfig/selinux 
sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/selinux/config

4、所有节点关闭swap分区

swapoff -a && sysctl -w vm.swappiness=0
sed -ri '/^[^#]*swap/s@^@#@' /etc/fstab

5、所有节点安装一些常用的 Linux 系统管理和开发工具包

yum install -y wget jq psmisc vim net-tools telnet yum-utils device-mapper-persistent-data lvm2 git

6、所有节点将 Docker CE 仓库添加到系统中，加载 Docker 正常运行所需的内核模块

yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum -y install docker-ce
modprobe overlay
modprobe br_netfilter
modprobe ip_tables
modprobe ip_conntrack
modprobe iptable_filter
modprobe ipt_state
echo 'ip_tables' >> /etc/modules

7、所有节点配置网络相关的内核参数，并应用于系统的内核设置

cat <<EOF | tee /etc/sysctl.d/99-kubernetes-cri.conf
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-ip6tables = 1
EOF

sysctl --system

8、所有节点启动docker

systemctl enable --now docker

三、从零部署k8s集群¶

1、依次点击【集群管理】-【集群】-【创建】

Day002-Rancher多集群管理-图9

2、选择【自定义】,这里需要注意的是要勾选【RKE2/K3s】

Day002-Rancher多集群管理-图10

3、自定义集群

(1)定义集群名称：prod,集群描述：生产环境

Day002-Rancher多集群管理-图11

(2)基本信息中取消勾选【NGINX Ingress】，这块根据实际情况来，我这边不需要NGINX Ingress，所以取消勾选了

Day002-Rancher多集群管理-图12

(3)点击【创建】

Day002-Rancher多集群管理-图13

4、勾选好节点角色，复制注册命令在10.0.0.20创建控制节点

[root@rocky9-20 ~]# curl --insecure -fL https://10.0.0.10/system-agent-install.sh | sudo  sh -s - --server https://10.0.0.10 --label 'cattle.io/os=linux' --token mw45zpr8f724sr8kxljlm896rzrcpv8ghxg6wpgk8hr9q7hm9dnxs5 --ca-checksum 64fb91f7e6f5d7de94511ab32b5fa7b9e7cbc8aefbd2314bb4c23d874cee9a9d --etcd --controlplane --worker

5、勾选好节点角色，复制注册命令在10.0.0.21和10.0.0.22创建工作节点

[root@rocky9-21 ~]# curl --insecure -fL https://10.0.0.10/system-agent-install.sh | sudo  sh -s - --server https://10.0.0.10 --label 'cattle.io/os=linux' --token mw45zpr8f724sr8kxljlm896rzrcpv8ghxg6wpgk8hr9q7hm9dnxs5 --ca-checksum 64fb91f7e6f5d7de94511ab32b5fa7b9e7cbc8aefbd2314bb4c23d874cee9a9d --worker
[root@rocky9-22 ~]# curl --insecure -fL https://10.0.0.10/system-agent-install.sh | sudo  sh -s - --server https://10.0.0.10 --label 'cattle.io/os=linux' --token mw45zpr8f724sr8kxljlm896rzrcpv8ghxg6wpgk8hr9q7hm9dnxs5 --ca-checksum 64fb91f7e6f5d7de94511ab32b5fa7b9e7cbc8aefbd2314bb4c23d874cee9a9d --worker

6、查看10.0.0.20、10.0.0.21和10.0.0.22上rancher-system-agent服务，观察到已正常启动

[root@rocky9-20 ~]# systemctl status rancher-system-agent.service 
● rancher-system-agent.service - Rancher System Agent
     Loaded: loaded (/etc/systemd/system/rancher-system-agent.service; enabled; preset: disabled)
     Active: active (running) since Sat 2025-01-11 17:50:01 CST; 6min ago
       Docs: https://www.rancher.com
   Main PID: 32874 (rancher-system-)
      Tasks: 14 (limit: 48708)
     Memory: 125.6M
        CPU: 2.064s
     CGroup: /system.slice/rancher-system-agent.service
             └─32874 /usr/local/bin/rancher-system-agent sentinel

[root@rocky9-21 ~]# systemctl status rancher-system-agent.service
● rancher-system-agent.service - Rancher System Agent
     Loaded: loaded (/etc/systemd/system/rancher-system-agent.service; enabled; preset: disabled)
     Active: active (running) since Sat 2025-01-11 17:51:36 CST; 5min ago
       Docs: https://www.rancher.com
   Main PID: 32918 (rancher-system-)
      Tasks: 13 (limit: 48708)
     Memory: 23.1M
        CPU: 151ms
     CGroup: /system.slice/rancher-system-agent.service
             └─32918 /usr/local/bin/rancher-system-agent sentinel

[root@rocky9-22 ~]# systemctl status rancher-system-agent.service
● rancher-system-agent.service - Rancher System Agent
     Loaded: loaded (/etc/systemd/system/rancher-system-agent.service; enabled; preset: disabled)
     Active: active (running) since Sat 2025-01-11 17:51:46 CST; 5min ago
       Docs: https://www.rancher.com
   Main PID: 32627 (rancher-system-)
      Tasks: 13 (limit: 48708)
     Memory: 21.6M
        CPU: 125ms
     CGroup: /system.slice/rancher-system-agent.service
             └─32627 /usr/local/bin/rancher-system-agent sentinel

7、继续点击【配置日志】，出现done字样且集群prod状态变为Active，则代表安装集群成功

8、依次点击【POD】-【工作负载】-【Pod】后，在上方勾选【所有命名空间】即可查看所有pod

9、在10.0.0.20节点上配置crictl和kubectl命令的软链接

#crictl配置
[root@rocky9-20 ~]# echo 'export CRI_CONFIG_FILE=/var/lib/rancher/rke2/agent/etc/crictl.yaml' >> /etc/profile
[root@rocky9-20 ~]# source /etc/profile
[root@rocky9-20 ~]# ln -s /var/lib/rancher/rke2/bin/crictl /usr/local/bin/

#crictl查看容器
[root@rocky9-20 ~]# crictl ps
CONTAINER           IMAGE               CREATED             STATE               NAME                               ATTEMPT             POD ID              POD
b4419b9c1eb7a       6a8d5ae6dd415       About an hour ago   Running             cluster-register                   0                   8879e4e79340a       cattle-cluster-agent-774f4b89cb-6sttn
bbcd7e0f83b5d       b49684953b3b9       About an hour ago   Running             rancher-webhook                    0                   ebd42ee63578e       rancher-webhook-565b7c6b86-lb42f
812a868e86146       abc5338582c4f       About an hour ago   Running             system-upgrade-controller          0                   bb8ae3159876b       system-upgrade-controller-99f9cb976-hsmzl
...
...

#kubectl配置
[root@rocky9-20 ~]# echo 'export KUBECONFIG=/etc/rancher/rke2/rke2.yaml' >> /etc/profile
[root@rocky9-20 ~]# source /etc/profile
[root@rocky9-20 ~]# ln -s /var/lib/rancher/rke2/bin/kubectl /usr/local/bin/

#kubectl查看node节点
[root@rocky9-20 ~]# kubectl get nodes
NAME        STATUS   ROLES                              AGE   VERSION
rocky9-20   Ready    control-plane,etcd,master,worker   99m   v1.27.16+rke2r2
rocky9-21   Ready    worker                             86m   v1.27.16+rke2r2
rocky9-22   Ready    worker                             87m   v1.27.16+rke2r2

10、至此，k8s集群已经部署完成。可以执行shutdown -h now命令进行关机做快照。

Rancher从零部署并管理K8s集群

一、环境介绍¶

二、初始化环境¶

三、从零部署k8s集群¶

评论区