准备工作
| 节点名称 | 节点IP |
|---|---|
| k8s-master-1 | 10.10.10.151 |
| k8s-master-2 | 10.10.10.152 |
| k8s-master-3 | 10.10.10.153 |
| kube-vip(虚拟IP) | 10.10.10.150 |
RKE 安装 rancher
在第一个 master 安装 RKE2 server
1# 安装 RKE2
2curl -sfL https://get.rke2.io | sh -
创建配置文件
1mkdir -p /etc/rancher/rke2/
1# 配置 server
2cat <<EOF >/etc/rancher/rke2/config.yaml
3write-kubeconfig-mode: "0644"
4tls-san:
5 - 10.10.10.150
6 - rancher.jobcher.com
7cni: cilium
8disable-kube-proxy: true
9EOF
1# 启动 server
2systemctl enable rke2-server --now
3systemctl status rke2-server
1ln -s /var/lib/rancher/rke2/bin/kubectl /usr/local/bin/kubectl
2echo 'export KUBECONFIG=/etc/rancher/rke2/rke2.yaml' >> ~/.bashrc
3source ~/.bashrc
kubectl 补全
1apt-get install -y bash-completion
1echo 'source <(kubectl completion bash)' >> ~/.bashrc
2source ~/.bashrc
3kubectl completion bash >/etc/bash_completion.d/kubectl
4source /etc/bash_completion.d/kubectl
cilium 安装
下载 Cilium CLI
1curl -L --remote-name https://github.com/cilium/cilium-cli/releases/latest/download/cilium-linux-amd64.tar.gz
2tar xzvf cilium-linux-amd64.tar.gz
3mv cilium /usr/local/bin/
4cilium version
1cilium status
2kubectl get pods -n kube-system -l k8s-app=cilium
3kubectl get nodes -o wide
1vim rke2-cilium-config.yml
1# /var/lib/rancher/rke2/server/manifests/rke2-cilium-config.yml
2apiVersion: helm.cattle.io/v1
3kind: HelmChartConfig
4metadata:
5 name: rke2-cilium
6 namespace: kube-system
7spec:
8 valuesContent: |-
9 tunnelProtocol: geneve
10 kubeProxyReplacement: true
11 k8sServiceHost: localhost
12 k8sServicePort: 6443
13 hubble:
14 enabled: true
15 relay:
16 enabled: true
17 ui:
18 enabled: true
配置 hubble-ui ,查看网络结构
1kubectl apply -f rke2-cilium-config.yml
2
3kubectl -n kube-system patch svc hubble-ui \
4 -p '{"spec": {"type": "NodePort"}}'
其他master 加入集群
获取token值
1cat /var/lib/rancher/rke2/server/node-token
1curl -sfL https://get.rke2.io | sh -
1mkdir -p /etc/rancher/rke2/
1cat <<EOF >/etc/rancher/rke2/config.yaml
2server: https://10.10.10.150:9345
3token: <token> # 输入token值
4tls-san:
5 - 10.10.10.150
6 - rancher.jobcher.com
7cni: cilium
8disable-kube-proxy: true
9EOF
1# 启动 server
2systemctl enable rke2-server --now
3systemctl status rke2-server
配置kubectl
1ln -s /var/lib/rancher/rke2/bin/kubectl /usr/local/bin/kubectl
2echo 'export KUBECONFIG=/etc/rancher/rke2/rke2.yaml' >> ~/.bashrc
3source ~/.bashrc
1kubectl get pod -n kube-system | grep kube-vip
kube-vip 安装
1KVVERSION=$(curl -sL https://api.github.com/repos/kube-vip/kube-vip/releases | jq -r ".[0].name")
1alias ctr="/var/lib/rancher/rke2/bin/ctr --address /run/k3s/containerd/containerd.sock"
1alias kube-vip="ctr image pull ghcr.io/kube-vip/kube-vip:$KVVERSION; ctr run --rm --net-host ghcr.io/kube-vip/kube-vip:$KVVERSION vip /kube-vip"
1wget https://kube-vip.io/manifests/rbac.yaml
2mv rbac.yaml kube-vip-rbac.yaml
3chmod +x kube-vip-rbac.yaml && kubectl apply -f kube-vip-rbac.yaml
1# 运行
2kube-vip manifest daemonset \
3 --arp \
4 --controlplane \
5 --address 10.10.10.150\
6 --interface eth0 \
7 --leaderElection \
8 --enableLoadBalancer \
9 --inCluster \
10 --taint > kube-vip.yaml
1kubectl apply -f kube-vip.yaml
检测vip
1ping 10.10.10.150
1curl -k https://10.10.10.150:9345/v1-rke2/connect
rancher 安装
1curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash
2
3helm repo add rancher-stable https://releases.rancher.com/server-charts/stable
4helm repo update
5
6kubectl create namespace cattle-system
7kubectl -n cattle-system create secret tls tls-rancher-ingress --cert=fullchain.pem --key=privkey.pem
1helm upgrade --install rancher rancher-stable/rancher \
2 --namespace cattle-system \
3 --set hostname="rancher.jobcher.com" \
4 --set ingress.tls.source="secret" \
5 --set bootstrapPassword="输入你的密码"
