前期准备

参考

1. 同步hosts文件/etc/hostsshell 172.24.102.255 master1 172.24.102.254 master2 172.24.103.1 master3 172.24.102.253 node1 172.24.103.0 node2 172.24.87.246 rancher-server1 172.24.87.248 rancher-server2 172.24.87.247 rancher-server3

2. 关闭防火墙和selinux```bash sudo sed -i ‘s/SELINUX=enforcing/SELINUX=disabled/g’ /etc/selinux/config

centos

systemctl stop firewalld.service && systemctl disable firewalld.service

ubuntu

ufw disable

3. kernel性能调优<br />**文档修改**：waatchdog改为kernel.watchdog```bash
cat >> /etc/sysctl.d/kubernetes.conf<<EOF
net.ipv4.ip_forward=1
kernel.watchdog_thresh=30
net.bridge.bridge-nf-call-iptables=1
net.ipv4.neigh.default.gc_thresh1=4096
net.ipv4.neigh.default.gc_thresh2=6144
net.ipv4.neigh.default.gc_thresh3=8192
EOF
# 保存
sysctl -p
# 模块加载
modprobe br_netfilter

1. 安装docker
   • 改一下密码，删除升级降级部分 echo rancher | passwd —stdin rancher 删除version= 部分，直接用
     sudo yum -y install docker-ce-19.03.7-3.el7 docker-ce-cli-19.03.7-3.el7 containerd.io ```bash NEW_USER=rancher sudo adduser $NEW_USER echo rancher | passwd —stdin rancher sudo echo “$NEW_USER ALL=(ALL) ALL” >> /etc/sudoers sudo yum remove docker \

          docker-client \
          docker-client-latest \
          docker-common \
          docker-latest \
          docker-latest-logrotate \
          docker-logrotate \
          docker-selinux \
          docker-engine-selinux \
          docker-engine \
          container*

sudo yum install -y yum-utils device-mapper-persistent-data \ lvm2 bash-completion; sudo yum-config-manager —add-repo \ http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo; sudo yum makecache all; sudo yum -y install docker-ce-19.03.7-3.el7 docker-ce-cli-19.03.7-3.el7 containerd.io sudo usermod -aG docker $NEW_USER; sudo systemctl enable —now docker;

5. 配置ssh和改root密码```bash
PasswordAuthor..... yes
sudo passwd root

1. 配置免密
   rancher用户```bash ssh-keygen ssh-copy-id master1

测试免密

for i in cat /etc/hosts | grep -v localhost | grep -Ev '^$' | awk '{print $2}'; do ssh $i hostname ; done

7. 配置镜像加速<br />vi /etc/docker/daemon.json```bash
cat > /etc/docker/daemon.json<<EOF
{
"registry-mirrors": ["https://dockerhub.azk8s.cn","http://hub-mirror.c.163.com","https://3laho3y3.mirror.aliyuncs.com","http://f1361db2.m.daocloud.io"],
"max-concurrent-downloads": 3,
"max-concurrent-uploads": 5,
"storage-driver": "overlay2",
    "storage-opts": [
        "overlay2.override_kernel_check=true"
    ],
"log-driver": "json-file",
    "log-opts": {
    "max-size": "100m",
    "max-file": "3"
    }
}
EOF

1. 下载rke```bash wget https://docs.rancher.cn/download/rke/v1.0.5-rke_linux-amd64

chmod +x ….

mv v1.0.4 /usr/local/bin/rke

9. 编辑cluster.yml```yml
cat << EOF >  cluster.yml
nodes:
  - address: 172.24.103.2
    hostname_override: master1
    internal_address:
    user: rancher
    role: [controlplane,etcd]
  - address: 172.24.103.4
    hostname_override: master2
    internal_address:
    user: rancher
    role: [controlplane,etcd]
  - address: 172.24.103.6
    hostname_override: master3
    internal_address:
    user: rancher
    role: [controlplane,etcd]
  - address: 172.24.103.5
    hostname_override: node1
    internal_address:
    user: rancher
    role: [worker]
  - address: 172.24.103.3
    hostname_override: node2
    internal_address:
    user: rancher
    role: [worker]
kubernetes_version: v1.17.2-rancher1-2
services:
  etcd:
    extra_args:
      auto-compaction-retention: 240
      quota-backend-bytes: '6442450944'
    snapshot: true
    creation: 5m0s
    retention: 24h
  kubelet:
    extra_args:
      pod-manifest-path: "/etc/kubernetes/manifest/"
network:
  plugin: canal
  options:
    flannel_backend_type: "vxlan"
ingress:
  provider: nginx
EOF
rke up --config ./cluster.yml

1. 配置kube```bash wget https://docs.rancher.cn/download/kubernetes/linux-amd64-v1.17.4-kubectl

chmod + x dddd

mv dfsf /usr/local/bin/kubectl

cp kube-configlll ~/.kube/config

yum install -y bash-completion

source /usr/share/bash-completion/bash_completion

source <(kubectl completion bash) ```