RKE1 部署随记

部署 RKE1

前期准备

# RKE1 二进制
curl -LO "https://github.com/rancher/rke/releases/download/v1.5.12/rke_linux-amd64"

mv rke_linux-amd64 /usr/local/bin/rke && chmod +x /usr/local/bin/rke

# 各节点安装 Docker
curl https://releases.rancher.com/install-docker/20.10.sh | sh

生成配置

cat <<EOF > cluster.yml
# 旧版本 rke1 私钥类型不支持 rsa，需要选择 ed25519
ssh_key_path: /root/.ssh/id_ed25519
nodes:
  - address: 172.16.0.106
    hostname_override: rke1-server-0
    internal_address: 172.16.0.106
    user: root
    role:
      - controlplane
      - etcd
      - worker
  - address: 172.16.0.105
    hostname_override: rke1-server-1
    internal_address: 172.16.0.105
    user: root
    role:
      - controlplane
      - etcd
      - worker
  - address: 172.16.0.104
    hostname_override: rke1-server-2
    internal_address: 172.16.0.104
    user: root
    role:
      - controlplane
      - etcd
      - worker
private_registries:
  - url: registry.cn-hangzhou.aliyuncs.com
    is_default: true
kubernetes_version: "v1.20.15-rancher2-2"
network:
  plugin: calico
EOF

安装 RKE1

rke up --config cluster.yml

方便后续运维配置

mkdir ~/.kube

mv kube_config_cluster.yml ~/.kube/config

find / -name kubectl | grep "/usr/local" | head -1 | awk '{ print "cp "$1" /usr/local/bin" }' | sh

echo "source <(kubectl completion bash)" >> ~/.bashrc

curl https://rancher-mirror.rancher.cn/helm/get-helm-3.sh | INSTALL_HELM_MIRROR=cn bash -s -- --version v3.10.3

echo "source <(helm completion bash)" >> ~/.bashrc

常见问题

如果是 CentOS 和 RHEL 系统，默认不允许使用 root 用户进行安装，报错信息如下：

WARN[0000] Failed to set up SSH tunneling for host [x.x.x.x]: Can’t retrieve Docker Info ，Failed to dial to /var/run/docker.sock: ssh: rejected: administratively prohibited (open failed)

需要准备其他用户：

groupadd rancher && useradd rancher -g rancher && usermod -aG docker rancher

如果出现下面错误，是由于指定的 ssh_key_path 文件对应的主机不正确或对应的用户名不正确，可以检查下节点对应用户的 ~/.ssh/authorized_keys 文件是否正确：

WARN[0000] Failed to set up SSH tunneling for host [x.x.x.x]: Can't retrieve Docker Info: error during connect: Get "http://%2Fvar%2Frun%2Fdocker.sock/v1.24/info": Unable to access node with address [x.x.x.x:22] using SSH. Please check if you are able to SSH to the node using the specified SSH Private Key and if you have configured the correct SSH username. Error: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain

如果出现下面错误：

WARN[0000] Failed to set up SSH tunneling for host [x.x.x.x]: Can't retrieve Docker Info: error during connect: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.24/info: Unable to access the service on /var/run/docker.sock. The service might be still starting up. Error: ssh: rejected: connect failed (open failed) 

需要在 /etc/ssh/sshd_config 文件中添加以下内容：

AllowTcpForwarding yes

清理 iptables 规则

iptables -F \
  && iptables -X \
  && iptables -Z \
  && iptables -F -t nat \
  && iptables -X -t nat \
  && iptables -Z -t nat \
  && docker restart kube-proxy

清理节点

sudo docker rm -f $(sudo docker ps -qa)
sudo docker rmi -f $(sudo docker images -q)
sudo docker volume rm $(sudo docker volume ls -q)

for mount in $(sudo mount | grep tmpfs | grep '/var/lib/kubelet' | awk '{ print $3 }') /var/lib/kubelet /var/lib/rancher; do sudo umount $mount; done

sudo rm -rf /etc/ceph \
  /etc/cni \
  /etc/kubernetes \
  /etc/rancher \
  /opt/cni \
  /opt/rke \
  /run/secrets/kubernetes.io \
  /run/calico \
  /run/flannel \
  /var/lib/calico \
  /var/lib/etcd \
  /var/lib/cni \
  /var/lib/kubelet \
  /var/lib/rancher\
  /var/log/containers \
  /var/log/kube-audit \
  /var/log/pods \
  /var/run/calico

sudo reboot