rke搭建k8s

原创 WJXZ 该账号已冻结

2020年11月25日 01:54

安装Docker

sudo apt-get update && sudo apt-get -y install apt-transport-https ca-certificates curl software-properties-commoncurl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -sudo add-apt-repository "deb [arch=amd64] http://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable"sudo apt-get updatesudo apt-get update && sudo apt-get -y install docker-ce=18.06.3~ce~3-0~ubuntusudo chown ubuntu /var/run/docker.sock

配置文件

# all_cluster.ymlnodes:    - address: 52.83.10.133      user: ubuntu      role:        - controlplane        - etcd      hostname_override: ip-172-31-25-125      internal_address: 172.31.25.125      ssh_key_path: *.pem      port: 22    - address: 52.82.10.240      user: ubuntu      role:        - controlplane        - etcd      hostname_override: ip-172-31-37-57      internal_address: 172.31.37.57      ssh_key_path: *.pem      port: 22    - address: 52.82.10.114      user: ubuntu      role:        - controlplane        - etcd      hostname_override: ip-172-31-12-73      internal_address: 172.31.12.73      ssh_key_path: /home/wjx/qit-dev-finone-ningxia-hadoop.pem      port: 22    - address: 52.82.110.216      user: ubuntu      role:        - worker      hostname_override: ip-172-31-29-156      internal_address: 172.31.29.156      ssh_key_path: *.pem      port: 22    - address: 52.82.14.129      user: ubuntu      role:        - worker      hostname_override: ip-172-31-42-174      internal_address: 172.31.42.174      ssh_key_path: *.pem      port: 22    - address: 52.83.185.43      user: ubuntu      role:        - worker      hostname_override: ip-172-31-1-34      internal_address: 172.31.1.34      ssh_key_path: *.pem      port: 22ignore_docker_version: truecluster_name: testkubernetes_version: v1.17.4-rancher1-2authentication:    strategy: x509    sans:      - "k8s.wjx.com"      - "52.83.10.133"      - "172.31.12.73"      - "ip-172-31-12-73.cn-northwest-1.compute.internal"      - "52.82.10.240"      - "172.31.25.125"      - "ip-172-31-25-125.cn-northwest-1.compute.internal"      - "52.82.10.114"      - "172.31.37.57"      - "ip-172-31-37-57.cn-northwest-1.compute.internal"authorization:    mode: rbaccloud_provider:    name: awsaddon_job_timeout: 30network:    plugin: calicodns:    provider: coredns

启动k8s集群

rke up --config all_cluster.yml

证书轮换

rke cert rotate # 批量更新所有服务证书 (ca证书不变)
rke cert rotate --service kubelet # 更新指定服务 (ca证书不变)
rke cert rotate --rotate-ca 轮换ca和所有服务证书
# 因为证书改变，相应的token也会变化，在集群证书更新完成后，需要对连接API SERVER的Pod进行重建，以获取新的tokencattle-system/cattle-cluster-agentcattle-system/cattle-node-agentcattle-system/kube-api-authingress-nginx/nginx-ingress-controllerkube-system/canalkube-system/kube-dnskube-system/kube-dns-autoscaler其他应用Pod

迁移rke搭建的k8s集群

前提

迁移前提是默认所有软件已经安装成功，而且当前集群状态正常
目标集群的IP地址需要和现有服务器一致，预装docker，并配置好免密

备份集群信息

# 该命令将在所有的etcd主节点/opt/rke/etcd-snapshots/目录下生成集群备份文件，和证书备份rke etcd snapshot-savels /opt/rke/etcd-snapshots/pki.bundle.tar.gz              # 证书备份rke_etcd_snapshot_2020-11-23T21:23:44+08:00       # 集群备份

启动备份集群

rke up --config all_cluster.yml

继续滑动看下一个