单节点k3s部署rancher-526互联

服务器优化

sed -i 's/enforcing/disabled/' /etc/selinux/config
setenforce 0
systemctl stop firewalld
systemctl disable firewalld
swapoff -a 
sed -ri 's/.*swap.*/#&/' /etc/fstab


cat > /etc/sysctl.d/k8s_better.conf << EOF
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1
net.ipv4.ip_forward=1
vm.swappiness=0
vm.overcommit_memory=1
vm.panic_on_oom=0
fs.inotify.max_user_instances=8192
fs.inotify.max_user_watches=1048576
fs.file-max=52706963
fs.nr_open=52706963
net.ipv6.conf.all.disable_ipv6=1
net.netfilter.nf_conntrack_max=2310720
EOF

sysctl -p /etc/sysctl.d/k8s_better.conf

cat >> /etc/security/limits.conf <<EOF
* soft nofile 1048576
* hard nofile 1048576
* soft nproc 1048576
* hard nproc 1048576
* hard memlock unlimited
* soft memlock unlimited
* soft msgqueue unlimited
* hard msgqueue unlimited
EOF

sed -i "s/#DefaultLimitNOFILE=/DefaultLimitNOFILE=1048576/g" /etc/systemd/system.conf
sed -i "s/#DefaultLimitNPROC=/DefaultLimitNPROC=1048576/g" /etc/systemd/system.conf
sed -i "s/#DefaultLimitMEMLOCK=/DefaultLimitMEMLOCK=infinity/g" /etc/systemd/system.conf

systemctl daemon-reexec

安装Docker

yum install -y yum-utils lvm2 device-mapper-persistent-data

yum-config-manager --add-repo https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/centos/docker-ce.repo

yum install -y docker-ce-20.10.24-3.el7 docker-ce-cli-20.10.24-3.el7 containerd.io

mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-'EOF'
{
  	"exec-opts": ["native.cgroupdriver=systemd"],
	"max-concurrent-downloads": 5,
	"max-concurrent-uploads": 5,
	"storage-driver": "overlay2",
	"storage-opts": ["overlay2.override_kernel_check=true"],
	"log-driver": "json-file",
	"log-opts": {
    		"max-size": "10m",
    		"max-file": "3"
    	}
}
EOF
systemctl daemon-reload
systemctl restart docker
systemctl enable docker

安装helm

下载 需要的版本 https://github.com/helm/helm/releases
解压(tar -zxvf helm-v3.0.0-linux-amd64.tar.gz)
在解压目录中找到helm程序，移动到需要的目录中(mv linux-amd64/helm /usr/local/bin/helm

部署k3s

下载 https://get.k3s.io 文件到本地，命名为 get_ks3_io.sh ，修改里面的两个地址分别为(服务器无法连接github)

download_hash()函数中的 else下 HASH_URL="http://172.17.68.45:9000/tools/sha256sum-amd64.txt"

download_binary()函数中的 else下 BIN_URL="http://172.17.68.45:9000/tools/k3s"

迁移配置文件

mkdir .kube
cp /etc/rancher/k3s/k3s.yaml .kube/config
#查看集群状态
[root@localhost ~]# kubectl get nodes
NAME                    STATUS   ROLES                       AGE   VERSION
localhost.localdomain   Ready    control-plane,etcd,master   99m   v1.24.10+k3s1

helm安装rancher

helm repo add rancher-stable https://releases.rancher.com/server-charts/stable

kubectl create namespace cattle-system
  
#安装rancher，假定域名是www.wht.com,使用私有证书创建
helm install rancher rancher-stable/rancher \
  --namespace cattle-system \
  --set hostname=www.rancher.com \
  --set bootstrapPassword=admin \
  --set ingress.tls.source=secret \
  --set privateCA=true \
  --version 2.7.2  \
  --set global.cattle.psp.enabled=false
#由于本地网络问题，后面修改了deploy的image为registry.cn-hangzhou.aliyuncs.com/rancher/rancher:v2.7.2
#修改 kubectl edit deploy rancher -n cattle-system
#重启 kubectl rollout restart deploy rancher -n  cattle-system

添加私有tls证书

kubectl -n cattle-system create secret tls tls-rancher-ingress \
  --cert=tls.crt \
  --key=tls.key
  
kubectl -n cattle-system create secret generic tls-ca \
  --from-file=cacerts.pem=./cacerts.pem

centos7 centos k3s 3s

集群k3s k3 3s

openlens truenas scale k3s