rancher 添加节点

🧙 Questions

rancher2.8.5版本添加节点

☄️ Ideas

查看当前集群情况

kubectl get nodes

集群基础配置

• 时区同步设置
• 用户创建
• hosts映射

添加节点

mkdir -p /data/rke2-artifacts
scp /tmp/rancher/rke2-images.linux-amd64.tar.zst root@node:/data/rke2-artifacts/
scp /tmp/rancher/rke2.linux-amd64.tar.gz root@node:/data/rke2-artifacts/
scp /tmp/rancher/sha256sum-amd64.txt root@node:/data/rke2-artifacts/
scp /tmp/rancher/install root@node:/data/rke2-artifacts/

# 必须要使用root用户执行
cd /data/rke2-artifacts
INSTALL_RKE2_ARTIFACT_PATH=/data/rke2-artifacts INSTALL_RKE2_TYPE="agent" sh install.sh

启用agent服务

systemctl enable rke2-agent.service

配置agent

mkdir -p /etc/rancher/rke2/
vim /etc/rancher/rke2/config.yaml

token获取,在master节点上查看
cat /var/lib/rancher/rke2/server/node-token
使用内网ip或者域名，端口号一定是9345

server: https://isxcode:9345
token: K1037a329d597cb3222a2939e2a05a86ea52d40cc713d7ab3285f5237264699545b::server:c1d835d2739281ca0d1144c589290543
tls-san:
  - isxcode

启动agent服务

journalctl -u rke2-agent -f 查看日志

sudo systemctl start rke2-agent.service
sudo systemctl status rke2-agent.service

检测节点

kubectl get nodes

配置node的roles

kubectl label node <node_name> kubernetes.io/role=worker --overwrite
kubectl label node node1 kubernetes.io/role=worker --overwrite

labels:
  node-role.kubernetes.io/control-plane: 'true'
  node-role.kubernetes.io/etcd: 'true'
  node-role.kubernetes.io/master: 'true'
  node-role.kubernetes.io/worker: 'true'

[root@master ~]# kubectl get nodes
NAME     STATUS   ROLES                              AGE    VERSION
master   Ready    control-plane,etcd,master,worker   138m   v1.28.12+rke2r1
slave    Ready    worker                             35m    v1.28.12+rke2r1

配置harbor仓库

mkdir -p /data/harbor/
scp -r root@master:/data/harbor/ssl /data/harbor/
sudo vim /etc/rancher/rke2/registries.yaml

mirrors:
  docker.io:
    endpoint:
      - "https://isxcode:8443"
configs:
  "https://isxcode:8443":
    auth:
      username: admin
      password: Harbor12345
    tls:
      cert_file: /data/harbor/ssl/isxcode.cert
      key_file: /data/harbor/ssl/isxcode.key
      ca_file: /data/harbor/ssl/ca.crt

sudo systemctl restart rke2-agent.service

从节点要拷贝ssl证书

否则无法拉取镜像

scp /data/harbor/ssl/* root@dehoop-02:/etc/pki/ca-trust/source/anchors/
update-ca-trust

创建pvc指定node

多节点需要指定node

volume.kubernetes.io/selected-node: dehoop-02

镜像推送到harbor

# 将本地镜像推到harbor
nerdctl tag busybox:latest 10.13.196.76:30003/library/busybox:latest
nerdctl push 10.13.196.76:30003/library/busybox:latest

nerdctl tag rancher/local-path-provisioner:v0.0.32 10.13.196.76:30003/library/local-path-provisioner:v0.0.32
nerdctl push 10.13.196.76:30003/library/local-path-provisioner:v0.0.32


# 修改local-path-provisioner环境变量的镜像
kubectl -n local-path-storage set image deployment/local-path-provisioner \
  local-path-provisioner=10.13.196.76:30003/library/local-path-provisioner:v0.0.32
kubectl -n local-path-storage get deployment local-path-provisioner -o jsonpath='{.spec.template.spec.containers[0].image}'

# 修改local-path-provisioner的configMap
kubectl edit configmap local-path-config -n local-path-storage
  containers:
  - name: helper-pod
    image: 10.13.196.76:30003/library/busybox:latest

# 重启 local-path-provisioner的deployment
kubectl -n local-path-storage rollout restart deployment local-path-provisioner
kubectl -n local-path-storage rollout status deployment local-path-provisioner

🔗 Links

• rancher docs
• rke2 agent
• rancher agent tls报错