Rocky Linux RKE2 Intsall

Rocky8.8

RKE2

[Package Manager Update]
sudo swapoff -a
sudo sed -i '/swap/s/^/#/' /etc/fstab
sudo dnf upgrade -y
sudo dnf upgrade --refresh -y
sudo dnf update -y
sudo dnf install -y yum-utils nfs-utils
sudo systemctl disable --now firewalld
sudo iptables -F
setenforce 0
sed -i 's/^SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config

[Docker Install]
sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
sudo dnf install docker-ce docker-ce-cli containerd.io docker-compose-plugin --allowerasing -y

[RKE2 Server Install]
curl -sfL https://get.rke2.io | INSTALL_RKE2_TYPE="server" sh -
mkdir -p /etc/rancher/rke2
vi /etc/rancher/rke2/config.yaml
```
cni: "calico"
```
systemctl start rke2-server
systemctl status rke2-server
journalctl -u rke2-server -f

[Kubeconfig]
mkdir ~/.kube/
cp /etc/rancher/rke2/rke2.yaml ~/.kube/config
export PATH=$PATH:/var/lib/rancher/rke2/bin/
echo 'export PATH=/usr/local/bin:/var/lib/rancher/rke2/bin:$PATH' >> ~/.bashrc
echo 'source <(kubectl completion bash)' >>~/.bashrc
echo 'alias k=kubectl' >>~/.bashrc
echo 'complete -F __start_kubectl k' >>~/.bashrc
source ~/.bashrc

[Crictl]
echo 'export CRI_CONFIG_FILE=/var/lib/rancher/rke2/agent/etc/crictl.yaml' >> ~/.bashrc
export CRI_CONFIG_FILE=/var/lib/rancher/rke2/agent/etc/crictl.yaml
/var/lib/rancher/rke2/bin/crictl  ps -a


[Cert Manager]
kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.5.4/cert-manager.yaml
kubectl -n cert-manager rollout status deploy/cert-manager
kubectl -n cert-manager rollout status deploy/cert-manager-webhook 
kubectl get pods --namespace cert-manager

[Helm]
curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
chmod 700 get_helm.sh
./get_helm.sh
helm version --client --short

[Rancher UI]
kubectl create namespace cattle-system
helm repo add rancher-stable https://releases.rancher.com/server-charts/stable
helm repo update
helm search repo rancher-stable
helm install rancher rancher-stable/rancher --namespace cattle-system --set hostname=rancher-master --set replicas=1

[K9S]
curl -sL https://github.com/derailed/k9s/releases/download/v0.26.3/k9s_Linux_x86_64.tar.gz | tar xfz - -C /usr/local/bin k9s

# rancher가 뜨기까지 시간이 좀 걸림
# cattle-system namespace의 bootstrap-secret 값을 확인해서 초기 패스워드를 확인해야함.
# UI 로그인

cattle-system namespace의 rancher service type -> NodePort로 변경

cat /var/lib/rancher/rke2/server/node-token 
# 나중에 이 토큰값을 에이전트 노드에서 추가

[Agent]
sudo swapoff -a
sudo sed -i '/swap/s/^/#/' /etc/fstab
sudo dnf upgrade -y
sudo dnf upgrade --refresh -y
sudo dnf update -y
sudo dnf install -y yum-utils nfs-utils
sudo systemctl disable --now firewalld
sudo iptables -F
setenforce 0
sed -i 's/^SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config

curl -sfL https://get.rke2.io | INSTALL_RKE2_TYPE="agent" sh -
mkdir -p /etc/rancher/rke2/
vi /etc/rancher/rke2/config.yaml
```
server: https://<server>:9345
token: ( Server Token )
node-name : (선택사항)
```

systemctl enable --now rke2-agent
journalctl -u rke2-agent -f

export PATH=$PATH:/var/lib/rancher/rke2/bin/
mkdir ~/.kube
mv /var/lib/rancher/rke2/agent/kubelet.kubeconfig ~/.kube/config

Rancher Admin Password 확인 및 Password 변경

$ kubectl get secret --namespace cattle-system bootstrap-secret -o go-template='{{.data.bootstrapPassword|base64decode}}{{"\n"}}'
78w4fbwhbznp88rwfw6xvt5kqcxqw7759ddjvr9j7w77rx9qfqfgzc​

 

만약, VM들을 재시작했을 때 Node가 안붙는 오류가 생기면 rke2-server를 재시작해준다

기존 old kube-apiserver가 아직 살아있어서 그렇다는 글을 보았다.

https://github.com/kubernetes/kubernetes/issues/112814

[rke2-server]
systemctl stop rke2-server
rke2 server --cluster-reset
systemctl start rke2-server

[rke2-agent]
systemctl start rke2-agent