RKE Install & Snapshot & Restort

# RKE Install & Snapshot & Restort ## Install RKE * 在 sles15-sp5 安裝 docker ``` $ sudo zypper in docker $ sudo systemctl enable --now docker.service ``` * 產生 ssh 金鑰，因為要透過 ssh 免密碼的方式登入做安裝 ``` $ ssh-keygen -t rsa -P '' $ cat ~/.ssh/id_rsa.pub > ~/.ssh/authorized_keys ``` * 下載 rke v1.4.17 二進位執行檔 ``` $ wget https://github.com/rancher/rke/releases/download/v1.4.17/rke_linux-amd64 $ chmod +x rke_linux-amd64;mv rke_linux-amd64 /usr/local/bin/rke $ rke --version rke version v1.4.17 ``` * 檢查當前支援的 k8s 版本 ``` $ rke config --list-version --all v1.25.16-rancher2-3 v1.26.15-rancher1-1 v1.27.12-rancher1-1 v1.23.16-rancher2-3 v1.24.17-rancher1-1 ``` 1. master 的 IP 以及 ssh 角色名稱 2. 角色扮演 k8s controlplane, k8s worker 以及 etcd. 3. network 使用 calico 作為 CNI 4. 啟動 etcd 並且啟動自動備份 5. 節點名稱為 rke-m1 ``` $ vim cluster.yaml cluster_name: rke-cluster kubernetes_version: "v1.27.12-rancher1-1" nodes: - address: 192.168.11.135 user: root role: [controlplane,worker,etcd] hostname_override: rke-m1 services: etcd: backup_config: enabled: true interval_hours: 6 retention: 10 network: plugin: calico ``` * 部屬 rke cluster ``` $ rke up --config cluster.yaml INFO[0000] Running RKE version: v1.4.17 INFO[0000] Initiating Kubernetes cluster INFO[0000] [certificates] GenerateServingCertificate is disabled, checking if there are unused kubelet certificates INFO[0000] [certificates] Generating Kubernetes API server certificates INFO[0000] [certificates] Generating admin certificates and kubeconfig INFO[0000] [certificates] Generating kube-etcd-192-168-11-135 certificate and key ...... ``` * 設定 kubeconfig ``` $ mkdir .kube $ mv kube_config_cluster.yaml .kube/config ``` * install kubectl stable 版本 ``` $ curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" $ sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl $ rm -r kubectl ``` ``` $ kubectl get no NAME STATUS ROLES AGE VERSION rke-m1 Ready controlplane,etcd,worker 2m17s v1.27.12 ``` ## Snapshot * rke 命令需要在 cluster.yml cluster.rkestate 這兩個檔案目錄下執行 ``` $ ls -l cluster.yaml cluster.rkestate -rw------- 1 root root 53539 Apr 12 16:16 cluster.rkestate -rw-r--r-- 1 root root 312 Apr 12 16:06 cluster.yaml ``` * 建立一個 test pod ``` $ kubectl run test --image=nginx pod/test created $ kubectl get po NAME READY STATUS RESTARTS AGE test 1/1 Running 0 65s ``` * 手動 snapshot ，備份檔案名稱為 `snapshot-test` ``` $ rke etcd snapshot-save --config cluster.yaml --name snapshot-test ``` * 檢視 snapshot ``` $ ls -l /opt/rke/etcd-snapshots total 528 -rw------- 1 root root 537691 Apr 12 16:14 snapshot-test.zip ``` * 備份好後把 test pod 刪除 ``` $ kubectl delete pod test pod "test" deleted $ kubectl get po No resources found in default namespace. ``` ## Restore * restore 時間預計 10~15 分鐘 ``` $ rke etcd snapshot-restore --config cluster.yaml --name snapshot-test ``` * 檢查 k8s 狀態，並且確認 test pod 是否恢復 ``` $ kubectl get no NAME STATUS ROLES AGE VERSION rke-m1 Ready controlplane,etcd,worker 10m v1.27.12 $ kubectl get po NAME READY STATUS RESTARTS AGE test 1/1 Running 0 9m17s ``` ## 刪除 rke ``` $ sudo docker rm -f $(sudo docker ps -qa) $ sudo docker rmi -f $(sudo docker images -q) $ sudo docker volume rm $(sudo docker volume ls -q) $ for mount in $(sudo mount | grep tmpfs | grep '/var/lib/kubelet' | awk '{ print $3 }') /var/lib/kubelet /var/lib/rancher; do sudo umount $mount; done $ sudo rm -rf /etc/ceph \ /etc/cni \ /etc/kubernetes \ /etc/rancher \ /opt/cni \ /opt/rke \ /run/secrets/kubernetes.io \ /run/calico \ /run/flannel \ /var/lib/calico \ /var/lib/etcd \ /var/lib/cni \ /var/lib/kubelet \ /var/lib/rancher\ /var/log/containers \ /var/log/kube-audit \ /var/log/pods \ /var/run/calico $ sudo reboot ``` ### 參考資料 https://ithelp.ithome.com.tw/articles/10259995 https://rke.docs.rancher.com/etcd-snapshots/one-time-snapshots