本文永久链接: https://www.xtplayer.cn/rke2/rke2-node-init/

在 rke2 集群创建后,没有把 rke2 bin 目录添加到主机环境变量,在节点维护时需要通过完全路径或者切换到指定的目录下才能执行对应的命令。并且也未把 kubectl 和 crictl 配置文件放在默认路径。以至于执行 kubectl 或者 crictl 需要指定配置文件路径。

为了方便后期维护,以下脚本可以对 rke2 节点进行简单的初始化,仅供参考。

#!/bin/bash

# 如果是离线环境,则在此处定义内部 dns 服务器 ip,一行一个。
NAMESERVER_LIST="
114.114.114.114
223.5.5.5
"

docker_check()
{
    if [ $( which dockerd >> /dev/null 2>&1; echo ${?} ) = 0 ]; then
        echo "rke2 节点中不建议同时运行 docker 服务,建议卸载 docker 服务。"
        exit
    fi
}

networkmanager_check()
{
    if systemctl list-unit-files --no-pager | grep NetworkManager.service >> /dev/null && [ $(systemctl is-active NetworkManager.service) = active ]; then
        echo "注意: 如果没有使用 NetworkManager 管理网络接口, 建议执行 systemctl stop NetworkManager.service && systemctl disable NetworkManager.service 禁用 NetworkManager。 "
    fi
}

init_timezone()
{
    ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime;
}

init_os_language()
{
    echo 'LANG="en_US.UTF-8"' >> /etc/profile;
    source /etc/profile;
}

init_dns_resolved()
{
    if [ $(systemctl is-active systemd-resolved.service) = active ]; then
        touch /etc/resolv.conf-bak-rke2;
        cat /etc/resolv.conf > /etc/resolv.conf-bak-rke2;
        systemctl disable systemd-resolved.service;
        systemctl stop systemd-resolved.service;
        rm -rf /etc/resolv.conf;
        touch /etc/resolv.conf;
        cat /etc/resolv.conf-bak-rke2 | grep -v -E "nameserver.*127" >> /etc/resolv.conf;

        for i in ${NAMESERVER_LIST};
        do
            echo "nameserver ${i}" >> /etc/resolv.conf;
        done
    fi
}

init_selinux() {
    if [ -f /etc/selinux/config ]; then
        if ! cat /etc/selinux/config | grep -w 'SELINUX=disabled' >> /dev/null; then
            sed -i 's/^SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config;
        fi
    fi
}

ini_firewalld()
{
    systemctl stop firewalld.service >> /dev/null 2>&1;
    systemctl disable firewalld.service >> /dev/null 2>&1;
    ufw disable >> /dev/null 2>&1;
}

init_etcd_group()
{
    groupadd etcd;
    useradd -g etcd etcd;
}
init_sysctl()
{
    sysctl_parameter_list="
    net.bridge.bridge-nf-call-iptables=1
    net.bridge.bridge-nf-call-ip6tables=1
    net.bridge.bridge-nf-call-arptables=1
    net.ipv4.ip_forward=1
    kernel.panic=10
    kernel.panic_on_oops=1
    vm.overcommit_memory=1
    "
    for i in ${sysctl_parameter_list};
    do
        a=$( echo ${i} | awk -F'=' '{print $1}' )
        # b=$( echo ${i} | awk -F'=' '{print $2}' )

        if cat /etc/sysctl.conf /etc/sysctl.d/* | grep -v "#.*${a}.*=" | grep "^${a}.*=" >> /dev/null; then
            # 去除行首空格
            sed -i 's/^[ \t]*//g' /etc/sysctl.conf /etc/sysctl.d/*;
            sed -i "/^#.*${a}$.*=/ ! s/^${a}$.*=.*/${i}/g" /etc/sysctl.conf /etc/sysctl.d/*;
            #echo yes
        else
            echo "${i}" >> /etc/sysctl.conf;
            #echo no
        fi
    done
    sysctl -p
}

init_env_var_lib_rancher_rke2_bin()
{
    if ! env | grep '/var/lib/rancher/rke2/bin' >> /dev/null && ! cat /etc/profile | grep -w -E "PATH=.*/var/lib/rancher/rke2/bin"; then
        echo 'export PATH="$PATH:/usr/local/bin:/var/lib/rancher/rke2/bin"' >> /etc/profile;
        source /etc/profile;
    fi
}

init_kubectl_crictl_completion()
{
    echo 'if [ $( which kubectl >> /dev/null 2>&1; echo ${?} ) = 0 ]; then source <(kubectl completion bash); fi' >> /etc/profile;
    echo 'if [ $( which crictl >> /dev/null 2>&1; echo ${?} ) = 0 ]; then source <(crictl completion bash); fi' >> /etc/profile;
}

init_crictl_config()
{
    if [ ! -f /etc/crictl.yaml ]; then
        touch /etc/crictl.yaml
        cat > /etc/crictl.yaml<<EOF
            runtime-endpoint: unix:///run/k3s/containerd/containerd.sock
            image-endpoint: unix:///run/k3s/containerd/containerd.sock
            timeout: 20
            debug: false
EOF
    else
        if ! cat /etc/crictl.yaml | grep -w -E "runtime-endpoint"; then
            echo 'runtime-endpoint: unix:///run/k3s/containerd/containerd.sock' >> /etc/crictl.yaml;
        elif ! cat /etc/crictl.yaml | grep -w -E 'runtime-endpoint: unix:///run/k3s/containerd/containerd.sock'; then
            sed -i '/runtime-endpoint/d' /etc/crictl.yaml;
            echo 'runtime-endpoint: unix:///run/k3s/containerd/containerd.sock' >> /etc/crictl.yaml;
        fi
        if ! cat /etc/crictl.yaml | grep -w -E "image-endpoint"; then
            echo 'image-endpoint: unix:///run/k3s/containerd/containerd.sock' >> /etc/crictl.yaml;
        elif ! cat /etc/crictl.yaml | grep -w -E 'image-endpoint: unix:///run/k3s/containerd/containerd.sock'; then
            sed -i '/image-endpoint/d' /etc/crictl.yaml;
            echo 'image-endpoint: unix:///run/k3s/containerd/containerd.sock' >> /etc/crictl.yaml;
        fi
    fi
}

init_ctr_env()
{
    if ! cat /etc/profile | grep -w -E "CONTAINERD_NAMESPACE" >> /dev/null; then
        echo 'export CONTAINERD_NAMESPACE=k8s.io' >> /etc/profile;
    fi
    if ! cat /etc/profile | grep -w -E "CONTAINERD_ADDRESS" >> /dev/null; then
        echo 'export CONTAINERD_ADDRESS=/run/k3s/containerd/containerd.sock' >> /etc/profile;
    fi
}
docker_check;
networkmanager_check;
init_timezone;
init_os_language;
init_dns_resolved;
init_selinux;
ini_firewalld;
init_etcd_group;
init_sysctl;
init_ctr_env;
init_env_var_lib_rancher_rke2_bin;
init_kubectl_crictl_completion;
init_crictl_config;