本文永久链接: https://www.xtplayer.cn/rke2/rke2-node-init/

在 rke2 集群创建后,没有把 rke2 bin 目录添加到主机环境变量,在节点维护时需要通过完全路径或者切换到指定的目录下才能执行对应的命令。并且也未把 kubectl 和 crictl 配置文件放在默认路径。以至于执行 kubectl 或者 crictl 需要指定配置文件路径。

为了方便后期维护,以下脚本可以对 rke2 节点进行简单的初始化,仅供参考。

#!/bin/bash

# 如果是离线环境,则在此处定义内部 dns 服务器 ip,一行一个。
NAMESERVER_LIST="
114.114.114.114
223.5.5.5
"

docker_check()
{
if [ $( which dockerd >> /dev/null 2>&1; echo ${?} ) = 0 ]; then
echo "rke2 节点中不建议同时运行 docker 服务,建议卸载 docker 服务。"
exit
fi
}

networkmanager_check()
{
if systemctl list-unit-files --no-pager | grep NetworkManager.service >> /dev/null && [ $(systemctl is-active NetworkManager.service) = active ]; then
echo "注意: 如果没有使用 NetworkManager 管理网络接口, 建议执行 systemctl stop NetworkManager.service && systemctl disable NetworkManager.service 禁用 NetworkManager。 "
fi
}

init_timezone()
{
ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime;
}

init_os_language()
{
echo 'LANG="en_US.UTF-8"' >> /etc/profile;
source /etc/profile;
}

init_dns_resolved()
{
if [ $(systemctl is-active systemd-resolved.service) = active ]; then
touch /etc/resolv.conf-bak-rke2;
cat /etc/resolv.conf > /etc/resolv.conf-bak-rke2;
systemctl disable systemd-resolved.service;
systemctl stop systemd-resolved.service;
rm -rf /etc/resolv.conf;
touch /etc/resolv.conf;
cat /etc/resolv.conf-bak-rke2 | grep -v -E "nameserver.*127" >> /etc/resolv.conf;

for i in ${NAMESERVER_LIST};
do
echo "nameserver ${i}" >> /etc/resolv.conf;
done
fi
}

init_selinux() {
if [ -f /etc/selinux/config ]; then
if ! cat /etc/selinux/config | grep -w 'SELINUX=disabled' >> /dev/null; then
sed -i 's/^SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config;
fi
fi
}

ini_firewalld()
{
systemctl stop firewalld.service >> /dev/null 2>&1;
systemctl disable firewalld.service >> /dev/null 2>&1;
ufw disable >> /dev/null 2>&1;
}

init_etcd_group()
{
groupadd etcd;
useradd -g etcd etcd;
}
init_sysctl()
{
sysctl_parameter_list="
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1
net.bridge.bridge-nf-call-arptables=1
net.ipv4.ip_forward=1
kernel.panic=10
kernel.panic_on_oops=1
vm.overcommit_memory=1
"
for i in ${sysctl_parameter_list};
do
a=$( echo ${i} | awk -F'=' '{print $1}' )
# b=$( echo ${i} | awk -F'=' '{print $2}' )

if cat /etc/sysctl.conf /etc/sysctl.d/* | grep -v "#.*${a}.*=" | grep "^${a}.*=" >> /dev/null; then
# 去除行首空格
sed -i 's/^[ \t]*//g' /etc/sysctl.conf /etc/sysctl.d/*;
sed -i "/^#.*${a}$.*=/ ! s/^${a}$.*=.*/${i}/g" /etc/sysctl.conf /etc/sysctl.d/*;
#echo yes
else
echo "${i}" >> /etc/sysctl.conf;
#echo no
fi
done
sysctl -p
}

init_env_var_lib_rancher_rke2_bin()
{
if ! env | grep '/var/lib/rancher/rke2/bin' >> /dev/null && ! cat /etc/profile | grep -w -E "PATH=.*/var/lib/rancher/rke2/bin"; then
echo 'export PATH="$PATH:/usr/local/bin:/var/lib/rancher/rke2/bin"' >> /etc/profile;
source /etc/profile;
fi
}

init_kubectl_crictl_completion()
{
echo 'if [ $( which kubectl >> /dev/null 2>&1; echo ${?} ) = 0 ]; then source <(kubectl completion bash); fi' >> /etc/profile;
echo 'if [ $( which crictl >> /dev/null 2>&1; echo ${?} ) = 0 ]; then source <(crictl completion bash); fi' >> /etc/profile;
}

init_crictl_config()
{
if [ ! -f /etc/crictl.yaml ]; then
touch /etc/crictl.yaml
cat > /etc/crictl.yaml<<EOF
runtime-endpoint: unix:///run/k3s/containerd/containerd.sock
image-endpoint: unix:///run/k3s/containerd/containerd.sock
timeout: 20
debug: false
EOF
else
if ! cat /etc/crictl.yaml | grep -w -E "runtime-endpoint"; then
echo 'runtime-endpoint: unix:///run/k3s/containerd/containerd.sock' >> /etc/crictl.yaml;
elif ! cat /etc/crictl.yaml | grep -w -E 'runtime-endpoint: unix:///run/k3s/containerd/containerd.sock'; then
sed -i '/runtime-endpoint/d' /etc/crictl.yaml;
echo 'runtime-endpoint: unix:///run/k3s/containerd/containerd.sock' >> /etc/crictl.yaml;
fi
if ! cat /etc/crictl.yaml | grep -w -E "image-endpoint"; then
echo 'image-endpoint: unix:///run/k3s/containerd/containerd.sock' >> /etc/crictl.yaml;
elif ! cat /etc/crictl.yaml | grep -w -E 'image-endpoint: unix:///run/k3s/containerd/containerd.sock'; then
sed -i '/image-endpoint/d' /etc/crictl.yaml;
echo 'image-endpoint: unix:///run/k3s/containerd/containerd.sock' >> /etc/crictl.yaml;
fi
fi
}

init_ctr_env()
{
if ! cat /etc/profile | grep -w -E "CONTAINERD_NAMESPACE" >> /dev/null; then
echo 'export CONTAINERD_NAMESPACE=k8s.io' >> /etc/profile;
fi
if ! cat /etc/profile | grep -w -E "CONTAINERD_ADDRESS" >> /dev/null; then
echo 'export CONTAINERD_ADDRESS=/run/k3s/containerd/containerd.sock' >> /etc/profile;
fi
}
docker_check;
networkmanager_check;
init_timezone;
init_os_language;
init_dns_resolved;
init_selinux;
ini_firewalld;
init_etcd_group;
init_sysctl;
init_ctr_env;
init_env_var_lib_rancher_rke2_bin;
init_kubectl_crictl_completion;
init_crictl_config;