rke2离线安装(server+node)1.35.3版本
准备
ubuntu24.04.3 LTS机器 本文以两台为例
下载rke2离线镜像包
关闭防火墙
设置好hostname和hosts
关闭swap
关闭防火墙
ufw disable
关闭swap
swapoff -a
源下载地址
mkdir /root/rke2-artifacts && cd /root/rke2-artifacts/
wget https://g.1ab.asia/https://github.com/rancher/rke2/releases/download/v1.35.3%2Brke2r3/rke2-images.linux-amd64.tar.zst
wget https://g.1ab.asia/https://github.com/rancher/rke2/releases/download/v1.35.3%2Brke2r3/rke2.linux-amd64.tar.gz
wget https://g.1ab.asia/https://github.com/rancher/rke2/releases/download/v1.35.3%2Brke2r3/sha256sum-amd64.txt
wget https://get.rke2.io -O install.sh
作者缓存地址
mkdir /root/rke2-artifacts && cd /root/rke2-artifacts/
wget https://rke2.hrtmtech.com/rancher/rke2/releases/download/v1.35.3/rke2r3/rke2-images.linux-amd64.tar.zst
wget https://rke2.hrtmtech.com/rancher/rke2/releases/download/v1.35.3/rke2r3/rke2.linux-amd64.tar.gz
wget https://rke2.hrtmtech.com/rancher/rke2/releases/download/v1.35.3/rke2r3/sha256sum-amd64.txt
wget https://rke2.hrtmtech.com/rancher/rke2/releases/download/v1.35.3/rke2r3/install.sh
1.36.1
mkdir /root/rke2-artifacts && cd /root/rke2-artifacts/
wget https://rke2.hrtmtech.com/rancher/rke2/releases/download/v1.36.1/rke2r1/rke2-images.linux-amd64.tar.zst
wget https://rke2.hrtmtech.com/rancher/rke2/releases/download/v1.36.1/rke2r1/rke2.linux-amd64.tar.gz
wget https://rke2.hrtmtech.com/rancher/rke2/releases/download/v1.36.1/rke2r1/sha256sum-amd64.txt
wget https://rke2.hrtmtech.com/rancher/rke2/releases/download/v1.36.1/rke2r1/install.sh
开始安装
INSTALL_RKE2_ARTIFACT_PATH=/root/rke2-artifacts sh install.sh
(可选)添加国内镜像,方便安装之后后续拉取docker.io镜像
#cat > /etc/rancher/rke2/registries.yaml <<EOF
mirrors:
docker.io:
endpoint:
- "https://docker.1ms.run"
- "https://docker.m.daocloud.io"
EOF
# 注意:重启生效
#设置开机自启动
systemctl enable rke2-server.service
#首次运行此步骤时间较长,建议单独运行
systemctl start rke2-server.service
## 查看状态
systemctl status rke2-server.service
journalctl -u rke2-server -f
#添加到bashrc
echo "export PATH=/var/lib/rancher/rke2/bin:\$PATH" >> /root/.bashrc
# 添加rke2 命令补全
cat >> /root/.bashrc <<'EOF'
_cli_bash_autocomplete() {
if [[ "${COMP_WORDS[0]}" != "source" ]]; then
local cur opts base
COMPREPLY=()
cur="${COMP_WORDS[COMP_CWORD]}"
if [[ "$cur" == "-"* ]]; then
opts=$( ${COMP_WORDS[@]:0:$COMP_CWORD} ${cur} --generate-bash-completion )
else
opts=$( ${COMP_WORDS[@]:0:$COMP_CWORD} --generate-bash-completion )
fi
COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) )
return 0
fi
}
complete -o bashdefault -o default -o nospace -F _cli_bash_autocomplete rke2
EOF
# 添加kubectl和k 补全功能
echo 'source <(kubectl completion bash)' >> ~/.bashrc
echo 'alias k=kubectl' >> ~/.bashrc
echo 'complete -F __start_kubectl k' >> ~/.bashrc
source /root/.bashrc
mkdir /root/.kube
cp /etc/rancher/rke2/rke2.yaml /root/.kube/config
#验证集群可用性
# 创建nginx deployment
kubectl create deployment nginx --image=docker.1ms.run/nginx:latest
# 暴露服务(NodePort类型,可在集群外部访问)
kubectl expose deployment nginx --port=80 --type=NodePort
# 查看服务状态
kubectl get pods,svc
运行此安装程序后:
rke2-server 服务将被安装。rke2-server 服务将被配置为在节点重启后或进程崩溃或被杀时自动重启。
其他的实用程序将被安装在/var/lib/rancher/rke2/bin/。它们包括 kubectl, crictl, 和 ctr. 注意,这些东西默认不在你的路径上。
还有两个清理脚本会安装到 /usr/local/bin/rke2 的路径上。它们是 rke2-killall.sh和rke2-uninstall.sh。
一个 kubeconfig 文件将被写入/etc/rancher/rke2/rke2.yaml。
一个可用于注册其他 server 或 agent 节点的令牌将在 /var/lib/rancher/rke2/server/node-token 文件中创建。
验证集群可用性
kubectl expose deployment nginx --port=80 --type=NodePort
service/nginx exposed
root@devin-ubuntu24043:~/rke2-artifacts# kubectl get pods,svc
NAME READY STATUS RESTARTS AGE
pod/nginx-6d599666d5-wzvxg 1/1 Running 0 69s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes ClusterIP 10.43.0.1 <none> 443/TCP 7m19s
service/nginx NodePort 10.43.70.147 <none> 80:32198/TCP 4s
root@devin-ubuntu24043:~/rke2-artifacts# curl 127.0.0.1:32198/bbb
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.29.8</center>
</body>
</html>
(可选)禁用ingress-nginx
#vim /etc/rancher/rke2/config.yaml
disable: rke2-ingress-nginx
(可选)禁用traefik (针对1.36以上版本)
#vim /etc/rancher/rke2/config.yaml
disable: rke2-traefik
重启rke2生效
systemctl restart rke2-server.service
这里
等待明天20260422验证
#rke2 agent安装
mkdir /root/rke2-artifacts && cd /root/rke2-artifacts/
wget https://rke2.hrtmtech.com/rancher/rke2/releases/download/v1.35.3/rke2r3/rke2-images.linux-amd64.tar.zst
wget https://rke2.hrtmtech.com/rancher/rke2/releases/download/v1.35.3/rke2r3/rke2.linux-amd64.tar.gz
wget https://rke2.hrtmtech.com/rancher/rke2/releases/download/v1.35.3/rke2r3/sha256sum-amd64.txt
wget https://rke2.hrtmtech.com/rancher/rke2/releases/download/v1.35.3/rke2r3/install.sh
INSTALL_RKE2_TYPE="agent" INSTALL_RKE2_ARTIFACT_PATH=/root/rke2-artifacts sh install.sh
#启用 rke2-agent 服务
systemctl enable rke2-agent.service
#配置 rke2-agent 服务
mkdir -p /etc/rancher/rke2/
vim /etc/rancher/rke2/config.yaml
server: https://<server>:9345
token: <token from server node>
#(可选)禁用ingress-nginx
#disable: rke2-ingress-nginx
以下是作者的示例集群
for example:
#cat /var/lib/rancher/rke2/server/node-token
K1027b4b0be80be84c66c76d9e20d22e25ff5d5318f607ef635d420af70def9cf50::server:11f4787cc87d67d905097d091b674fb1
server: https://192.168.19.21:9345
token: K1027b4b0be80be84c66c76d9e20d22e25ff5d5318f607ef635d420af70def9cf50::server:11f4787cc87d67d905097d091b674fb1
#添加bashrc
echo "export PATH=/var/lib/rancher/rke2/bin:\$PATH" >> /root/.bashrc
source /root/.bashrc
启动服务
#启动服务
systemctl start rke2-agent.service
#关注日志
journalctl -u rke2-agent -f
给node打标签
kubectl label node node kubernetes.io/role=worker
小问题
crictl images
WARN[0000] Config "/etc/crictl.yaml" does not exist, trying next: "/var/lib/rancher/rke2/data/v1.35.3-rke2r3-42a466edc192/bin/crictl.yaml"
WARN[0000] Image connect using default endpoints: [unix:///run/containerd/containerd.sock unix:///run/crio/crio.sock unix:///var/run/cri-dockerd.sock]. As the default settings are now deprecated, you should set the endpoint instead.
ERRO[0000] validate service connection: validate CRI v1 image API for endpoint "unix:///run/containerd/containerd.sock": rpc error: code = Unimplemented desc = unknown service runtime.v1.ImageService
ERRO[0000] validate service connection: validate CRI v1 image API for endpoint "unix:///run/crio/crio.sock": rpc error: code = Unavailable desc = connection error: desc = "transport: Error while dialing: dial unix /run/crio/crio.sock: connect: no such file or directory"
ERRO[0000] validate service connection: validate CRI v1 image API for endpoint "unix:///var/run/cri-dockerd.sock": rpc error: code = Unavailable desc = connection error: desc = "transport: Error while dialing: dial unix /var/run/cri-dockerd.sock: connect: no such file or directory"
FATA[0000] validate service connection: validate CRI v1 image API for endpoint "unix:///var/run/cri-dockerd.sock": rpc error: code = Unavailable desc = connection error: desc = "transport: Error while dialing: dial unix /var/run/cri-dockerd.sock: connect: no such file or directory"
解决方案
在RKE2中,containerd socket路径通常是:
/run/k3s/containerd/containerd.sock
或 /var/run/k3s/containerd/containerd.sock
可以检查实际存在的socket文件:
# 检查containerd socket文件
ls -la /run/k3s/containerd/containerd.sock
ls -la /var/run/k3s/containerd/containerd.sock
直接配置软链接即可
# 创建配置文件链接
ln -s /var/lib/rancher/rke2/agent/etc/crictl.yaml /etc/crictl.yaml
# (可选)或者如果上面的路径不存在,手动创建配置文件
tee /etc/crictl.yaml <<EOF
runtime-endpoint: unix:///run/k3s/containerd/containerd.sock
image-endpoint: unix:///run/k3s/containerd/containerd.sock
timeout: 10
debug: false
EOF
验证
root@devin-ubuntu24043:~/rke2-artifacts# ln -s /var/lib/rancher/rke2/agent/etc/crictl.yaml /etc/crictl.yaml
root@devin-ubuntu24043:~/rke2-artifacts# crictl ps
CONTAINER IMAGE CREATED STATE NAME ATTEMPT POD ID POD NAMESPACE
eb187a03c6424 a716c9c12c382 41 minutes ago Running nginx 0 57cac244b3946 nginx-6d599666d5-wzvxg
root@devin-ubuntu24043:~/rke2-artifacts# crictl images
IMAGE TAG IMAGE ID SIZE
docker.1ms.run/nginx latest a716c9c12c382 63MB
docker.io/rancher/hardened-addon-resizer 1.8.23-build20260206 13e9b0d30075e 48.1MB
文档信息
- 文章作者: 运维技术团队 - 辣个男人Devin
- 发布日期: 2026年04月21日
- 适用系统: ubuntu24.04.3
- 参考链接:
https://github.com/rancher/rke2/releases/tag/v1.35.3%2Brke2r3
https://docs.rancher.cn/docs/rke2/install/airgap/