Rancher安装k8s: rke高可用集群
生活随笔
收集整理的這篇文章主要介紹了
Rancher安装k8s: rke高可用集群
小編覺(jué)得挺不錯(cuò)的,現(xiàn)在分享給大家,幫大家做個(gè)參考.
文章目錄
- 1,單節(jié)點(diǎn)rancher
- 1.1,安裝啟動(dòng)rancher
- 1.2,頁(yè)面創(chuàng)建k8s集群
- 設(shè)置kubectl環(huán)境
- 1.3,rancher重置admin密碼
- 2,高可用rancher
- 2.1,rke安裝k8s集群
- 2.2,在k8s集群上安裝rancher
- helm安裝rancher
- 頁(yè)面https訪問(wèn)rancher
- http代理rancher https
- 通過(guò)rancher域名,創(chuàng)建k8s集群
- 2.3 刪除集群,重新安裝
1,單節(jié)點(diǎn)rancher
1.1,安裝啟動(dòng)rancher
- 離線安裝:https://docs.rancher.cn/docs/rancher2/installation/other-installation-methods/air-gap/populate-private-registry/_index
- 單節(jié)點(diǎn)安裝:https://docs.rancher.cn/docs/rancher2/installation/other-installation-methods/single-node-docker/_index/
此處使用單節(jié)點(diǎn),用glusterfs實(shí)現(xiàn)高可用(3節(jié)點(diǎn)3備份):
mount -t glusterfs 192.168.56.7:/gluster_out1 /export
1.2,頁(yè)面創(chuàng)建k8s集群
- 打開(kāi)瀏覽器,輸入主機(jī)的 IP 地址:https://<SERVER_IP>
首次登錄時(shí),請(qǐng)按照頁(yè)面提示設(shè)置登錄密碼。 - 鏡像倉(cāng)庫(kù): 進(jìn)入rancher頁(yè)面,點(diǎn)擊”系統(tǒng)設(shè)置”,配置system-default-reglstry (設(shè)置為 myharbor.io )
- 創(chuàng)建k8s集群: 點(diǎn)擊“添加集群”,選擇“添加主機(jī)自建Kubernetes集群”
設(shè)置kubectl環(huán)境
- 常用文件下載加速站點(diǎn):https://ghproxy.com/
- 下載kubectl二進(jìn)制文件
1.3,rancher重置admin密碼
- 不可登錄,后臺(tái)重設(shè)密碼
- 可登錄,直接修改密碼
2,高可用rancher
rke安裝k8s-前置要求:https://docs.rancher.cn/docs/rke/os/_index
2.1,rke安裝k8s集群
- rke up/remove --config xx.yml
- yaml文件完整示例:https://docs.rancher.cn/docs/rke/example-yamls/_index/
編寫cluster.yml ,啟動(dòng)k8s集群
#1, 創(chuàng)建普通用戶,可執(zhí)行docker命令 [root@c78 rancher-ha]# useradd docker [root@c78 rancher-ha]# echo docker |passwd docker --stdin#2,使得docker用戶可執(zhí)行docker命令 [root@c78 rancher-ha]# chown docker /var/run/docker.sock [root@c78 rancher-ha]# ll /var/run/docker.sock srw-rw----. 1 docker docker 0 Jan 19 07:27 /var/run/docker.sock#3, 切換到docker用戶,設(shè)置免密登錄主機(jī) [root@c78 rancher-ha]# su - docker Last login: Wed Jan 19 10:42:20 UTC 2022 on pts/2 [docker@c78 ~]$ ssh-keygen -t rsa -P '' -f ~/.ssh/id_rsa[docker@c78 ~]$ ssh-copy-id 192.168.56.78 /bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/docker/.ssh/id_rsa.pub" /bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys docker@192.168.56.78's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh '192.168.56.78'" and check to make sure that only the key(s) you wanted were added.#驗(yàn)證docker用戶,免密登錄主機(jī) [docker@c78 ~]$ ssh 192.168.56.78 Last login: Wed Jan 19 10:43:55 2022#4,編寫cluster.yml:確定k8s集群節(jié)點(diǎn)和角色,以及登錄用戶(非root) [docker@c78 ~]$ cat cluster.yml nodes:- address: 192.168.56.78user: dockerrole:- controlplane- etcd- worker # - address: 192.168.56.77 # user: docker # #ssh_key_path: /home/user/.ssh/id_rsa # #ssh_cert_path: /home/user/.ssh/test-key-cert.pub # #private_registries: #- url: harbor01.io # private registry url # user: admin # password: "Harbor12345" # is_default: true#5, 啟動(dòng)k8s集群 [docker@c78 ~]$ rke up INFO[0000] Running RKE version: v1.3.4 INFO[0000] Initiating Kubernetes cluster INFO[0000] [certificates] GenerateServingCertificate is disabled, checking if there are unused kubelet certificates INFO[0000] [certificates] Generating admin certificates and kubeconfig INFO[0000] Successfully Deployed state file at [./cluster.rkestate] INFO[0000] Building Kubernetes cluster INFO[0000] [dialer] Setup tunnel for host [192.168.56.78] INFO[0000] [network] No hosts added existing cluster, skipping port check INFO[0000] [certificates] Deploying kubernetes certificates to Cluster nodes INFO[0000] Checking if container [cert-deployer] is running on host [192.168.56.78], try #1 INFO[0000] Image [rancher/rke-tools:v0.1.78] exists on host [192.168.56.78] INFO[0000] Starting container [cert-deployer] on host [192.168.56.78], try #1 INFO[0001] Checking if container [cert-deployer] is running on host [192.168.56.78], try #1 ...#6, 驗(yàn)證k8s集群 [docker@c78 ~]$ ll total 120 -rw-------. 1 docker docker 107308 Jan 19 10:55 cluster.rkestate -rw-r-----. 1 docker docker 278 Jan 19 10:55 cluster.yml -rw-------. 1 docker docker 5500 Jan 19 10:55 kube_config_cluster.yml[docker@c78 ~]$ kubectl --kubeconfig kube_config_cluster.yml version Client Version: version.Info{Major:"1", Minor:"13", GitVersion:"v1.13.0", GitCommit:"ddf47ac13c1a9483ea035a79cd7c10005ff21a6d", GitTreeState:"clean", BuildDate:"2018-12-03T21:04:45Z", GoVersion:"go1.11.2", Compiler:"gc", Platform:"linux/amd64"} Server Version: version.Info{Major:"1", Minor:"21", GitVersion:"v1.21.8", GitCommit:"4a3b558c52eb6995b3c5c1db5e54111bd0645a64", GitTreeState:"clean", BuildDate:"2021-12-15T14:46:22Z", GoVersion:"go1.16.12", Compiler:"gc", Platform:"linux/amd64"}[docker@c78 ~]$ kubectl --kubeconfig kube_config_cluster.yml get nodes NAME STATUS ROLES AGE VERSION 192.168.56.78 Ready controlplane,etcd,worker 3h27m v1.21.8#7, 設(shè)置k8s環(huán)境變量 [docker@c78 ~]$ mkdir ~/.kube/ [docker@c78 ~]$ cp kube_config_cluster.yml ~/.kube/config [docker@c78 ~]$ kubectl get nodes NAME STATUS ROLES AGE VERSION 192.168.56.78 Ready controlplane,etcd,worker 3h28m v1.21.82.2,在k8s集群上安裝rancher
helm安裝rancher
- rancher高可用安裝文檔:https://docs.rancher.cn/docs/rancher2/installation/install-rancher-on-k8s/_index/
- 生成自簽名證書(shū):https://docs.rancher.cn/docs/rancher2/installation/resources/advanced/self-signed-ssl/_index
頁(yè)面https訪問(wèn)rancher
- 訪問(wèn)Web UI: (需要先配置hosts: 192.168.56.78 c78 rancher.my.org)
- 按照提示獲取登錄密碼:
- local集群,system項(xiàng)目有些服務(wù)啟動(dòng)失敗問(wèn)題,拉取不到如下鏡像
rancher2.5.11拉取的鏡像如下:
rancher/k8s-dns-kube-dns:1.15.0 rancher/k8s-dns-dnsmasq-nanny:1.15.0 rancher/k8s-dns-sidecar:1.15.0 rancher/rancher-agent:v2.2.4 rancher/shell:v0.1.6 rancher/rancher-webhook:v0.1.2 rancher/fleet:v0.3.5 rancher/gitjob:v0.1.15頁(yè)面正常訪問(wèn)如下:(上述錯(cuò)誤不影響訪問(wèn))
http代理rancher https
[root@JXQ-11-243-33-90 nginx]# cat nginx.conf #user nobody; worker_processes 1; #error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; #pid logs/nginx.pid; events {worker_connections 1024; } http {include mime.types;default_type application/octet-stream;#access_log logs/access.log main;sendfile on;#tcp_nopush on;#keepalive_timeout 0;keepalive_timeout 65;#gzip on;include conf.d/*.conf; }[root@JXQ-11-243-33-90 nginx]# cat conf.d/rancher.conf upstream rancher-my.test.com {server 192.168.56.201:80;server 192.168.56.209:80;server 192.168.56.203:80; } map $http_upgrade $connection_upgrade {default Upgrade;'' close; } server {listen 80;server_name rancher-my.test.com;location / {access_log /tmp/rancher.log;error_log /tmp/rancher-err.log;proxy_ssl_trusted_certificate cert/tls.crt; #tls.crt由以上的證書(shū)腳本生成proxy_ssl_session_reuse on;proxy_ssl_verify on;proxy_ssl_verify_depth 2;proxy_set_header Host rancher-my.test.com;proxy_set_header X-Forwarded-Proto https;proxy_set_header X-Forwarded-Port $server_port;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;proxy_pass http://rancher-my.test.com; proxy_http_version 1.1;proxy_set_header Upgrade $http_upgrade;proxy_set_header Connection $connection_upgrade;proxy_read_timeout 900s;proxy_buffering off;} }[root@JXQ-11-243-33-90 nginx]# ll cert/tls.crt -rw-r--r-- 1 root root 2278 May 17 15:04 cert/tls.crt通過(guò)rancher域名,創(chuàng)建k8s集群
- rancher 2.5.11 創(chuàng)建k8s集群,會(huì)遇到證書(shū)驗(yàn)證失敗問(wèn)題(需要設(shè)置GODEBUG環(huán)境變量)
- 選擇k8s版本–> 自定義主機(jī)運(yùn)行命令:“復(fù)制以下命令在主機(jī)的SSH終端運(yùn)行” (如果是rancher server地址是域名,則需要在配置在hosts中配置該域名解析,否則容器啟動(dòng)會(huì)報(bào)錯(cuò))
2.3 刪除集群,重新安裝
#銷毀k8s集群 rke remove --config my-cluster.yml#刪除舊的容器 docker stop $(docker ps -qa ) docker rm -f $(docker ps -qa )#刪除舊的數(shù)據(jù) df -h |grep /var/lib/kubelet |awk '{print "sudo umount",$NF}' |sh rm -rf /var/lib/kubelet/ rm -rf /var/lib/etcd rm -rf /etc/kubenetes/#重新安裝 rke up --config my-cluster.yml總結(jié)
以上是生活随笔為你收集整理的Rancher安装k8s: rke高可用集群的全部?jī)?nèi)容,希望文章能夠幫你解決所遇到的問(wèn)題。
- 上一篇: 苹果开放降级_iOS 彻底不能降级了,凉
- 下一篇: 计算机财务管理有关书籍,计算机财务管理考