rancher-2.1.6的ha版本部署记录《二》 |坐而言不如起而行! 二丫讲梵
source link: http://www.eryajf.net/2675.html
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
1,安装k8s
- 1、切换到rancher用户
su - rancher
注意:
必须使用普通用户操作,否则后边的操作会报下边的错:
Please check if the configured user can execute `docker ps` on the node, and if the SSH server version is at least version 6.7 or higher. If youare using RedHat/CentOS, you can't use the user `root`. Please refer to the documentation for more instructions. Error: ssh: rejected: administratively prohibited (open failed)
- 2、创建rancher集群配置文件:
cat > rancher-cluster.yml << EOF
nodes:
- address: 192.168.10.3
user: rancher
role: [controlplane,worker,etcd]
- address: 192.168.10.4
user: rancher
role: [controlplane,worker,etcd]
- address: 192.168.10.5
user: rancher
role: [controlplane,worker,etcd]
services:
etcd:
snapshot: true
creation: 6h
retention: 24h
EOF
address
:公共域名或IP地址user
:可以运行docker命令的用户,需要是普通用户。role
:分配给节点的Kubernetes角色列表ssh_key_path
:用于对节点进行身份验证的SSH私钥的路径(默认为~/.ssh/id_rsa)
- 3、启动集群
$ rke up --config ./rancher-cluster.yml
如果这一步报错下边的内容:
- if the SSH server version is at least version 6.7 or higher. If you are using RedHat/CentOS, you can't use the user `root`. Please refer to the documentation for more instructions
则可能是系统的openssh
版本太低,只需执行如下命令升级即可:
- [rancher@localhost ~]$ ssh -V
- OpenSSH_6.6.1p1, OpenSSL 1.0.1e-fips 11 Feb 2013 #低于上边要求的6.7
- [rancher@localhost ~]$ exit
- [root@localhost ~]$ yum -y update openssh
- [root@localhost ~]$ssh -V
- OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
然后再切回rancher用户执行安装即可!
完成后,它应显示:Finished building Kubernetes cluster successfully。
并且已经创建了一个文件kube_config_rancher-cluster.yml
,这个文件包含kubectl和helm访问K8S的凭据。
- 4、配置环境变量:
su - root
vi /etc/profile
export KUBECONFIG=/home/rancher/kube_config_rancher-cluster.yml
保存,并执行:
source /etc/profile
保存kube_config_rancher-cluster.yml
和rancher-cluster.yml
文件的副本,后期维护和升级Rancher实例时将会用到。
- 5、通过kubectl测试您的连接,并查看您的所有节点是否处于Ready状态
先配置一下kubectl的命令补全功能。
$ echo "source <(kubectl completion bash)" >> ~/.bashrc
$ source ~/.bashrc
$ su - rancher
$ echo "source <(kubectl completion bash)" >> ~/.bashrc
$ source ~/.bashrc
然后查看节点状态。
[root@node1 ~]$ su - rancher
[rancher@node1 ~]$ kubectl get nodes
NAME STATUS ROLES AGE VERSION
192.168.10.3 Ready controlplane,etcd,worker 1m v1.11.6
192.168.10.4 Ready controlplane,etcd,worker 1m v1.11.6
192.168.10.5 Ready controlplane,etcd,worker 1m v1.11.6
由于需要联网下载docker镜像文件,所以需要一段时间才能安装好,10-30分钟左右。
- 6、检查集群Pod的运行状况
[rancher@node1 ~]$ kubectl get pods --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
ingress-nginx default-http-backend-797c5bc547-nnqzt 1/1 Running 0 1m
ingress-nginx nginx-ingress-controller-mn9jl 1/1 Running 0 1m
ingress-nginx nginx-ingress-controller-rrm8z 1/1 Running 0 1m
ingress-nginx nginx-ingress-controller-vt8lx 1/1 Running 0 1m
kube-system canal-9r7jt 3/3 Running 0 1m
kube-system canal-b86n6 3/3 Running 0 1m
kube-system canal-lqk8g 3/3 Running 0 1m
kube-system kube-dns-7588d5b5f5-dnqk7 3/3 Running 0 1m
kube-system kube-dns-autoscaler-5db9bbb766-cfqcg 1/1 Running 0 1m
kube-system metrics-server-97bc649d5-lkn57 1/1 Running 0 1m
kube-system rke-ingress-controller-deploy-job-s5ss8 0/1 Completed 0 1m
kube-system rke-kubedns-addon-deploy-job-p2hjb 0/1 Completed 0 1m
kube-system rke-metrics-addon-deploy-job-fqvfm 0/1 Completed 0 1m
kube-system rke-network-plugin-deploy-job-7zr8v 0/1 Completed 0 1m
保存kube_config_rancher-cluster.yml和rancher-cluster.yml文件的副本,您将需要这些文件来维护和升级Rancher实例。
2,Helm
使用Helm在集群上安装tiller服务以管理charts,由于RKE默认启用RBAC, 因此我们需要使用kubectl来创建一个serviceaccount,clusterrolebinding才能让tiller具有部署到集群的权限。
kubectl -n kube-system create serviceaccount tiller
kubectl create clusterrolebinding tiller --clusterrole cluster-admin --serviceaccount=kube-system:tiller
helm init --service-account tiller --tiller-image registry.cn-hangzhou.aliyuncs.com/eryajf/tiller:v2.12.0 --stable-repo-url https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts
helm init --service-account tiller --canary-image
export TILLER_TAG=v2.12.0
kubectl --namespace=kube-system set image deployments/tiller-deploy tiller=hongxiaolu/tiller:$TILLER_TAG
3,helm安装rancher
1,添加Chart仓库地址使用helm repo add命令添加Rancher chart仓库地址,访问Rancher tag和Chart版本
替换为您要使用的Helm仓库分支(即latest或stable)。
helm repo add rancher-stable https://releases.rancher.com/server-charts/stable
- 1、只有Rancher自动生成的证书和LetsEncrypt颁发的证书才需要cert-manager。如果是你自己的证书,可使用ingress.tls.source=secret参数指定证书,并跳过此步骤。
helm install stable/cert-manager \
--name cert-manager \
--namespace kube-system
- 2、Rancher自动生成证书
默认情况下,Rancher会自动生成CA根证书并使用cert-manager颁发证书以访问Rancher server界面。
唯一的要求是将hostname配置为访问Rancher的域名地址,使用这种SSL证书配置方式需提前安装证书管理器。
helm install rancher-stable/rancher \
--name rancher \
--namespace cattle-system \
--set hostname=rancher.com
rancher.com
就是后面访问rancher的域名,需要在/etc/hosts文件中添加关联(所有主机):
[root@node1 ~]$ echo "192.168.10.2 rancher.com" >> /etc/hosts
[root@node2 ~]$ echo "192.168.10.2 rancher.com" >> /etc/hosts
[root@node3 ~]$ echo "192.168.10.2 rancher.com" >> /etc/hosts
[root@nginx ~]$ echo "192.168.10.2 rancher.com" >> /etc/hosts
由于我们通过hosts文件来添加映射,所以需要为Agent Pod添加主机别名(/etc/hosts):
kubectl -n cattle-system patch deployments cattle-cluster-agent --patch '{
"spec": {
"template": {
"spec": {
"hostAliases": [
{
"hostnames":
[
"rancher.com"
],
"ip": "192.168.10.2"
}
]
}
}
}
}'
这一步如果马上执行,可能会报错:Error from server (NotFound): deployments.extensions "cattle-cluster-agent" not found
,这个deployment是上一步install时创建的,比较慢,耐心等待一下,这个时候也可以先跳过这里,去到后边,简单配置一下,访问一下rancher的界面。
kubectl -n cattle-system patch daemonsets cattle-node-agent --patch '{
"spec": {
"template": {
"spec": {
"hostAliases": [
{
"hostnames":
[
"rancher.com"
],
"ip": "192.168.100.22"
}
]
}
}
}
}'
4,登录rancher管理端
- 1、同样将刚刚的域名映射关系写入到Windows主机的hosts文件。
192.168.10.2 rancher.com
- 2、使用域名访问https://rancher.com
输入:admin/admin,进入首页界面。
刚进入,会看到一个问题,Waiting for server-url setting to be set
。
报这个问题的原因就是刚刚创建的cattle-cluster-agent
还没有被创建成功,同样耐心等待即可。这个时候可以随便点点看看先。这个过程与自己的网络有关,这时也可以在node1主机上,通过如下命令进行一个监控。
[rancher@node1 ~]$ kubectl get -n cattle-system pod -w
NAME READY STATUS RESTARTS AGE
rancher-bdf49fb9-7qhgp 1/1 Running 1 12m
rancher-bdf49fb9-hf6tm 1/1 Running 0 12m
rancher-bdf49fb9-xmbv7 1/1 Running 1 12m
cattle-cluster-agent-7b54db4bc8-r4blg 0/1 Pending 0 0s
cattle-cluster-agent-7b54db4bc8-r4blg 0/1 Pending 0 0s
cattle-cluster-agent-7b54db4bc8-r4blg 0/1 ContainerCreating 0 0s
cattle-node-agent-mskmb 0/1 Pending 0 0s
cattle-node-agent-2cmww 0/1 Pending 0 0s
cattle-node-agent-kkpvn 0/1 Pending 0 0s
cattle-node-agent-mskmb 0/1 ContainerCreating 0 0s
cattle-node-agent-kkpvn 0/1 ContainerCreating 0 0s
cattle-node-agent-2cmww 0/1 ContainerCreating 0 0s
在我这里,等了十分钟左右,才开始正式的部署。这个时候,可以返回到上边,将那两条命令导入进去。
然后再看rancher,就不会报连接问题了。
5,安装rancher-cli
- 1、下载rancher-cli工具
可以通过首页右下角的下载cli进行下载,这里直接通过命令方式进行下载。通过这个友好的cli,我们可以完成很多自动化的事情,包括后续的CI/CD也将依赖它来完成。
所以我下边的试验干脆就在上边准备的nginx主机上进行,后续的Jenkins也在这里进行。
[root@nginx ~]$ wget https://releases.rancher.com/cli2/v2.0.6/rancher-linux-amd64-v2.0.6.tar.gz
[root@nginx ~]$ tar zxvf rancher-linux-amd64-v2.0.6.tar.gz
- 2、配置变量
mv rancher-v2.0.6/rancher /usr/bin/rancher
rm -rf rancher-v2.0.6/
- 3、测试登录
新建用户获取tonken:
创建一个永不过期的token,以用于验证使用。
使用如下命令进行登陆:
[root@nginx ~]$ rancher login https://rancher.com/v3 --token token-fkgj6:gd2z99wnfgc2zw9pw969rppgbnrfwg7l59l4gccqp5wmdc6vd27r5l
注意,还需要安装kubectl命令,否则执行相关操作时会报如下错误:
FATA[0000] kubectl is required to be set in your path to use this command. See https://kubernetes.io/docs/tasks/tools/install-kubectl/ for more info. Error: exec: "kubectl": executable file not found in $PATH
所以需要安装才行,怎样安装,可参考上边的操作。
随便执行一下命令验证一下。
[root@nginx ~]$ rancher kubectl get node
NAME STATUS ROLES AGE VERSION
192.168.10.3 Ready controlplane,etcd,worker 32m v1.11.6
192.168.10.4 Ready controlplane,etcd,worker 32m v1.11.6
192.168.10.5 Ready controlplane,etcd,worker 32m v1.11.6
借此机会来个安装应用的定妆照!
[root@nginx ~]$rancher kubectl get pod --all-namespaces
NAMESPACE NAME READY STATUS RESTARTSAGE
cattle-system cattle-cluster-agent-5c9d5cbb87-nlf8x 1/1 Running 016m
cattle-system cattle-node-agent-6ncnb 1/1 Running 016m
cattle-system cattle-node-agent-cdpww 1/1 Running 016m
cattle-system cattle-node-agent-l48m8 1/1 Running 016m
cattle-system rancher-bdf49fb9-7qhgp 1/1 Running 131m
cattle-system rancher-bdf49fb9-hf6tm 1/1 Running 031m
cattle-system rancher-bdf49fb9-xmbv7 1/1 Running 131m
ingress-nginx default-http-backend-797c5bc547-nnqzt 1/1 Running 034m
ingress-nginx nginx-ingress-controller-mn9jl 1/1 Running 034m
ingress-nginx nginx-ingress-controller-rrm8z 1/1 Running 034m
ingress-nginx nginx-ingress-controller-vt8lx 1/1 Running 034m
kube-system canal-9r7jt 3/3 Running 034m
kube-system canal-b86n6 3/3 Running 034m
kube-system canal-lqk8g 3/3 Running 034m
kube-system cert-manager-cert-manager-8f55cc84b-z84kw 2/2 Running 031m
kube-system kube-dns-7588d5b5f5-dnqk7 3/3 Running 034m
kube-system kube-dns-autoscaler-5db9bbb766-cfqcg 1/1 Running 034m
kube-system metrics-server-97bc649d5-lkn57 1/1 Running 034m
kube-system rke-ingress-controller-deploy-job-s5ss8 0/1 Completed 034m
kube-system rke-kubedns-addon-deploy-job-p2hjb 0/1 Completed 034m
kube-system rke-metrics-addon-deploy-job-fqvfm 0/1 Completed 034m
kube-system rke-network-plugin-deploy-job-7zr8v 0/1 Completed 034m
kube-system tiller-deploy-8cb5b5f5c-qzk5z 1/1 Running 032m
OK,看到能够这样执行命令,就可以了,后边的流水线工作就不用发愁了。
6,参考。
http://uee.me/aMRVU
http://uee.me/aMRVT
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK