日韩性视频-久久久蜜桃-www中文字幕-在线中文字幕av-亚洲欧美一区二区三区四区-撸久久-香蕉视频一区-久久无码精品丰满人妻-国产高潮av-激情福利社-日韩av网址大全-国产精品久久999-日本五十路在线-性欧美在线-久久99精品波多结衣一区-男女午夜免费视频-黑人极品ⅴideos精品欧美棵-人人妻人人澡人人爽精品欧美一区-日韩一区在线看-欧美a级在线免费观看

歡迎訪問 生活随笔!

生活随笔

當前位置: 首頁 > 编程资源 > 编程问答 >内容正文

编程问答

Rancher安装k8s: rke高可用集群

發布時間:2024/3/26 编程问答 28 豆豆
生活随笔 收集整理的這篇文章主要介紹了 Rancher安装k8s: rke高可用集群 小編覺得挺不錯的,現在分享給大家,幫大家做個參考.

文章目錄

  • 1,單節點rancher
    • 1.1,安裝啟動rancher
    • 1.2,頁面創建k8s集群
      • 設置kubectl環境
    • 1.3,rancher重置admin密碼
  • 2,高可用rancher
    • 2.1,rke安裝k8s集群
    • 2.2,在k8s集群上安裝rancher
      • helm安裝rancher
      • 頁面https訪問rancher
      • http代理rancher https
      • 通過rancher域名,創建k8s集群
    • 2.3 刪除集群,重新安裝

1,單節點rancher

1.1,安裝啟動rancher

  • 離線安裝:https://docs.rancher.cn/docs/rancher2/installation/other-installation-methods/air-gap/populate-private-registry/_index
  • 單節點安裝:https://docs.rancher.cn/docs/rancher2/installation/other-installation-methods/single-node-docker/_index/

此處使用單節點,用glusterfs實現高可用(3節點3備份):
mount -t glusterfs 192.168.56.7:/gluster_out1 /export

docker run -d --restart=unless-stopped \-p 8080:80 -p 443:443 \-v /export/rancher/data/:/var/lib/rancher/ \-v /export/rancher/auditlog:/var/log/auditlog \-e CATTLE_SYSTEM_CATALOG=bundled \-e AUDIT_LEVEL=3 \rancher/rancher:v2.2.4#rancher-k8s 基礎鏡像: # rancher/rancher-agent:v2.2.4 # rancher/rke-tools:v0.1.28 # rancher/hyperkube:v1.13.5-rancher1 # rancher/nginx-ingress-controller:0.21.0-rancher3 # rancher/kube-api-auth:v0.1.3 # rancher/calico-node:v3.4.0 # rancher/calico-cni:v3.4.0 # rancher/k8s-dns-sidecar:1.15.0 # rancher/k8s-dns-kube-dns:1.15.0 # rancher/k8s-dns-dnsmasq-nanny:1.15.0 # rancher/metrics-server:v0.3.1 # rancher/coreos-etcd:v3.2.24-rancher1 # rancher/coreos-flannel:v0.10.0 # rancher/pause:3.1 # rancher/nginx-ingress-controller-defaultbackend:1.4-rancher1 # rancher/cluster-proportional-autoscaler:1.0.0

1.2,頁面創建k8s集群

  • 打開瀏覽器,輸入主機的 IP 地址:https://<SERVER_IP>
    首次登錄時,請按照頁面提示設置登錄密碼。
  • 鏡像倉庫: 進入rancher頁面,點擊”系統設置”,配置system-default-reglstry (設置為 myharbor.io )
  • 創建k8s集群: 點擊“添加集群”,選擇“添加主機自建Kubernetes集群”


設置kubectl環境

  • 常用文件下載加速站點:https://ghproxy.com/
  • 下載kubectl二進制文件
# kubectl 命令行工具:配置文件為 ~/.kube/config curl -LO "https://dl.k8s.io/release/v1.22.3/bin/linux/amd64/kubectl" curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.22.3/bin/linux/amd64/kubectl


[root@c73 ~]# head -3 ~/.kube/config apiVersion: v1 kind: Config clusters: [root@c73 ~]# kubectl get nodes NAME STATUS ROLES AGE VERSION c73 Ready worker 7d v1.13.5 c73 Ready controlplane,etcd,worker 91d v1.13.5

1.3,rancher重置admin密碼

  • 不可登錄,后臺重設密碼
#詳情參考 https://www.bookstack.cn/read/rancher-v2.x/eb4dcbcdb337125c.md [root@c73 ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 3c6bdc7c8e0f rancher/rancher:v2.2.4 "entrypoint.sh" 3 minutes ago Up 3 minutes 0.0.0.0:443->443/tcp, 0.0.0.0:8080->80/tcp sad_mayer[root@c73 ~]# docker exec -it sad_mayer reset-password New password for default admin user (user-67bvl): rxszf58eUl1UvahECmzJ
  • 可登錄,直接修改密碼

2,高可用rancher

rke安裝k8s-前置要求:https://docs.rancher.cn/docs/rke/os/_index

2.1,rke安裝k8s集群

  • rke up/remove --config xx.yml
  • yaml文件完整示例:https://docs.rancher.cn/docs/rke/example-yamls/_index/
rke二進制文件下載: https://github.com/rancher/rke/releases/download/v1.3.4/rke_linux-amd64 加速站點1:https://ghproxy.com/ https://mirror.ghproxy.com/ 加速站點2:https://shrill-pond-3e81.hunsh.workers.dev/ https://gh.api.99988866.xyz/[root@c78 ~]# mv rke_linux-amd64 /usr/local/bin/rke

編寫cluster.yml ,啟動k8s集群

#1, 創建普通用戶,可執行docker命令 [root@c78 rancher-ha]# useradd docker [root@c78 rancher-ha]# echo docker |passwd docker --stdin#2,使得docker用戶可執行docker命令 [root@c78 rancher-ha]# chown docker /var/run/docker.sock [root@c78 rancher-ha]# ll /var/run/docker.sock srw-rw----. 1 docker docker 0 Jan 19 07:27 /var/run/docker.sock#3, 切換到docker用戶,設置免密登錄主機 [root@c78 rancher-ha]# su - docker Last login: Wed Jan 19 10:42:20 UTC 2022 on pts/2 [docker@c78 ~]$ ssh-keygen -t rsa -P '' -f ~/.ssh/id_rsa[docker@c78 ~]$ ssh-copy-id 192.168.56.78 /bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/docker/.ssh/id_rsa.pub" /bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys docker@192.168.56.78's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh '192.168.56.78'" and check to make sure that only the key(s) you wanted were added.#驗證docker用戶,免密登錄主機 [docker@c78 ~]$ ssh 192.168.56.78 Last login: Wed Jan 19 10:43:55 2022#4,編寫cluster.yml:確定k8s集群節點和角色,以及登錄用戶(非root) [docker@c78 ~]$ cat cluster.yml nodes:- address: 192.168.56.78user: dockerrole:- controlplane- etcd- worker # - address: 192.168.56.77 # user: docker # #ssh_key_path: /home/user/.ssh/id_rsa # #ssh_cert_path: /home/user/.ssh/test-key-cert.pub # #private_registries: #- url: harbor01.io # private registry url # user: admin # password: "Harbor12345" # is_default: true#5, 啟動k8s集群 [docker@c78 ~]$ rke up INFO[0000] Running RKE version: v1.3.4 INFO[0000] Initiating Kubernetes cluster INFO[0000] [certificates] GenerateServingCertificate is disabled, checking if there are unused kubelet certificates INFO[0000] [certificates] Generating admin certificates and kubeconfig INFO[0000] Successfully Deployed state file at [./cluster.rkestate] INFO[0000] Building Kubernetes cluster INFO[0000] [dialer] Setup tunnel for host [192.168.56.78] INFO[0000] [network] No hosts added existing cluster, skipping port check INFO[0000] [certificates] Deploying kubernetes certificates to Cluster nodes INFO[0000] Checking if container [cert-deployer] is running on host [192.168.56.78], try #1 INFO[0000] Image [rancher/rke-tools:v0.1.78] exists on host [192.168.56.78] INFO[0000] Starting container [cert-deployer] on host [192.168.56.78], try #1 INFO[0001] Checking if container [cert-deployer] is running on host [192.168.56.78], try #1 ...#6, 驗證k8s集群 [docker@c78 ~]$ ll total 120 -rw-------. 1 docker docker 107308 Jan 19 10:55 cluster.rkestate -rw-r-----. 1 docker docker 278 Jan 19 10:55 cluster.yml -rw-------. 1 docker docker 5500 Jan 19 10:55 kube_config_cluster.yml[docker@c78 ~]$ kubectl --kubeconfig kube_config_cluster.yml version Client Version: version.Info{Major:"1", Minor:"13", GitVersion:"v1.13.0", GitCommit:"ddf47ac13c1a9483ea035a79cd7c10005ff21a6d", GitTreeState:"clean", BuildDate:"2018-12-03T21:04:45Z", GoVersion:"go1.11.2", Compiler:"gc", Platform:"linux/amd64"} Server Version: version.Info{Major:"1", Minor:"21", GitVersion:"v1.21.8", GitCommit:"4a3b558c52eb6995b3c5c1db5e54111bd0645a64", GitTreeState:"clean", BuildDate:"2021-12-15T14:46:22Z", GoVersion:"go1.16.12", Compiler:"gc", Platform:"linux/amd64"}[docker@c78 ~]$ kubectl --kubeconfig kube_config_cluster.yml get nodes NAME STATUS ROLES AGE VERSION 192.168.56.78 Ready controlplane,etcd,worker 3h27m v1.21.8#7, 設置k8s環境變量 [docker@c78 ~]$ mkdir ~/.kube/ [docker@c78 ~]$ cp kube_config_cluster.yml ~/.kube/config [docker@c78 ~]$ kubectl get nodes NAME STATUS ROLES AGE VERSION 192.168.56.78 Ready controlplane,etcd,worker 3h28m v1.21.8

2.2,在k8s集群上安裝rancher

helm安裝rancher

  • rancher高可用安裝文檔:https://docs.rancher.cn/docs/rancher2/installation/install-rancher-on-k8s/_index/
  • 生成自簽名證書:https://docs.rancher.cn/docs/rancher2/installation/resources/advanced/self-signed-ssl/_index
#下載helm wget https://get.helm.sh/helm-v3.8.0-linux-amd64.tar.gz#按文檔安裝 1,添加 Helm Chart 倉庫:離線下載rancher charts 2,為 Rancher 創建 Namespace :cattle-system 3,選擇您的 SSL 選項: 使用您自己的證書, 方式 C:使用您已有的證書#安裝rancher/rancher:v2.6.3 (charts中values.yaml默認拉取最新版rancher) #下載生成證書的腳本:create_self-signed-cert.sh #https://docs.rancher.cn/docs/rancher2/installation/resources/advanced/self-signed-ssl/_index/ RANCHER_DOMAIN=rancher-my.test.com sh create_self-signed-cert.sh --ssl-domain=$RANCHER_DOMAINkubectl -n kube-system create serviceaccount tillerkubectl create clusterrolebinding tiller \--clusterrole cluster-admin \--serviceaccount=kube-system:tillerkubectl -n kube-system \create secret docker-registry regcred \--docker-server="harbor01.io" \--docker-username=admin \--docker-password=Harbor12345kubectl -n kube-system patch serviceaccount tiller -p '{"imagePullSecrets": [{"name": "regcred"}]}'#helm init --service-account tiller --skip-refresh --tiller-image harbor01.io/rancher/tiller:v2.14.1 kubectl create namespace cattle-system kubectl -n cattle-system create secret tls tls-rancher-ingress --cert=./tls.crt --key=./tls.key kubectl -n cattle-system create secret generic tls-ca --from-file=cacerts.pem sleep 60#下載rancher的helm安裝包,解壓離線安裝 tar zxf rancher-2.5.11.tgz #"vim rancher/values.yaml, 設置默認鏡像倉庫地址" #extraEnv: # - name: CATTLE_SYSTEM_DEFAULT_REGISTRY # value: "harbor01.io"RANCHER_DOMAIN=rancher-my.test.com helm install rancher2.5 ./rancher \ --namespace cattle-system \--set hostname=$RANCHER_DOMAIN \--set ingress.tls.source=secret \--set privateCA=true \--set rancherImage=harbor01.io/rancher/rancher#查看ingress [root@c78 ~]# kubectl get po -n ingress-nginx -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES ingress-nginx-admission-create-cl6cq 0/1 Completed 0 40m 10.42.1.5 192.168.56.77 <none> <none> ingress-nginx-admission-patch-ftvc2 0/1 Completed 0 40m 10.42.1.6 192.168.56.77 <none> <none> nginx-ingress-controller-gsk24 1/1 Running 0 40m 10.42.0.4 192.168.56.78 <none> <none> nginx-ingress-controller-jv6fz 1/1 Running 0 40m 10.42.1.7 192.168.56.77 <none> <none> [root@c78 ~]# kubectl get po -n cattle-system -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES helm-operation-2584b 0/2 Completed 0 13m 10.42.0.9 192.168.56.78 <none> <none> helm-operation-2lxrz 0/2 Completed 0 15m 10.42.0.8 192.168.56.78 <none> <none> helm-operation-7bsn6 0/2 Completed 0 11m 10.42.0.10 192.168.56.78 <none> <none> helm-operation-7hlk5 0/2 Completed 0 11m 10.42.0.14 192.168.56.78 <none> <none> helm-operation-j7s85 0/2 Completed 0 10m 10.42.0.17 192.168.56.78 <none> <none> rancher-6bcbdd6cb7-7rxdq 1/1 Running 4 29m 10.42.0.7 192.168.56.78 <none> <none> rancher-6bcbdd6cb7-gqzxz 1/1 Running 4 29m 10.42.1.10 192.168.56.77 <none> <none> rancher-webhook-5d4f5b7f6d-z49zw 1/1 Running 0 10m 10.42.0.16 192.168.56.78 <none> <none>

頁面https訪問rancher

  • 訪問Web UI: (需要先配置hosts: 192.168.56.78 c78 rancher.my.org)
  • 按照提示獲取登錄密碼:
[root@c78 rancher-ha]# kubectl get secret --namespace cattle-system bootstrap-secret -o go-template='{{.data.bootstrapPassword|base64decode}}{{"\n"}}' zstb522n49hwr4wzcs6mhrgq9fb9nf2872ffvzj86qpqrdqdp5cjsb
  • local集群,system項目有些服務啟動失敗問題,拉取不到如下鏡像

rancher2.5.11拉取的鏡像如下:

rancher/k8s-dns-kube-dns:1.15.0 rancher/k8s-dns-dnsmasq-nanny:1.15.0 rancher/k8s-dns-sidecar:1.15.0 rancher/rancher-agent:v2.2.4 rancher/shell:v0.1.6 rancher/rancher-webhook:v0.1.2 rancher/fleet:v0.3.5 rancher/gitjob:v0.1.15

頁面正常訪問如下:(上述錯誤不影響訪問)

http代理rancher https

[root@JXQ-11-243-33-90 nginx]# cat nginx.conf #user nobody; worker_processes 1; #error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; #pid logs/nginx.pid; events {worker_connections 1024; } http {include mime.types;default_type application/octet-stream;#access_log logs/access.log main;sendfile on;#tcp_nopush on;#keepalive_timeout 0;keepalive_timeout 65;#gzip on;include conf.d/*.conf; }[root@JXQ-11-243-33-90 nginx]# cat conf.d/rancher.conf upstream rancher-my.test.com {server 192.168.56.201:80;server 192.168.56.209:80;server 192.168.56.203:80; } map $http_upgrade $connection_upgrade {default Upgrade;'' close; } server {listen 80;server_name rancher-my.test.com;location / {access_log /tmp/rancher.log;error_log /tmp/rancher-err.log;proxy_ssl_trusted_certificate cert/tls.crt; #tls.crt由以上的證書腳本生成proxy_ssl_session_reuse on;proxy_ssl_verify on;proxy_ssl_verify_depth 2;proxy_set_header Host rancher-my.test.com;proxy_set_header X-Forwarded-Proto https;proxy_set_header X-Forwarded-Port $server_port;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;proxy_pass http://rancher-my.test.com; proxy_http_version 1.1;proxy_set_header Upgrade $http_upgrade;proxy_set_header Connection $connection_upgrade;proxy_read_timeout 900s;proxy_buffering off;} }[root@JXQ-11-243-33-90 nginx]# ll cert/tls.crt -rw-r--r-- 1 root root 2278 May 17 15:04 cert/tls.crt

通過rancher域名,創建k8s集群

  • rancher 2.5.11 創建k8s集群,會遇到證書驗證失敗問題(需要設置GODEBUG環境變量)
time="2022-07-13T01:42:10Z" level=fatal msg="Get \"https://rancher-my.test.com\": x509: certificate relies on legacy Common Name field, use SANs or temporarily enable Common Name matching with GODEBUG=x509ignoreCN=0"

  • 選擇k8s版本–> 自定義主機運行命令:“復制以下命令在主機的SSH終端運行” (如果是rancher server地址是域名,則需要在配置在hosts中配置該域名解析,否則容器啟動會報錯)

2.3 刪除集群,重新安裝

#銷毀k8s集群 rke remove --config my-cluster.yml#刪除舊的容器 docker stop $(docker ps -qa ) docker rm -f $(docker ps -qa )#刪除舊的數據 df -h |grep /var/lib/kubelet |awk '{print "sudo umount",$NF}' |sh rm -rf /var/lib/kubelet/ rm -rf /var/lib/etcd rm -rf /etc/kubenetes/#重新安裝 rke up --config my-cluster.yml

總結

以上是生活随笔為你收集整理的Rancher安装k8s: rke高可用集群的全部內容,希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯,歡迎將生活随笔推薦給好友。