本文转载自RKE部署rancher高可用集群
建议使用如下命令把镜像下载下来
docker pull rancher/calico-node:v3.13.0
docker pull rancher/calico-pod2daemon-flexvol:v3.13.0
docker pull rancher/calico-cni:v3.13.0
docker pull rancher/calico-kube-controllers:v3.13.0
docker pull rancher/rke-tools:v0.1.52
docker pull rancher/coreos-etcd:v3.4.3-rancher1
docker pull rancher/metrics-server:v0.3.6
docker pull rancher/cluster-proportional-autoscaler:1.7.1
docker pull rancher/nginx-ingress-controller:nginx-0.25.1-rancher1
docker pull weaveworks/weave-npc:2.5.2
docker pull weaveworks/weave-kube:2.5.2
docker pull rancher/coreos-flannel:v0.11.0
docker pull rancher/k8s-dns-kube-dns:1.15.0
docker pull rancher/k8s-dns-dnsmasq-nanny:1.15.0
docker pull rancher/k8s-dns-sidecar:1.15.0
docker pull rancher/nginx-ingress-controller-defaultbackend:1.5-rancher1
docker pull rancher/calico-ctl:v2.0.0
docker pull rancher/pause:3.1
docker pull rancher/coredns-coredns:1.6.5
docker pull rancher/coreos-flannel:v0.11.0-rancher1
docker pull rancher/flannel-cni:v0.3.0-rancher5
docker pull rancher/hyperkube:v1.17.4-rancher1
docker pull rancher/kubelet-pause:v0.1.3
节点规划
节点基础配置
注意:本章节操作需要在每个节点执行
1.配置yum源
复制
curl http://mirrors.aliyun.com/repo/Centos-7.repo >/etc/yum.repos.d/centos-7.repo
curl http://mirrors.aliyun.com/repo/epel-7.repo >/etc/yum.repos.d/epel-7.repo
复制
sed -i '/aliyuncs/d' /etc/yum.repos.d/centos-7.repo
复制
cat >/etc/yum.repos.d/docker-ce.repo <<EOF
[docker-ce]
name=docker
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/x86_64/stable/
gpgcheck=0
enabled=1
EOF
2.刷新yum源缓存
复制
yum clean all && yum makecache
3.关闭firewalld
复制
systemctl disable firewalld
systemctl stop firewalld
4.关闭selinux,并重启节点
复制
sed -i "7s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
5.安装docker
复制
yum install docker-ce -y
6.从docker1.13版本开始,docker会自动设置iptables的FORWARD默认策略为DROP,所以需要修改docker的启动配置文件/usr/lib/systemd/system/docker.service
复制
[Service]
Type=notify
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
ExecStartPost=/usr/sbin/iptables -P FORWARD ACCEPT
ExecReload=/bin/kill -s HUP $MAINPID
7.启动docker服务
复制
systemctl enable docker
systemctl start docker
8.配置docker加速器
复制
tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://1z45x7d0.mirror.aliyuncs.com"],
"insecure-registries": ["172.16.1.11:4000"],
"storage-driver": "overlay2",
"log-driver": "json-file",
"log-opts": {
"max-size": "100m",
"max-file": "3"
}
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker
9.添加节点hosts
复制
172.16.1.11 node01
172.16.1.12 node02
10.创建rancher用户
复制
useradd -G docker rancher
passwd rancher
11.配置rancher用户节点互相
配置节点双机互信
复制
ssh-keygen -f /home/rancher/.ssh/id_rsa -N ''
ssh-copy-id -i /home/rancher/.ssh/id_rsa.pub node01
ssh-copy-id -i /home/rancher/.ssh/id_rsa.pub node02
scp /home/rancher/.ssh/id_rsa node01:/home/rancher/.ssh/
scp /home/rancher/.ssh/id_rsa node02:/home/rancher/.ssh/
rke部署k8s集群
下载并配置rke
复制
wget https://github.com/rancher/rke/releases/download/v0.1.17/rke_linux-amd64
复制
chmod 777 rke_linux-amd64
mv rke_linux-amd64 /usr/local/bin/rke
创建集群配置文件
复制
cat >/home/rancher/rancher-cluster.yml <<EOF
nodes:
- address: 172.16.1.11
user: rancher
role: [controlplane,worker,etcd]
- address: 172.16.1.12
user: rancher
role: [controlplane,worker,etcd]
services:
etcd:
snapshot: true
creation: 6h
retention: 24h
EOF
复制
chmod 777 /home/rancher/rancher-cluster.yml
创建k8s集群
复制
su - rancher
rke up --config rancher-cluster.yml
下载并配置kubectl
复制
wget https://www.cnrancher.com/download/kubectl/kubectl_amd64-linux
复制
chmod 777 kubectl_amd64-linux
mv kubectl_amd64-linux /usr/local/bin/kubectl
为root用户配置kubectl访问k8s集群
复制
mkdir /root/.kube
cp /home/rancher/kube_config_rancher-cluster.yml /root/.kube/config
检查k8s集群pod状态
复制
kubectl get pods --all-namespaces
复制
[root@node01 ~]# kubectl get pods --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
ingress-nginx default-http-backend-7f8fbb85db-rxs9r 1/1 Running 0 106s
ingress-nginx nginx-ingress-controller-9vhbj 1/1 Running 0 10m
ingress-nginx nginx-ingress-controller-lhvk4 1/1 Running 0 10m
kube-system canal-9lhlr 2/2 Running 0 10m
kube-system canal-xxz5p 2/2 Running 0 10m
kube-system kube-dns-5fd74c7488-54dgp 3/3 Running 0 10m
kube-system kube-dns-autoscaler-c89df977f-fb42z 1/1 Running 0 10m
kube-system metrics-server-7fbd549b78-8hftl 1/1 Running 0 10m
kube-system rke-ingress-controller-deploy-job-8c9c2 0/1 Completed 0 10m
kube-system rke-kubedns-addon-deploy-job-lp5tc 0/1 Completed 0 10m
kube-system rke-metrics-addon-deploy-job-j585d 0/1 Completed 0 10m
kube-system rke-network-plugin-deploy-job-xssrc 0/1 Completed 0 10m
pod的状态只有以上两种状态为正常状态,若有其他状态则需要查看pod日志
复制
kubectl describe pod pod-xxx -n namespace
helm将rancher部署在k8s集群
安装并配置helm客户端
复制
wget https://storage.googleapis.com/kubernetes-helm/helm-v2.12.3-linux-amd64.tar.gz
tar xf helm-linux.tar.gz
cp linux-amd64/helm /usr/local/bin/
cp linux-amd64/tiller /usr/local/bin/
配置helm客户端具有访问k8s集群的权限
复制
kubectl -n kube-system create serviceaccount tiller
kubectl create clusterrolebinding tiller --clusterrole cluster-admin --serviceaccount=kube-system:tiller
将helm server(titler)部署到k8s集群
复制
helm init --service-account tiller --tiller-image hongxiaolu/tiller:v2.12.3 --stable-repo-url https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts
检查tiller pod运行正常,若tiller pod不正常需要修复。
复制
kubectl get pods --all-namespaces
为helm客户端配置chart仓库
复制
helm repo add rancher-stable https://releases.rancher.com/server-charts/stable
检查rancher chart仓库可用
复制
复制
NAME CHART VERSION APP VERSION DESCRIPTION
rancher-stable/rancher 2019.3.1 v2.1.7 Install Rancher Server to manage Kubernetes clusters acro...
安装证书管理器
复制
helm install stable/cert-manager \
--name cert-manager \
--namespace kube-system
检查证书管理器pod是否正常
复制
kubectl get pods --all-namespaces|grep cert-manager
安装rancher
复制
helm install rancher-stable/rancher \
--name rancher \
--namespace cattle-system \
--set hostname=acai.rancher.com
由于rancher HA需要通过域名访问,所有在本地添加hosts解析后。浏览器访问
复制
https://acai.rancher.com