rke搭建k8s集群与rancher高可用部署

2024-01-04 13:32:22

rancher集群部署

在线部署

  • 开启rancher服务,UI界面添加集群,集群扩展节点。
docker run -d --privileged --restart=unless-stopped \
  -p 80:80 -p 443:443 \
  --privileged \
  rancher/rancher:latest
  • 注意事项
* arm64网络仅支持fannel
* 所有节点root权限
* 节点角色全部选择(crontolplane、etcd、worker)
* etcd集群要求节点数大于三个,因此集群节点不够三个时,集群不能移除节点
* 安装出错需要全部清理重来

离线部署

rke部署k8s集群

创建私有创库

### 加载仓库镜像
docker load registry.tar
### 设置仓库用户密码,用户名admin,密码sysadmin
mkdir -p /opt/registry/auth
docker run --entrypoint htpasswd registry:2.7.0 -Bbn admin sysadmin > /opt/registry/auth/htpasswd
### 开启镜像仓库
docker run  -d -p 5000:5000 --restart=always --name my_registry -v /opt/registry/auth:/auth -e "REGISTRY_AUTH=htpasswd" -e  "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm"  -e  REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd registry:2.7.0
### 验证登录
docker login 127.0.0.1 
将所需镜像推送到私有仓库

拉取镜像脚本地址
https://github.com/rancher/rancher/releases/tag/v2.5.5

./rancher-load-images.sh --image-list ./rancher-images.txt --registry 127.0.0.1:5000

安装rke

  • 配置免密
ssh-keygen
  • rke安装节点需要对集群所有节点免密
ssh-copy-id -i ~/.ssh/id_rsa.pub root@x.x.x.x
  • 添加rke运行脚本
cp rke_linux-arm64 /usr/local/bin/rke
  • 配置rke集群文件
vi rke-cluster.yml

network:
  plugin: flannel
nodes:
  - address: 173.21.31.41 
    user: root  ### centos需要docker用户组的非root用户,
    role: ["controlplane", "etcd", "worker"]
    ssh_key_path: /root/.ssh/id_rsa
  - address: 173.21.31.42
    user: root
    role: ["controlplane", "etcd", "worker"]
    ssh_key_path: /root/.ssh/id_rsa
  - address: 173.21.31.43
    user: root
    role: ["controlplane", "etcd", "worker"]
    ssh_key_path: /root/.ssh/id_rsa

private_registries:  ## 联网环境可以不指定私有仓库
  - url: 127.0.0.1:5000
    user: admin
    password: sysadmin
    is_default: true

创建rke集群

rke up --config rke-cluster.yml
  • 安装成功会生成kube_config_rke-cluster.yml,rke-cluster.rkestate两个文件
  • 同步集群信息
mkdir -p /root/.kube
  • 分别在集群所有节点替换/root/.kube/config文件内容与kube_config_rke-cluster.yml内容一致
cp kube_config_rke-cluster.yml /root/.kube/config
  • 查看集群信息
kubectl get nodes
NAME           STATUS   ROLES                      AGE   VERSION
173.21.31.41   Ready    controlplane,etcd,worker   27h   v1.19.7
173.21.31.42   Ready    controlplane,etcd,worker   27h   v1.19.7
173.21.31.43   Ready    controlplane,etcd,worker   27h   v1.19.7

 kubectl get pods -A
NAMESPACE                 NAME                                       READY   STATUS             RESTARTS   AGE
cattle-system             rancher-85c9cf85ff-bm5kl                   1/1     Running            80         21h
cattle-system             rancher-85c9cf85ff-fs5lc                   1/1     Running            4          21h
cattle-system             rancher-85c9cf85ff-v5g77                   1/1     Running            70         21h
cattle-system             rancher-webhook-b5b7b76c4-vx6m8            1/1     Running            1          21h
cert-manager              cert-manager-5fdd5877dc-tlddh              1/1     Running            6          23h
cert-manager              cert-manager-cainjector-54cbc96f6b-9t5dd   1/1     Running            6          23h
cert-manager              cert-manager-webhook-75c9994b75-mlwkb      1/1     Running            1          23h
fleet-system              fleet-agent-76fc77855-d78c4                1/1     Running            6          22h
fleet-system              fleet-controller-ccc95b8cd-pzpn2           1/1     Running            78         22h
fleet-system              gitjob-5997858b9c-bwch9                    1/1     Running            7          22h
ingress-nginx             default-http-backend-65dd5949d9-9stvt      1/1     Running            2          27h
ingress-nginx             nginx-ingress-controller-bng8g             0/1     CrashLoopBackOff   91         27h
ingress-nginx             nginx-ingress-controller-pxbhn             1/1     Running            0          27h
ingress-nginx             nginx-ingress-controller-qn7w2             1/1     Running            1          27h
kube-system               coredns-6f85d5fb88-bls28                   1/1     Running            1          27h
kube-system               coredns-6f85d5fb88-h4kst                   1/1     Running            0          26h
kube-system               coredns-6f85d5fb88-zt25r                   1/1     Running            1          26h
kube-system               coredns-autoscaler-79599b9dc6-xkfsq        1/1     Running            0          27h
kube-system               kube-flannel-57k2w                         2/2     Running            2          27h
kube-system               kube-flannel-mq7m8                         2/2     Running            0          27h
kube-system               kube-flannel-sljf8                         2/2     Running            2          27h
kube-system               metrics-server-8449844bf-d5zrz             1/1     Running            1          27h
kube-system               rke-coredns-addon-deploy-job-xh9dn         0/1     Completed          0          27h
kube-system               rke-ingress-controller-deploy-job-dfgkb    0/1     Completed          0          27h
kube-system               rke-metrics-addon-deploy-job-gdhxq         0/1     Completed          0          27h
kube-system               rke-network-plugin-deploy-job-n2r6l        0/1     Completed          0          27h
kube-system               tiller-deploy-6b6f975bcb-x4f8f             1/1     Running            1          23h
rancher-operator-system   rancher-operator-f54cf4887-r68cj           1/1     Running            6          23h

rancher高可用

安装cert_manager

  • rancher的自认证模式
# 安装 CustomResourceDefinition 资源
kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v0.15.0/cert-manager.crds.yaml
# 为 cert-manager 创建命名空间
kubectl create namespace cert-manager
# 添加 Jetstack Helm 仓库
helm repo add jetstack https://charts.jetstack.io
# 更新本地 Helm chart 仓库缓存
helm repo update
# 安装 cert-manager Helm chart
helm install \
 cert-manager jetstack/cert-manager \
 --namespace cert-manager \
 --version v0.15.0
  • 查看安装情况
kubectl get pods --namespace cert-manager
NAME                                       READY   STATUS    RESTARTS   AGE
cert-manager-5fdd5877dc-tlddh              1/1     Running   6          28h
cert-manager-cainjector-54cbc96f6b-9t5dd   1/1     Running   6          28h
cert-manager-webhook-75c9994b75-mlwkb      1/1     Running   1          28h

安装rancher

  • rancher-stable添加到本地
helm repo add rancher-stable https://releases.rancher.com/server-charts/stable
  • rancher-stable下载到本地
helm fetch rancher-stable/rancher
  • 离线启动
helm template rancher ./rancher-2.3.5.tgz \
     --namespace cattle-system --output-dir . \ --set hostname=qx.rancher.com
  • 联网启动
helm install rancher rancher-stable/rancher \
 --namespace cattle-system \
 --set hostname=qx.rancher.com
  • 查看启动情况:
kubectl -n cattle-system rollout status deploy/rancher

UI访问

https://qx.rancher.com

用户名:admin,密码:sysadmin

上一篇:Kubeadm搭建高可用Kubernetes集群 3个matser


下一篇:StatefulSet删除