Rancher 中文文档

https://docs.rancher.cn/

4C 8G Centos7.7 3 master+2 node

文件下载地址
http://mirror.cnrancher.com/

1. 安装RKE工具
master节点01部署
1.1 下载RKE工具到本地**
wget http://rancher-mirror.cnrancher.com/rke/v1.1.1/rke_linux-amd64
chmod +x rke_linux-amd64 && sudo mv rke_linux-amd64 /usr/bin/rke

1.2 查看当前RKE版本
rke —version

1.3 查看RKE支持的Kubernetes版本
rke config —list-version —all

1.4 查看RKE支持的image
rke config —system-images —all

  1. [root@rmaster01 ~]# rke config --system-images --all
  2. INFO[0000] Generating images list for version [v1.17.9-rancher1-1]: 
  3. rancher/coreos-etcd:v3.4.3-rancher1
  4. rancher/rke-tools:v0.1.59
  5. rancher/k8s-dns-kube-dns:1.15.0
  6. rancher/k8s-dns-dnsmasq-nanny:1.15.0
  7. rancher/k8s-dns-sidecar:1.15.0
  8. rancher/cluster-proportional-autoscaler:1.7.1
  9. rancher/coredns-coredns:1.6.5
  10. rancher/k8s-dns-node-cache:1.15.7
  11. rancher/hyperkube:v1.17.9-rancher1
  12. rancher/coreos-flannel:v0.12.0
  13. rancher/flannel-cni:v0.3.0-rancher6
  14. rancher/calico-node:v3.13.4
  15. rancher/calico-cni:v3.13.4
  16. rancher/calico-kube-controllers:v3.13.4
  17. rancher/calico-ctl:v3.13.4
  18. rancher/calico-pod2daemon-flexvol:v3.13.4
  19. weaveworks/weave-kube:2.6.4
  20. weaveworks/weave-npc:2.6.4
  21. rancher/pause:3.1
  22. rancher/nginx-ingress-controller:nginx-0.32.0-rancher1
  23. rancher/nginx-ingress-controller-defaultbackend:1.5-rancher1
  24. rancher/metrics-server:v0.3.6

2. Docker环境准备
2.1 安装Docker
#定义用户名
NEW_USER=rancher
#添加用户(可选)
sudo adduser $NEW_USER
#为新用户设置密码
echo rancher | sudo passwd $NEW_USER —stdin
#为新用户添加sudo权限
sudo echo “$NEW_USER ALL=(ALL) ALL” >> /etc/sudoers
#卸载旧版本Docker软件
sudo yum remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-selinux \
docker-engine-selinux \
docker-engine \
container*

安装必要的一些系统工具
sudo yum install -y yum-utils device-mapper-persistent-data lvm2 bash-completion
#添加Docker源信息
sudo yum-config-manager —add-repo \ http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

查看docker的版本
yum list docker-ce —showduplicates | sort -r
# 安装docker 19.03.7版本
sudo yum -y install docker-ce-19.03.7-3.el7 docker-ce-cli-19.03.7-3.el7 containerd.io
#把当前用户加入docker组
sudo usermod -aG docker $NEW_USER
#设置开机自启并运行docker服务
sudo systemctl enable —now docker

2.2 锁定Docker版本
# 安装yum-plugin-versionlock插件
yum -y install yum-plugin-versionlock

锁定Docker软件包
yum versionlock add docker-ce-19.03.7-3.el7 docker-ce-cli-19.03.7-3.el7 containerd.io

查看已锁定的软件包
yum versionlock list

解锁指定软件包
yum versionlock delete <软件包名称>

解锁所有软件包
yum versionlock clear

3. 系统内核调优
cat >> /etc/sysctl.d/kubernetes.conf<# 开启路由功能
net.ipv4.ip_forward=1
# 避免cpu资源长期使用率过高导致系统内核锁
kernel.watchdog_thresh=30
# 开启iptables bridge
net.bridge.bridge-nf-call-iptables=1
# 调优ARP高速缓存
net.ipv4.neigh.default.gc_thresh1=4096
net.ipv4.neigh.default.gc_thresh2=6144
net.ipv4.neigh.default.gc_thresh3=8192
EOF
sysctl -p && systemctl restart docker

docker服务所有节点都部署
docker安装脚本

  1. #! /bin/bash
  2. #安装Docker
  3. #定义用户名
  4. NEW_USER=rancher
  5. #添加用户(可选)
  6. sudo adduser $NEW_USER
  7. #为新用户设置密码
  8. echo rancher | sudo passwd $NEW_USER --stdin
  9. #为新用户添加sudo权限
  10. sudo echo "$NEW_USER ALL=(ALL) ALL" >> /etc/sudoers
  11. #安装必要的一些系统工具
  12. sudo yum install vim wget bash-completion lrzsz nmap nc tree htop iftop net-tools -y
  13. sudo yum install -y yum-utils device-mapper-persistent-data  lvm2 bash-completion
  14. #添加Docker源信息
  15. sudo yum-config-manager --add-repo \
  16.     http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
  17. #缓存docker源
  18. sudo yum makecache
  19. #安装docker 19.03.7版本
  20. sudo yum -y install docker-ce-19.03.7-3.el7 docker-ce-cli-19.03.7-3.el7 containerd.io
  21. #把当前用户加入docker组
  22. sudo usermod -aG docker $NEW_USER
  23. #设置开机自启并运行docker服务
  24. sudo systemctl enable --now docker
  25. #安装yum-plugin-versionlock插件
  26. yum -y install yum-plugin-versionlock
  27. #锁定Docker软件包
  28. yum versionlock add docker-ce-19.03.7-3.el7 docker-ce-cli-19.03.7-3.el7 containerd.io
  29. #关闭虚拟内存
  30. swapoff -a
  31. sed -i 's/.*swap.*/#&/' /etc/fstab
  32. #系统内核调优
  33. cat >> /etc/sysctl.d/kubernetes.conf<<EOF
  34. # 开启路由功能
  35. net.ipv4.ip_forward=1
  36. # 避免cpu资源长期使用率过高导致系统内核锁
  37. kernel.watchdog_thresh=30
  38. # 开启iptables bridge
  39. net.bridge.bridge-nf-call-iptables=1
  40. net.bridge.bridge-nf-call-ip6tables = 1
  41. # 调优ARP高速缓存
  42. net.ipv4.neigh.default.gc_thresh1=4096
  43. net.ipv4.neigh.default.gc_thresh2=6144
  44. net.ipv4.neigh.default.gc_thresh3=8192
  45. EOF
  46. sysctl -p && systemctl restart docker
  47. #配置加速器
  49. sudo tee /etc/docker/daemon.json <<-'EOF'
  50. {
  51. "max-concurrent-downloads": 3,
  52. "max-concurrent-uploads": 5,
  53. "registry-mirrors": ["https://0bb06s1q.mirror.aliyuncs.com"],
  54. "storage-driver": "overlay2",
  55. "storage-opts": ["overlay2.override_kernel_check=true"],
  56. "log-driver": "json-file",
  57. "log-opts": {
  58.   "max-size": "100m",
  59.   "max-file": "3"
  60. }
  61. }
  62. EOF
  63. #重启docker
  64. systemctl daemon-reload && systemctl restart docker && systemctl enable docker.service
  65. #查看docker版本信息
  66. sudo docker info

4. 同步/etc/hosts
# Kubernetes cluster demo1
192.168.31.130 rmaster01
192.168.31.131 rmaster02
192.168.31.132 rmaster03
192.168.31.133 node01
192.168.31.134 node02

master01节点操作
5. 配置rancher用户ssh单向无密码访问
# 所有节点执行,注意首先切换为rancher
su - rancher
ssh-keygen -t rsa

在rmaster01配置ssh单向无密码访问
ssh-copy-id rmaster01
ssh-copy-id rmaster02
ssh-copy-id rmaster03
ssh-copy-id node01
ssh-copy-id node02

测试
for i in cat /etc/hosts | grep -v localhost | grep -Ev '^$|#' | awk '{print $2}';do ssh $i hostname;done
**
阿里云配置内网地址

1.生成cluster.yml配置文件

  1. cat << EOF >  cluster.yml
  2. nodes:
  3.   - address: 172.31.53.130
  4.     hostname_override: rmaster01
  5.     internal_address:
  6.     user: rancher
  7.     role: [controlplane,etcd]
  8.   - address: 172.31.53.131
  9.     hostname_override: rmaster02
  10.     internal_address:
  11.     user: rancher
  12.     role: [controlplane,etcd]
  13.   - address: 172.31.53.132
  14.     hostname_override: rmaster03
  15.     internal_address:
  16.     user: rancher
  17.     role: [controlplane,etcd]
  18.   - address: 172.31.53.133
  19.     hostname_override: node01
  20.     internal_address:
  21.     user: rancher
  22.     role: [worker]
  23.   - address: 172.31.53.134
  24.     hostname_override: node02
  25.     internal_address:
  26.     user: rancher
  27.     role: [worker]
  29. # 定义kubernetes版本
  30. kubernetes_version: v1.17.5-rancher1-1
  32. # 如果要使用私有仓库中的镜像,配置以下参数来指定默认私有仓库地址。
  33. #private_registries:
  34. #    - url: registry.com
  35. #      user: Username
  36. #      password: password
  37. #      is_default: true
  39. services:
  40.   etcd:
  41.     # 扩展参数
  42.     extra_args:
  43.       # 240个小时后自动清理磁盘碎片,通过auto-compaction-retention对历史数据压缩后,后端数据库可能会出现内部碎片。内部碎片是指空闲状态的,能被后端使用但是仍然消耗存储空间,碎片整理过程将此存储空间释放回文>件系统
  44.       auto-compaction-retention: 240 #(单位小时)
  45.       # 修改空间配额为6442450944,默认2G,最大8G
  46.       quota-backend-bytes: '6442450944'
  47.     # 自动备份
  48.     snapshot: true
  49.     creation: 5m0s
  50.     retention: 24h
  51.   kubelet:
  52.     extra_args:
  53.       # 支持静态Pod。在主机/etc/kubernetes/目录下创建manifest目录,Pod YAML文件放在/etc/kubernetes/manifest/目录下
  54.       pod-manifest-path: "/etc/kubernetes/manifest/"
  55. # 有几个网络插件可以选择:flannel、canal、calico,Rancher2默认canal
  56. network:
  57.   plugin: canal
  58.   options:
  59.     flannel_backend_type: "vxlan"
  60. # 可以设置provider: none来禁用ingress controller
  61. ingress:
  62.   provider: nginx
  63.   node_selector:
  64.     app: ingress
  65. EOF

查看RKE支持的Kubernetes版本
rke config —list-version —all

2. 部署kubernetes集群
rke up —config ./cluster.yml

3. kube配置文件
4.1 下载kubectl工具
访问: https://docs.rancher.cn/rancher2x/install-prepare/download/kubernetes.html 查询kubectl下载的版本
wget http://rancher-mirror.cnrancher.com/kubectl/v1.17.5/linux-amd64-v1.17.5-kubectl
chmod +x linux-amd64-v1.17.5-kubectl && sudo mv linux-amd64-v1.17.5-kubectl /usr/bin/kubectl

配置用户文件
mkdir ~/.kube
cp /home/rancher/kube_config_cluster.yml ~/.kube/config

4. kubectl 自动补全
# 将kubectl自动补全添加到配置文件中,可以在以后的shell中自动加载它
echo “source <(kubectl completion bash)” >> ~/.bashrc

若要将kubectl自动补全添加到当前shell
source <(kubectl completion bash)

image.png

helm 安装rancher

  1. [rancher@rmaster01 ~]$ kubectl create namespace cattle-system
  2. namespace "cattle-system" created
  3. [rancher@rmaster01 ~]$ kubectl get ns
  4. NAME              STATUS    AGE
  5. cattle-system     Active    5s
  6. default           Active    23m
  7. ingress-nginx     Active    22m
  8. kube-node-lease   Active    23m
  9. kube-public       Active    23m
  10. kube-system       Active    23m
  11. [rancher@rmaster01 ~]$ ll
  12. total 122456
  13. -rw-r----- 1 rancher rancher   119466 May  7 09:10 cluster.rkestate
  14. -rw-rw-r-- 1 rancher rancher      561 May  7 09:07 cluster.yaml
  15. -rw-rw-r-- 1 rancher rancher 12925372 Apr 23 00:20 helm-v3.2.0-linux-amd64.tar.gz
  16. -rw-r----- 1 rancher rancher     5385 May  7 09:08 kube_config_cluster.yaml
  17. drwxr-xr-x 2 rancher rancher     4096 Apr 23 00:19 linux-amd64
  18. -rw-rw-r-- 1 rancher rancher 72497289 Apr 30 19:04 linux-amd64-v1.7.16-kubectl
  19. -rw-rw-r-- 1 rancher rancher     4798 Apr 30 19:13 rancher-2.3.6.tgz
  20. -rwxrwxr-x 1 rancher rancher 39818473 May  6 17:22 rke_linux-amd64
  21. [rancher@rmaster01 ~]$ tar xf rancher-2.3.6.tgz 
  22. [rancher@rmaster01 ~]$ 
  23. [rancher@rmaster01 ~]$ ll
  24. total 122460
  25. -rw-r----- 1 rancher rancher   119466 May  7 09:10 cluster.rkestate
  26. -rw-rw-r-- 1 rancher rancher      561 May  7 09:07 cluster.yaml
  27. -rw-rw-r-- 1 rancher rancher 12925372 Apr 23 00:20 helm-v3.2.0-linux-amd64.tar.gz
  28. -rw-r----- 1 rancher rancher     5385 May  7 09:08 kube_config_cluster.yaml
  29. drwxr-xr-x 2 rancher rancher     4096 Apr 23 00:19 linux-amd64
  30. -rw-rw-r-- 1 rancher rancher 72497289 Apr 30 19:04 linux-amd64-v1.7.16-kubectl
  31. drwxrwxr-x 3 rancher rancher     4096 May  7 09:35 rancher
  32. -rw-rw-r-- 1 rancher rancher     4798 Apr 30 19:13 rancher-2.3.6.tgz
  33. -rwxrwxr-x 1 rancher rancher 39818473 May  6 17:22 rke_linux-amd64
  34. [rancher@rmaster01 ~]$ 
  35. [rancher@rmaster01 ~]$ helm install rancher rancher/   --namespace cattle-system --set rancherImage=cnrancher/rancher --set service.type=NodePort --set service.ports.nodePort=30001 --set tls=internal --set privateCA=true
  36. NAME: rancher
  37. LAST DEPLOYED: Thu May  7 09:35:56 2020
  38. NAMESPACE: cattle-system
  39. STATUS: deployed
  40. REVISION: 1
  41. TEST SUITE: None
  42. NOTES:
  43. Rancher Server has been installed.
  45. NOTE: Rancher may take several minutes to fully initialize. Please standby while Certificates are being issued and Ingress comes up.
  47. Check out our docs at https://rancher.com/docs/rancher/v2.x/en/
  49. Browse to https://
  51. Happy Containering!
  52. [rancher@rmaster01 ~]$ kubectl get pod 
  53. No resources found.
  54. [rancher@rmaster01 ~]$ kubectl get pod -n cattle-system 
  55. NAME                       READY     STATUS              RESTARTS   AGE
  56. rancher-5dd7f7dd8b-2twc7   0/1       ContainerCreating   0          27s
  57. rancher-5dd7f7dd8b-4ks6m   0/1       ContainerCreating   0          27s
  58. rancher-5dd7f7dd8b-xdxbl   0/1       ContainerCreating   0          27s