################## Rancher v2.1.7 + Kubernetes 1.13.4 ################
####################### 以下為聲明 #####################
此文檔是在兩台機上進行的實踐,kubernetes處於不斷開發階段
不能保證每個步驟都能准確到同步開發進度,所以如果安裝部署過程中有問題請盡量google
按照下面步驟能得到什么?
1.兩台主機之一會作為Rancher的server,另外一台作為Rancher Server的node節點添加進Rancher Server,得到安裝好的Rancher,並以Rancher UI進行呈現
2.作為node節點的主機會被安裝kubernetes,並以kubernetes dashboard的方式呈現
3.將建立一個登陸賬號登陸kubernetes dashboard 並解決kubernetes dashboard token超時的問題
4.部署測試pod 和 container,(以nginx為例)
5,認識Rancher和kubernetes,知道其長什么樣子能做什么工作。
6.此文不做生產環境使用,如果使用到生產環境,責任自負。只作為學習Rancher和kubernetes使用,由於時間關系,文中有錯誤的地方歡迎指正交流。
7.此文分為三部分:
CentOS7安裝Rancher2.0並部署kubernetes (一)---部署Rancher
CentOS7安裝Rancher2.0並部署kubernetes (二)---部署kubernetes
CentOS7安裝Rancher2.0並部署kubernetes (三)---解決登錄kubernets超時和部署測試Pod和Containter[nginx為例]
############################## 下面為文檔正文 #####################################
主機環境(兩台VM都能上外網):
VM主機名1:rancher 主要用來安裝rancher部署工具
VM主機名2:node01 主要用來安裝kubernetes容器編排管理工具
VM1-IP: 192.168.0.166/24
VM2-IP: 192.168.0.167/24
以下的操作在兩台機器上都要執行
【關閉selinux】
setenforce 0 sudo sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config systemctl stop firewalld.service && systemctl disable firewalld.service
【主機時間,時區,系統語言】
ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime sudo echo 'LANG="en_US.UTF-8"' >> /etc/profile;source /etc/profile
【OS版本】
[root@rancher ~]# cat /etc/redhat-release CentOS Linux release 7.6.1810 (Core) [root@node01 ~]# cat /etc/redhat-release CentOS Linux release 7.6.1810 (Core)
【/etc/hosts文件】
因為K8S的規定,主機名只支持包含 - 和 .(中橫線和點)兩種特殊符號,並且主機名不能出現重復
[root@rancher ~]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.0.166 rancher 192.168.0.167 node01 --- [root@node01 ~]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.0.166 rancher 192.168.0.167 node01
【兩台VM時間同步使用chronyd】
主機rancher為chronyd server 配置文件/etc/chrony.conf如下:
driftfile /var/lib/chrony/drift makestep 1.0 3 rtcsync allow 192.168.0.167/16 local stratum 8 logdir /var/log/chrony
---
主機node01為chronyd client 配置文件/etc/chrony.conf如下:
server rancher iburst driftfile /var/lib/chrony/drift makestep 1.0 3 rtcsync allow 192.168.0.166/24 local stratum 9 logdir /var/log/chrony
[root@rancher ~]# chronyc sources -v 210 Number of sources = 0 .-- Source mode '^' = server, '=' = peer, '#' = local clock. / .- Source state '*' = current synced, '+' = combined , '-' = not combined, | / '?' = unreachable, 'x' = time may be in error, '~' = time too variable. || .- xxxx [ yyyy ] +/- zzzz || Reachability register (octal) -. | xxxx = adjusted offset, || Log2(Polling interval) --. | | yyyy = measured offset, || \ | | zzzz = estimated error. || | | \ MS Name/IP address Stratum Poll Reach LastRx Last sample ===============================================================================
---
[root@node01 ~]# chronyc sources -v 210 Number of sources = 1 .-- Source mode '^' = server, '=' = peer, '#' = local clock. / .- Source state '*' = current synced, '+' = combined , '-' = not combined, | / '?' = unreachable, 'x' = time may be in error, '~' = time too variable. || .- xxxx [ yyyy ] +/- zzzz || Reachability register (octal) -. | xxxx = adjusted offset, || Log2(Polling interval) --. | | yyyy = measured offset, || \ | | zzzz = estimated error. || | | \ MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^* rancher 8 10 377 592 -190us[ -192us] +/- 496us
【性能調優】
cat >> /etc/sysctl.conf<<EOF net.ipv4.ip_forward=1 net.bridge.bridge-nf-call-iptables=1 net.ipv4.neigh.default.gc_thresh1=4096 net.ipv4.neigh.default.gc_thresh2=6144 net.ipv4.neigh.default.gc_thresh3=8192 EOF
sysctl -p
【添加模塊】
[root@rancher ~]# cat add_mod.sh
#!/bin/sh
mods=(
br_netfilter
ip6_udp_tunnel
ip_set
ip_set_hash_ip
ip_set_hash_net
iptable_filter
iptable_nat
iptable_mangle
iptable_raw
nf_conntrack_netlink
nf_conntrack
nf_conntrack_ipv4
nf_defrag_ipv4
nf_nat
nf_nat_ipv4
nf_nat_masquerade_ipv4
nfnetlink
udp_tunnel
VETH
VXLAN
x_tables
xt_addrtype
xt_conntrack
xt_comment
xt_mark
xt_multiport
xt_nat
xt_recent
xt_set
xt_statistic
xt_tcpudp
)
for mod in ${mods[@]};do
modprobe $mod
lsmod |grep $mod
done
chmod a+x add_mod.sh ./add_mod.sh
【Docker-ce安裝】
sudo cp /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.bak
cat > /etc/yum.repos.d/CentOS-Base.repo << EOF [base] name=CentOS-$releasever - Base - mirrors.aliyun.com failovermethod=priority baseurl=http://mirrors.aliyun.com/centos/$releasever/os/$basearch/ http://mirrors.aliyuncs.com/centos/$releasever/os/$basearch/ http://mirrors.cloud.aliyuncs.com/centos/$releasever/os/$basearch/ gpgcheck=1 gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7 #released updates [updates] name=CentOS-$releasever - Updates - mirrors.aliyun.com failovermethod=priority baseurl=http://mirrors.aliyun.com/centos/$releasever/updates/$basearch/ http://mirrors.aliyuncs.com/centos/$releasever/updates/$basearch/ http://mirrors.cloud.aliyuncs.com/centos/$releasever/updates/$basearch/ gpgcheck=1 gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7 #additional packages that may be useful [extras] name=CentOS-$releasever - Extras - mirrors.aliyun.com failovermethod=priority baseurl=http://mirrors.aliyun.com/centos/$releasever/extras/$basearch/ http://mirrors.aliyuncs.com/centos/$releasever/extras/$basearch/ http://mirrors.cloud.aliyuncs.com/centos/$releasever/extras/$basearch/ gpgcheck=1 gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7 #additional packages that extend functionality of existing packages [centosplus] name=CentOS-$releasever - Plus - mirrors.aliyun.com failovermethod=priority baseurl=http://mirrors.aliyun.com/centos/$releasever/centosplus/$basearch/ http://mirrors.aliyuncs.com/centos/$releasever/centosplus/$basearch/ http://mirrors.cloud.aliyuncs.com/centos/$releasever/centosplus/$basearch/ gpgcheck=1 enabled=0 gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7 #contrib - packages by Centos Users [contrib] name=CentOS-$releasever - Contrib - mirrors.aliyun.com failovermethod=priority baseurl=http://mirrors.aliyun.com/centos/$releasever/contrib/$basearch/ http://mirrors.aliyuncs.com/centos/$releasever/contrib/$basearch/ http://mirrors.cloud.aliyuncs.com/centos/$releasever/contrib/$basearch/ gpgcheck=1 enabled=0 gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7 EOF
---
注意事項:
因為CentOS的安全限制,通過RKE安裝K8S集群時候無法使用root賬戶。所以,建議CentOS用戶使用非root用戶來運行docker,不管是RKE還是custom安裝k8s,詳情查看無法為主機配置SSH隧道,詳情請參考
https://www.cnrancher.com/docs/rancher/v2.x/cn/faq/troubleshooting-ha/ssh-tunneling/。
###添加用戶
###本文設置<new_user>=dockerli
sudo adduser `<new_user>`# 為新用戶設置密碼
sudo passwd `<new_user>`# 為新用戶添加sudo權限
sudo echo '<new_user> ALL=(ALL) ALL' >> /etc/sudoers
# 卸載舊版本Docker軟件
sudo yum remove docker \ docker-client \ docker-client-latest \ docker-common \ docker-latest \ docker-latest-logrotate \ docker-logrotate \ docker-selinux \ docker-engine-selinux \ docker-engine \ container*
# 定義安裝版本
export docker_version=17.03.2
# step 1: 安裝必要的一些系統工具
sudo yum update -y sudo yum install -y yum-utils device-mapper-persistent-data lvm2 bash-completion
# Step 2: 添加軟件源信息
sudo yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
# Step 3: 更新並安裝 Docker-CE ,Docker-Engine Docker官方已經不推薦使用,請安裝Docker-CE
sudo yum makecache all
version=$(yum list docker-ce.x86_64 --showduplicates | sort -r|grep ${docker_version}|awk '{print $2}')
sudo yum -y install --setopt=obsoletes=0 docker-ce-${version} docker-ce-selinux-${version}# 如果已經安裝高版本Docker,可進行降級安裝(可選)
yum downgrade --setopt=obsoletes=0 -y docker-ce-${version} docker-ce-selinux-${version}# 把當前用戶加入docker組
sudo usermod -aG docker `<new_user>`# 設置開機啟動
sudo systemctl enable docker
【docker配置】
創建文件:
/etc/docker/daemon.json
[root@rancher ~]# cat /etc/docker/daemon.json
{
"registry-mirrors": ["https://7bezldxe.mirror.aliyuncs.com/"],
"max-concurrent-downloads": 3,
"max-concurrent-uploads": 5,
"storage-driver": "overlay2",
"storage-opts": ["overlay2.override_kernel_check=true"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m",
"max-file": "3"
}
}
---
[root@node01 ~]# cat /etc/docker/daemon.json
{
"registry-mirrors": ["https://7bezldxe.mirror.aliyuncs.com/"],
"max-concurrent-downloads": 3,
"max-concurrent-uploads": 5,
"storage-driver": "overlay2",
"storage-opts": ["overlay2.override_kernel_check=true"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m",
"max-file": "3"
}
}
###詳細解釋docker配置注意事項
對於通過systemd來管理服務的系統(比如CentOS7.X), Docker有兩處可以配置參數:
一個是docker.service服務配置文件,一個是Docker daemon配置文件daemon.json
1. docker.service
對於CentOS系統,docker.service默認位於/usr/lib/systemd/system/docker.service;
對於Ubuntu系統,docker.service默認位於/lib/systemd/system/docker.service
2. daemon.json
daemon.json默認位於/etc/docker/daemon.json,如果沒有可手動創建,基於systemd管理的系統都是相同的路徑。通過修改daemon.json來改過Docker配置,也是Docker官方推薦的方法。
###以下說明均基於systemd,並通過/etc/docker/daemon.json來修改配置
#配置鏡像下載和上傳並發數#
"max-concurrent-downloads": 3, "max-concurrent-uploads": 5
#配置鏡像加速地址#
Rancher從v1.6.15開始到v2.x.x,Rancher系統相關的所有鏡像(包括1.6.x上的K8S鏡像)都托管在Dockerhub倉庫。Dockerhub節點在國外,國內直接拉取鏡像會有些緩慢。為了加速鏡像的下載,可以給Docker配置國內的鏡像地址,可以設置多個registry-mirrors地址,以數組形式書寫,地址需要添加協議頭(https或者http)
{
"registry-mirrors": ["https://7bezldxe.mirror.aliyuncs.com/","https://IP:PORT/"]
}
#(option)配置insecure-registries私有倉庫#
Docker默認只信任TLS加密的倉庫地址(https),所有非https倉庫默認無法登陸也無法拉取鏡像。insecure-registries字面意思為不安全的倉庫,通過添加這個參數對非https倉庫進行授信。可以設置多個insecure-registries地址,以數組形式書寫,地址不能添加協議頭(http)
{
"insecure-registries": ["192.168.1.100","IP:PORT"]
}
#配置Docker存儲驅動#
OverlayFS是一個新一代的聯合文件系統,類似於AUFS,但速度更快,實現更簡單。Docker為OverlayFS提供了兩個存儲驅動程序:舊版的overlay,新版的overlay2(更穩定)。
先決條件:
* overlay2: Linux內核版本4.0或更高版本,或使用內核版本3.10.0-514+的RHEL或CentOS。
* overlay: 主機Linux內核版本3.18+
* 支持的磁盤文件系統
ext4(僅限RHEL 7.1)
xfs(RHEL7.2及更高版本),需要啟用d_type=true。 >具體詳情參考 Docker Use the OverlayFS storage driver
{
"storage-driver": "overlay2",
"storage-opts": ["overlay2.override_kernel_check=true"]
}
#配置日志驅動#
{
"log-driver": "json-file",
"log-opts": {
"max-size": "100m",
"max-file": "3"
}
}
通過以上配置/etc/docker/daemon.json后重新啟動docker
[root@rancher ~]# docker version Client: Version: 17.03.2-ce API version: 1.27 Go version: go1.7.5 Git commit: f5ec1e2 Built: Tue Jun 27 02:21:36 2017 OS/Arch: linux/amd64 Server: Version: 17.03.2-ce API version: 1.27 (minimum version 1.12) Go version: go1.7.5 Git commit: f5ec1e2 Built: Tue Jun 27 02:21:36 2017 OS/Arch: linux/amd64 Experimental: false --- [root@node01 ~]# cat /etc/redhat-release CentOS Linux release 7.6.1810 (Core) [root@node01 ~]# docker version Client: Version: 17.03.2-ce API version: 1.27 Go version: go1.7.5 Git commit: f5ec1e2 Built: Tue Jun 27 02:21:36 2017 OS/Arch: linux/amd64 Server: Version: 17.03.2-ce API version: 1.27 (minimum version 1.12) Go version: go1.7.5 Git commit: f5ec1e2 Built: Tue Jun 27 02:21:36 2017 OS/Arch: linux/amd64 Experimental: false
【運行Rancher Server】
sudo docker run -d --restart=unless-stopped -p 80:80 -p 443:443 rancher/rancher:stable
Rancher Server容器啟動很快速,不到一分鍾你就可以通過https://訪問Rancher UI。
一旦Rancher Server成功安裝,用戶界面將指導你添加第一個集群
【打開rancher dashboard】
在瀏覽器運行:
https://192.168.0.166/login
根據提示設置用戶名/密碼
這里我設置的為admin/123456
--- 內容直達電梯
CentOS7安裝Rancher2.0並部署kubernetes (一)---部署Rancher
CentOS7安裝Rancher2.0並部署kubernetes (二)---部署kubernetes
CentOS7安裝Rancher2.0並部署kubernetes (三)---解決登錄kubernets超時和部署測試Pod和Containter[nginx為例]
-------
參考文檔:
https://www.cnrancher.com/docs/rancher/v2.x/cn/install-prepare/basic-environment-configuration/