43 使用rancher快速搭建kubernetes环境.md - xiaoxin01/Blog GitHub Wiki
本文介绍如何在ubuntu环境下使用rancher快速搭建kubernetes环境
kubernetes环境需先在server集群安装好docker,安装docker有两种方式:
- ssh到每台server上执行命令:
curl -fsSL https://get.docker.com -o get-docker.sh && sudo sh get-docker.sh- 通过docker-machine安装
Linux安装docker-machine方法:
base=https://github.com/docker/machine/releases/download/v0.14.0 &&
curl -L $base/docker-machine-$(uname -s)-$(uname -m) >/tmp/docker-machine &&
sudo install /tmp/docker-machine /usr/local/bin/docker-machine
参考:
ssh-keygen -t rsa
ssh-copy-id your-server-namesudo su
visodu
在 # Allow members of group sudo to execute any command下面添加
your-user-name ALL=(ALL) NOPASSWD:ALL
docker-machine create --driver generic --generic-ip-address=your-server-ip --generic-ssh-user=your-user-name your-server-name
sudo usermod -aG docker your-user-name
- 创建 nginx Load Balancer
配置文件:nginx.conf
worker_processes 4;
worker_rlimit_nofile 40000;
events {
worker_connections 8192;
}
http {
server {
listen 80;
return 301 https://$host$request_uri;
}
}
stream {
upstream rancher_servers {
least_conn;
server IP_NODE_1:443 max_fails=3 fail_timeout=5s;
server IP_NODE_2:443 max_fails=3 fail_timeout=5s;
server IP_NODE_3:443 max_fails=3 fail_timeout=5s;
}
server {
listen 443;
proxy_pass rancher_servers;
}
}
使用docker启动:
docker run -d --restart=unless-stopped \
--name=rancher-nginx \
-p 80:80 -p 443:443 \
-v ~/nginx/nginx.conf:/etc/nginx/nginx.conf \
nginx
- 配置 dns 解析
配置dns解析,比如 rancher.supperxin.com,到 LB 的 IP地址
- 下载 rancher
wget https://github.com/rancher/rke/releases/download/v0.1.9/rke_linux-amd64
chmod +x rke_linux-amd64
- 下载 rke 配置模板
wget https://raw.githubusercontent.com/rancher/rancher/e9d29b3f3b9673421961c68adf0516807d1317eb/rke-templates/3-node-certificate.yml
mv 3-node-certificate.yml rancher-cluster.yml
- 修改配置中的节点信息
下面的示例配置配置了2个主节点,4个工作节点
nodes:
- address: 172.21.145.122
user: srv_search
role: [controlplane,etcd,worker]
ssh_key_path: ~/.ssh/id_rsa
- address: 172.21.145.123
user: srv_search
role: [controlplane,etcd,worker]
ssh_key_path: ~/.ssh/id_rsa
- address: 172.21.145.124
user: srv_search
role: [worker]
ssh_key_path: ~/.ssh/id_rsa
- address: 172.21.145.125
user: srv_search
role: [worker]
ssh_key_path: ~/.ssh/id_rsa
- 创建自签名证书
docker run -v $PWD/certs:/certs \
-e SSL_SUBJECT=rancher.supperxin.com \
-e SSL_DNS=rancher.supperxin.com \
-e SSL_IP=10.0.0.1 \
-e K8S_SAVE_CA_CRT=true \
-e K8S_NAME=cattle-keys-ingress \
-e K8S_NAMESPACE=cattle-system \
paulczar/omgwtfssl
- 修改配置中的证书信息
需要将证书内容用base64编码,需要用到的证书文件为:
- cert.pem --> tls.crt
- ca.pem --> tls.key
- key.pem --> cacerts.pem
编码指令:
cat cert.pem | base64 -w0
- 修改配置中的FQDN
替换为 DNS 名称
-
启动 rancher 配置 kubernetes 集群
./rke_linux-amd64 up --config rancher-cluster.yml
如果报错:
FATA[0000] Unsupported Docker version found [18.06.0-ce], supported versions are [1.11.x 1.12.x 1.13.x 17.03.x]
则在配置文件中添加忽略docker版本之后再启动:
# If set to true, RKE will not fail when unsupported Docker version are found
ignore_docker_version: true
ubuntu 执行如下命令安装 kubectl:
sudo apt-get update && sudo apt-get install -y apt-transport-https
curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -
sudo touch /etc/apt/sources.list.d/kubernetes.list
echo "deb http://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee -a /etc/apt/sources.list.d/kubernetes.list
sudo apt-get update
sudo apt-get install -y kubectl登录 rancher 控制台,在默认的 local cluster 页面,点击 “kubeconfig file”,可以看到该集群的配置文件,类似:
apiVersion: v1
kind: Config
clusters:
- name: "local"
cluster:
server: "xxxx"
api-version: v1
certificate-authority-data: "xxxx"
users:
- name: "xxxx"
user:
token: "xxxx"
contexts:
- name: "local"
context:
user: "xxxx"
cluster: "local"
current-context: "local"将其内容复制到文件 ~/.kube/config ,然后就可以用 kubectl 获取集群信息了。