[原]CentOS7安装Rancher2.1并部署kubernetes (一)---部署Rancher
################## Rancher v2.1.7 + Kubernetes 1.13.4 ################
####################### 以下为声明 #####################
此文档是在两台机上进行的实践,kubernetes处于不断开发阶段
不能保证每个步骤都能准确到同步开发进度,所以如果安装部署过程中有问题请尽量google
按照下面步骤能得到什么?
1.两台主机之一会作为Rancher的server,另外一台作为Rancher Server的node节点添加进Rancher Server,得到安装好的Rancher,并以Rancher UI进行呈现
2.作为node节点的主机会被安装kubernetes,并以kubernetes dashboard的方式呈现
3.将建立一个登陆账号登陆kubernetes dashboard 并解决kubernetes dashboard token超时的问题
4.部署测试pod 和 container,(以nginx为例)
5,认识Rancher和kubernetes,知道其长什么样子能做什么工作。
6.此文不做生产环境使用,如果使用到生产环境,责任自负。只作为学习Rancher和kubernetes使用,由于时间关系,文中有错误的地方欢迎指正交流。
7.此文分为三部分:
CentOS7安装Rancher2.0并部署kubernetes (一)---部署Rancher
CentOS7安装Rancher2.0并部署kubernetes (二)---部署kubernetes
CentOS7安装Rancher2.0并部署kubernetes (三)---解决登录kubernets超时和部署测试Pod和Containter[nginx为例]
############################## 下面为文档正文 #####################################
主机环境(两台VM都能上外网):
VM主机名1:rancher 主要用来安装rancher部署工具
VM主机名2:node01 主要用来安装kubernetes容器编排管理工具
VM1-IP: 192.168.0.166/24
VM2-IP: 192.168.0.167/24
以下的操作在两台机器上都要执行
【关闭selinux】
setenforce 0 sudo sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config systemctl stop firewalld.service && systemctl disable firewalld.service
【主机时间,时区,系统语言】
ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime sudo echo 'LANG="en_US.UTF-8"' >> /etc/profile;source /etc/profile
【OS版本】
[root@rancher ~]# cat /etc/redhat-release CentOS Linux release 7.6.1810 (Core) [root@node01 ~]# cat /etc/redhat-release CentOS Linux release 7.6.1810 (Core)
【/etc/hosts文件】
因为K8S的规定,主机名只支持包含 - 和 .(中横线和点)两种特殊符号,并且主机名不能出现重复
[root@rancher ~]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.0.166 rancher 192.168.0.167 node01 --- [root@node01 ~]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.0.166 rancher 192.168.0.167 node01
【两台VM时间同步使用chronyd】
主机rancher为chronyd server 配置文件/etc/chrony.conf如下:
driftfile /var/lib/chrony/drift makestep 1.0 3 rtcsync allow 192.168.0.167/16 local stratum 8 logdir /var/log/chrony
---
主机node01为chronyd client 配置文件/etc/chrony.conf如下:
server rancher iburst driftfile /var/lib/chrony/drift makestep 1.0 3 rtcsync allow 192.168.0.166/24 local stratum 9 logdir /var/log/chrony
[root@rancher ~]# chronyc sources -v 210 Number of sources = 0 .-- Source mode '^' = server, '=' = peer, '#' = local clock. / .- Source state '*' = current synced, '+' = combined , '-' = not combined, | / '?' = unreachable, 'x' = time may be in error, '~' = time too variable. || .- xxxx [ yyyy ] +/- zzzz || Reachability register (octal) -. | xxxx = adjusted offset, || Log2(Polling interval) --. | | yyyy = measured offset, || \ | | zzzz = estimated error. || | | \ MS Name/IP address Stratum Poll Reach LastRx Last sample ===============================================================================
---
[root@node01 ~]# chronyc sources -v 210 Number of sources = 1 .-- Source mode '^' = server, '=' = peer, '#' = local clock. / .- Source state '*' = current synced, '+' = combined , '-' = not combined, | / '?' = unreachable, 'x' = time may be in error, '~' = time too variable. || .- xxxx [ yyyy ] +/- zzzz || Reachability register (octal) -. | xxxx = adjusted offset, || Log2(Polling interval) --. | | yyyy = measured offset, || \ | | zzzz = estimated error. || | | \ MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^* rancher 8 10 377 592 -190us[ -192us] +/- 496us
【性能调优】
cat >> /etc/sysctl.conf<<EOF net.ipv4.ip_forward=1 net.bridge.bridge-nf-call-iptables=1 net.ipv4.neigh.default.gc_thresh1=4096 net.ipv4.neigh.default.gc_thresh2=6144 net.ipv4.neigh.default.gc_thresh3=8192 EOF
sysctl -p
【添加模块】
[root@rancher ~]# cat add_mod.sh
#!/bin/sh
mods=(
br_netfilter
ip6_udp_tunnel
ip_set
ip_set_hash_ip
ip_set_hash_net
iptable_filter
iptable_nat
iptable_mangle
iptable_raw
nf_conntrack_netlink
nf_conntrack
nf_conntrack_ipv4
nf_defrag_ipv4
nf_nat
nf_nat_ipv4
nf_nat_masquerade_ipv4
nfnetlink
udp_tunnel
VETH
VXLAN
x_tables
xt_addrtype
xt_conntrack
xt_comment
xt_mark
xt_multiport
xt_nat
xt_recent
xt_set
xt_statistic
xt_tcpudp
)
for mod in ${mods[@]};do
modprobe $mod
lsmod |grep $mod
done
chmod a+x add_mod.sh ./add_mod.sh
【Docker-ce安装】
sudo cp /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.bak
cat > /etc/yum.repos.d/CentOS-Base.repo << EOF [base] name=CentOS-$releasever - Base - mirrors.aliyun.com failovermethod=priority baseurl=http://mirrors.aliyun.com/centos/$releasever/os/$basearch/ http://mirrors.aliyuncs.com/centos/$releasever/os/$basearch/ http://mirrors.cloud.aliyuncs.com/centos/$releasever/os/$basearch/ gpgcheck=1 gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7 #released updates [updates] name=CentOS-$releasever - Updates - mirrors.aliyun.com failovermethod=priority baseurl=http://mirrors.aliyun.com/centos/$releasever/updates/$basearch/ http://mirrors.aliyuncs.com/centos/$releasever/updates/$basearch/ http://mirrors.cloud.aliyuncs.com/centos/$releasever/updates/$basearch/ gpgcheck=1 gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7 #additional packages that may be useful [extras] name=CentOS-$releasever - Extras - mirrors.aliyun.com failovermethod=priority baseurl=http://mirrors.aliyun.com/centos/$releasever/extras/$basearch/ http://mirrors.aliyuncs.com/centos/$releasever/extras/$basearch/ http://mirrors.cloud.aliyuncs.com/centos/$releasever/extras/$basearch/ gpgcheck=1 gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7 #additional packages that extend functionality of existing packages [centosplus] name=CentOS-$releasever - Plus - mirrors.aliyun.com failovermethod=priority baseurl=http://mirrors.aliyun.com/centos/$releasever/centosplus/$basearch/ http://mirrors.aliyuncs.com/centos/$releasever/centosplus/$basearch/ http://mirrors.cloud.aliyuncs.com/centos/$releasever/centosplus/$basearch/ gpgcheck=1 enabled=0 gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7 #contrib - packages by Centos Users [contrib] name=CentOS-$releasever - Contrib - mirrors.aliyun.com failovermethod=priority baseurl=http://mirrors.aliyun.com/centos/$releasever/contrib/$basearch/ http://mirrors.aliyuncs.com/centos/$releasever/contrib/$basearch/ http://mirrors.cloud.aliyuncs.com/centos/$releasever/contrib/$basearch/ gpgcheck=1 enabled=0 gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7 EOF
---
注意事项:
因为CentOS的安全限制,通过RKE安装K8S集群时候无法使用root账户。所以,建议CentOS用户使用非root用户来运行docker,不管是RKE还是custom安装k8s,详情查看无法为主机配置SSH隧道,详情请参考https://www.cnrancher.com/docs/rancher/v2.x/cn/faq/troubleshooting-ha/ssh-tunneling/。
###添加用户
###本文设置<new_user>=dockerli
sudo adduser `<new_user>`# 为新用户设置密码
sudo passwd `<new_user>`# 为新用户添加sudo权限
sudo echo '<new_user> ALL=(ALL) ALL' >> /etc/sudoers
# 卸载旧版本Docker软件
sudo yum remove docker \ docker-client \ docker-client-latest \ docker-common \ docker-latest \ docker-latest-logrotate \ docker-logrotate \ docker-selinux \ docker-engine-selinux \ docker-engine \ container*
# 定义安装版本
export docker_version=17.03.2
# step 1: 安装必要的一些系统工具
sudo yum update -y sudo yum install -y yum-utils device-mapper-persistent-data lvm2 bash-completion
# Step 2: 添加软件源信息
sudo yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
# Step 3: 更新并安装 Docker-CE ,Docker-Engine Docker官方已经不推荐使用,请安装Docker-CE
sudo yum makecache all
version=$(yum list docker-ce.x86_64 --showduplicates | sort -r|grep ${docker_version}|awk '{print $2}')
sudo yum -y install --setopt=obsoletes=0 docker-ce-${version} docker-ce-selinux-${version}# 如果已经安装高版本Docker,可进行降级安装(可选)
yum downgrade --setopt=obsoletes=0 -y docker-ce-${version} docker-ce-selinux-${version}# 把当前用户加入docker组
sudo usermod -aG docker `<new_user>`# 设置开机启动
sudo systemctl enable docker
【docker配置】
创建文件:/etc/docker/daemon.json
[root@rancher ~]# cat /etc/docker/daemon.json
{
"registry-mirrors": ["https://7bezldxe.mirror.aliyuncs.com/"],
"max-concurrent-downloads": 3,
"max-concurrent-uploads": 5,
"storage-driver": "overlay2",
"storage-opts": ["overlay2.override_kernel_check=true"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m",
"max-file": "3"
}
}
---
[root@node01 ~]# cat /etc/docker/daemon.json
{
"registry-mirrors": ["https://7bezldxe.mirror.aliyuncs.com/"],
"max-concurrent-downloads": 3,
"max-concurrent-uploads": 5,
"storage-driver": "overlay2",
"storage-opts": ["overlay2.override_kernel_check=true"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m",
"max-file": "3"
}
}
###详细解释docker配置注意事项
对于通过systemd来管理服务的系统(比如CentOS7.X), Docker有两处可以配置参数:
一个是docker.service服务配置文件,一个是Docker daemon配置文件daemon.json
1. docker.service
对于CentOS系统,docker.service默认位于/usr/lib/systemd/system/docker.service;
对于Ubuntu系统,docker.service默认位于/lib/systemd/system/docker.service
2. daemon.json
daemon.json默认位于/etc/docker/daemon.json,如果没有可手动创建,基于systemd管理的系统都是相同的路径。通过修改daemon.json来改过Docker配置,也是Docker官方推荐的方法。
###以下说明均基于systemd,并通过/etc/docker/daemon.json来修改配置
#配置镜像下载和上传并发数#
"max-concurrent-downloads": 3, "max-concurrent-uploads": 5
#配置镜像加速地址#
Rancher从v1.6.15开始到v2.x.x,Rancher系统相关的所有镜像(包括1.6.x上的K8S镜像)都托管在Dockerhub仓库。Dockerhub节点在国外,国内直接拉取镜像会有些缓慢。为了加速镜像的下载,可以给Docker配置国内的镜像地址,可以设置多个registry-mirrors地址,以数组形式书写,地址需要添加协议头(https或者http)
{
"registry-mirrors": ["https://7bezldxe.mirror.aliyuncs.com/","https://IP:PORT/"]
}
#(option)配置insecure-registries私有仓库#
Docker默认只信任TLS加密的仓库地址(https),所有非https仓库默认无法登陆也无法拉取镜像。insecure-registries字面意思为不安全的仓库,通过添加这个参数对非https仓库进行授信。可以设置多个insecure-registries地址,以数组形式书写,地址不能添加协议头(http)
{
"insecure-registries": ["192.168.1.100","IP:PORT"]
}
#配置Docker存储驱动#
OverlayFS是一个新一代的联合文件系统,类似于AUFS,但速度更快,实现更简单。Docker为OverlayFS提供了两个存储驱动程序:旧版的overlay,新版的overlay2(更稳定)。
先决条件:
* overlay2: Linux内核版本4.0或更高版本,或使用内核版本3.10.0-514+的RHEL或CentOS。
* overlay: 主机Linux内核版本3.18+
* 支持的磁盘文件系统
ext4(仅限RHEL 7.1)
xfs(RHEL7.2及更高版本),需要启用d_type=true。 >具体详情参考 Docker Use the OverlayFS storage driver
{
"storage-driver": "overlay2",
"storage-opts": ["overlay2.override_kernel_check=true"]
}
#配置日志驱动#
{
"log-driver": "json-file",
"log-opts": {
"max-size": "100m",
"max-file": "3"
}
}
通过以上配置/etc/docker/daemon.json后重新启动docker
[root@rancher ~]# docker version Client: Version: 17.03.2-ce API version: 1.27 Go version: go1.7.5 Git commit: f5ec1e2 Built: Tue Jun 27 02:21:36 2017 OS/Arch: linux/amd64 Server: Version: 17.03.2-ce API version: 1.27 (minimum version 1.12) Go version: go1.7.5 Git commit: f5ec1e2 Built: Tue Jun 27 02:21:36 2017 OS/Arch: linux/amd64 Experimental: false --- [root@node01 ~]# cat /etc/redhat-release CentOS Linux release 7.6.1810 (Core) [root@node01 ~]# docker version Client: Version: 17.03.2-ce API version: 1.27 Go version: go1.7.5 Git commit: f5ec1e2 Built: Tue Jun 27 02:21:36 2017 OS/Arch: linux/amd64 Server: Version: 17.03.2-ce API version: 1.27 (minimum version 1.12) Go version: go1.7.5 Git commit: f5ec1e2 Built: Tue Jun 27 02:21:36 2017 OS/Arch: linux/amd64 Experimental: false
【运行Rancher Server】
sudo docker run -d --restart=unless-stopped -p 80:80 -p 443:443 rancher/rancher:stable
Rancher Server容器启动很快速,不到一分钟你就可以通过https://访问Rancher UI。
一旦Rancher Server成功安装,用户界面将指导你添加第一个集群
【打开rancher dashboard】
在浏览器运行:https://192.168.0.166/login
根据提示设置用户名/密码
这里我设置的为admin/123456
--- 内容直达电梯
CentOS7安装Rancher2.0并部署kubernetes (一)---部署Rancher
CentOS7安装Rancher2.0并部署kubernetes (二)---部署kubernetes
CentOS7安装Rancher2.0并部署kubernetes (三)---解决登录kubernets超时和部署测试Pod和Containter[nginx为例]
-------
参考文档:
https://www.cnrancher.com/docs/rancher/v2.x/cn/install-prepare/basic-environment-configuration/
作者:horizonli
出处:http://www.cnblogs.com/horizonli/
本文版权归作者和博客园共有,欢迎转载,但未经作者同意必须保留此段声明,且在文章页面明显位置给出原文连接,否则保留追究法律责任的权利。
如果您认为文章还不错或者有所收获,您可以通过扫描下方的二维码进行随性打赏(¥1/¥2/¥5)以及点击左下角的【好文要顶】按钮以示支持,或者扫描关注即将写作的公众号二维码,因为这几种方式都是支持我继续写作,分享的最大动力!公众号将记录工作生活,技术内容,个性观点等内容,欢迎您的关注
出处:http://www.cnblogs.com/horizonli/
本文版权归作者和博客园共有,欢迎转载,但未经作者同意必须保留此段声明,且在文章页面明显位置给出原文连接,否则保留追究法律责任的权利。
|
 支付宝(alipay) 二维码打赏 |
 微信(wechat) 二维码打赏 JUST LI(**波) |
 微信公众号: 木子李的菜田 |
