基于rancher搭建k8s

快速搭建rancher

-v 用來掛載證書，如果沒有證書，可以洗掉，默認使用rancher內置的自簽證書

docker run -d --name rancher --privileged --restart=unless-stopped \
    -p 10080:80 -p 10443:443 \
    -v /root/tmp/rancher.mb.com.crt:/etc/rancher/ssl/cert.pem \
    -v /root/tmp/rancher.mb.com.key:/etc/rancher/ssl/key.pem \
    -v /root/tmp/cacerts.pem:/etc/rancher/ssl/cacerts.pem \
    rancher/rancher:v2.7.5

訪問 https://ip:10443

rancher啟動較慢，可以稍等片刻，大約半分鐘，即可訪問，前提是防火墻放行埠10443

獲取rancher UI 默認的登錄密碼

瀏覽器訪問到rancher的登錄頁面后，執行shell docker logs rancher 2>&1 | grep "Bootstrap Password:" 查看默認的登錄密碼

登錄成功后，進入集群管理

創建集群

由于docker run的時候沒有信任的證書，所以此處打勾

復制注冊命令在需要安裝的k8s機器上執行命令，靜默安裝. 我這邊4h8g的機器大概在5分鐘內安裝完畢

rancher查看安裝日志

安裝程序中，會看到些許ERROR日志， 只要這個日志不會卡在那里1分鐘以上， 就不要人為干預，rancher會自行調整

docker logs -f rancher

安裝程序中的圖

安裝完成，節點狀態變成Active，表示k8s可用，

需要安裝k8s集群時，拿著命令在目標機上執行即可

遇到的坑

執行創建k8s的命令后， 一直都在Update狀態

• 背景說明：安裝完成后，想再折騰一下，于是洗掉節點，再重復上面的操作，發現一直都創建不成功
• 解決辦法
  • 在rancher移除節點
  • 在rancher集群管理，洗掉前面創建的集群
  • 在k8s機器上執行卸載命令， 命令一般放在/usr/local/bin目錄，可以通過 shell /usr/local/bin/k3s-uninstall.sh 查找
  • 如果安裝的k3s,執行 k3s-uninstall.sh 和 rancher-system-agent-uninstall.sh ；如果安裝的是rke2,則卸載rke2的命令，rke2卸載命令的查找方法和k3s的查找方法類似

卸載命令備份

這些命令是rancher安裝集群的時候自動生成的，做個備份在這里，防止失聯

k3s-uninstall.sh

#!/bin/sh
set -x
[ $(id -u) -eq 0 ] || exec sudo $0 $@

/usr/local/bin/k3s-killall.sh

if command -v systemctl; then
    systemctl disable k3s
    systemctl reset-failed k3s
    systemctl daemon-reload
fi
if command -v rc-update; then
    rc-update delete k3s default
fi

rm -f /etc/systemd/system/k3s.service
rm -f /etc/systemd/system/k3s.service.env

remove_uninstall() {
    rm -f /usr/local/bin/k3s-uninstall.sh
}
trap remove_uninstall EXIT

if (ls /etc/systemd/system/k3s*.service || ls /etc/init.d/k3s*) >/dev/null 2>&1; then
    set +x; echo 'Additional k3s services installed, skipping uninstall of k3s'; set -x
    exit
fi

for cmd in kubectl crictl ctr; do
    if [ -L /usr/local/bin/$cmd ]; then
        rm -f /usr/local/bin/$cmd
    fi
done

rm -rf /etc/rancher/k3s
rm -rf /run/k3s
rm -rf /run/flannel
rm -rf /var/lib/rancher/k3s
rm -rf /var/lib/kubelet
rm -f /usr/local/bin/k3s
rm -f /usr/local/bin/k3s-killall.sh

if type yum >/dev/null 2>&1; then
    yum remove -y k3s-selinux
    rm -f /etc/yum.repos.d/rancher-k3s-common*.repo
elif type rpm-ostree >/dev/null 2>&1; then
    rpm-ostree uninstall k3s-selinux
    rm -f /etc/yum.repos.d/rancher-k3s-common*.repo
elif type zypper >/dev/null 2>&1; then
    uninstall_cmd="zypper remove -y k3s-selinux"
    if [ "${TRANSACTIONAL_UPDATE=false}" != "true" ] && [ -x /usr/sbin/transactional-update ]; then
        uninstall_cmd="transactional-update --no-selfupdate -d run $uninstall_cmd"
    fi
    $uninstall_cmd
    rm -f /etc/zypp/repos.d/rancher-k3s-common*.repo
fi

rancher-system-agent-uninstall.sh

#!/bin/sh

if [ ! $(id -u) -eq 0 ]; then
  fatal "This script must be run as root."
fi

# Environment variables:
#   System Agent Variables
#   - CATTLE_AGENT_CONFIG_DIR (default: /etc/rancher/agent)
#   - CATTLE_AGENT_VAR_DIR (default: /var/lib/rancher/agent)
#   - CATTLE_AGENT_BIN_PREFIX (default: /usr/local)
#

# warn logs the given argument at warn log level.
warn() {
    echo "[WARN] " "$@" >&2
}

# check_target_mountpoint return success if the target directory is on a dedicated mount point
check_target_mountpoint() {
    mountpoint -q "${CATTLE_AGENT_BIN_PREFIX}"
}

# check_target_ro returns success if the target directory is read-only
check_target_ro() {
    touch "${CATTLE_AGENT_BIN_PREFIX}"/.r-sa-ro-test && rm -rf "${CATTLE_AGENT_BIN_PREFIX}"/.r-sa-ro-test
    test $? -ne 0
}

setup_env() {
    if [ -z "${CATTLE_AGENT_CONFIG_DIR}" ]; then
        CATTLE_AGENT_CONFIG_DIR=/etc/rancher/agent
    fi

    if [ -z "${CATTLE_AGENT_VAR_DIR}" ]; then
        CATTLE_AGENT_VAR_DIR=/var/lib/rancher/agent
    fi

    # --- resources are installed to /usr/local by default, except if /usr/local is on a separate partition or is
    # --- read-only in which case we go into /opt/rancher-system-agent. If variable isn't passed and this criteria is
    # --- true, assume that is what was done, since removing from /usr/local wouldn't be possible anyway.
    if [ -z "${CATTLE_AGENT_BIN_PREFIX}" ]; then
        CATTLE_AGENT_BIN_PREFIX="/usr/local"
        if check_target_mountpoint || check_target_ro; then
            CATTLE_AGENT_BIN_PREFIX="/opt/rancher-system-agent"
            warn "/usr/local is read-only or a mount point; checking ${CATTLE_AGENT_BIN_PREFIX}"
        fi
    fi

}

uninstall_stop_services() {
    if command -v systemctl >/dev/null 2>&1; then
        systemctl stop rancher-system-agent
    fi
}

uninstall_remove_self() {
    rm -f "${CATTLE_AGENT_BIN_PREFIX}/bin/rancher-system-agent-uninstall.sh"
}

uninstall_disable_services()
{
    if command -v systemctl >/dev/null 2>&1; then
        systemctl disable rancher-system-agent || true
        systemctl reset-failed rancher-system-agent || true
        systemctl daemon-reload
    fi
}

uninstall_remove_files() {
    rm -f /etc/systemd/system/rancher-system-agent.service
    rm -f /etc/systemd/system/rancher-system-agent.env
    rm -rf ${CATTLE_AGENT_VAR_DIR}
    rm -rf ${CATTLE_AGENT_CONFIG_DIR}
    rm -f "${CATTLE_AGENT_BIN_PREFIX}/bin/rancher-system-agent"
}

setup_env
uninstall_stop_services
trap uninstall_remove_self EXIT
uninstall_disable_services
uninstall_remove_files

標籤：其他

上一篇：天翼云邊緣安全加速平臺亮相2023亞太內容分發大會暨CDN峰會

下一篇：返回列表