[原]CentOS7安裝Rancher2.1並部署kubernetes (一)---部署Rancher
################## Rancher v2.1.7 + Kubernetes 1.13.4 ################html
####################### 如下爲聲明 #####################node
此文檔是在兩臺機上進行的實踐,kubernetes處於不斷開發階段linux
不能保證每一個步驟都能準確到同步開發進度,因此若是安裝部署過程當中有問題請儘可能googlenginx
按照下面步驟能獲得什麼?git
1.兩臺主機之一會做爲Rancher的server,另一臺做爲Rancher Server的node節點添加進Rancher Server,獲得安裝好的Rancher,並以Rancher UI進行呈現github
2.做爲node節點的主機會被安裝kubernetes,並以kubernetes dashboard的方式呈現docker
3.將創建一個登錄帳號登錄kubernetes dashboard 並解決kubernetes dashboard token超時的問題json
4.部署測試pod 和 container,(以nginx爲例)centos
5,認識Rancher和kubernetes,知道其長什麼樣子能作什麼工做。數組
6.此文不作生產環境使用,若是使用到生產環境,責任自負。只做爲學習Rancher和kubernetes使用,因爲時間關係,文中有錯誤的地方歡迎指正交流。
7.此文分爲三部分:
CentOS7安裝Rancher2.0並部署kubernetes (一)---部署Rancher
CentOS7安裝Rancher2.0並部署kubernetes (二)---部署kubernetes
CentOS7安裝Rancher2.0並部署kubernetes (三)---解決登陸kubernets超時和部署測試Pod和Containter[nginx爲例]
############################## 下面爲文檔正文 #####################################
主機環境(兩臺VM都能上外網):
VM主機名1:rancher 主要用來安裝rancher部署工具
VM主機名2:node01 主要用來安裝kubernetes容器編排管理工具
VM1-IP: 192.168.0.166/24
VM2-IP: 192.168.0.167/24
如下的操做在兩臺機器上都要執行
【關閉selinux】
setenforce 0 sudo sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config systemctl stop firewalld.service && systemctl disable firewalld.service
【主機時間,時區,系統語言】
ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime sudo echo 'LANG="en_US.UTF-8"' >> /etc/profile;source /etc/profile
【OS版本】
[root@rancher ~]# cat /etc/redhat-release CentOS Linux release 7.6.1810 (Core) [root@node01 ~]# cat /etc/redhat-release CentOS Linux release 7.6.1810 (Core)
【/etc/hosts文件】
由於K8S的規定,主機名只支持包含 - 和 .(中橫線和點)兩種特殊符號,而且主機名不能出現重複
[root@rancher ~]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.0.166 rancher 192.168.0.167 node01 --- [root@node01 ~]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.0.166 rancher 192.168.0.167 node01
【兩臺VM時間同步使用chronyd】
主機rancher爲chronyd server 配置文件/etc/chrony.conf以下:
driftfile /var/lib/chrony/drift makestep 1.0 3 rtcsync allow 192.168.0.167/16 local stratum 8 logdir /var/log/chrony
---
主機node01爲chronyd client 配置文件/etc/chrony.conf以下:
server rancher iburst driftfile /var/lib/chrony/drift makestep 1.0 3 rtcsync allow 192.168.0.166/24 local stratum 9 logdir /var/log/chrony
[root@rancher ~]# chronyc sources -v 210 Number of sources = 0 .-- Source mode '^' = server, '=' = peer, '#' = local clock. / .- Source state '*' = current synced, '+' = combined , '-' = not combined, | / '?' = unreachable, 'x' = time may be in error, '~' = time too variable. || .- xxxx [ yyyy ] +/- zzzz || Reachability register (octal) -. | xxxx = adjusted offset, || Log2(Polling interval) --. | | yyyy = measured offset, || \ | | zzzz = estimated error. || | | \ MS Name/IP address Stratum Poll Reach LastRx Last sample ===============================================================================
---
[root@node01 ~]# chronyc sources -v 210 Number of sources = 1 .-- Source mode '^' = server, '=' = peer, '#' = local clock. / .- Source state '*' = current synced, '+' = combined , '-' = not combined, | / '?' = unreachable, 'x' = time may be in error, '~' = time too variable. || .- xxxx [ yyyy ] +/- zzzz || Reachability register (octal) -. | xxxx = adjusted offset, || Log2(Polling interval) --. | | yyyy = measured offset, || \ | | zzzz = estimated error. || | | \ MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^* rancher 8 10 377 592 -190us[ -192us] +/- 496us
【性能調優】
cat >> /etc/sysctl.conf<<EOF net.ipv4.ip_forward=1 net.bridge.bridge-nf-call-iptables=1 net.ipv4.neigh.default.gc_thresh1=4096 net.ipv4.neigh.default.gc_thresh2=6144 net.ipv4.neigh.default.gc_thresh3=8192 EOF
sysctl -p
【添加模塊】
[root@rancher ~]# cat add_mod.sh
#!/bin/sh
mods=(
br_netfilter
ip6_udp_tunnel
ip_set
ip_set_hash_ip
ip_set_hash_net
iptable_filter
iptable_nat
iptable_mangle
iptable_raw
nf_conntrack_netlink
nf_conntrack
nf_conntrack_ipv4
nf_defrag_ipv4
nf_nat
nf_nat_ipv4
nf_nat_masquerade_ipv4
nfnetlink
udp_tunnel
VETH
VXLAN
x_tables
xt_addrtype
xt_conntrack
xt_comment
xt_mark
xt_multiport
xt_nat
xt_recent
xt_set
xt_statistic
xt_tcpudp
)
for mod in ${mods[@]};do
modprobe $mod
lsmod |grep $mod
done
chmod a+x add_mod.sh ./add_mod.sh
【Docker-ce安裝】
sudo cp /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.bak
cat > /etc/yum.repos.d/CentOS-Base.repo << EOF [base] name=CentOS-$releasever - Base - mirrors.aliyun.com failovermethod=priority baseurl=http://mirrors.aliyun.com/centos/$releasever/os/$basearch/ http://mirrors.aliyuncs.com/centos/$releasever/os/$basearch/ http://mirrors.cloud.aliyuncs.com/centos/$releasever/os/$basearch/ gpgcheck=1 gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7 #released updates [updates] name=CentOS-$releasever - Updates - mirrors.aliyun.com failovermethod=priority baseurl=http://mirrors.aliyun.com/centos/$releasever/updates/$basearch/ http://mirrors.aliyuncs.com/centos/$releasever/updates/$basearch/ http://mirrors.cloud.aliyuncs.com/centos/$releasever/updates/$basearch/ gpgcheck=1 gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7 #additional packages that may be useful [extras] name=CentOS-$releasever - Extras - mirrors.aliyun.com failovermethod=priority baseurl=http://mirrors.aliyun.com/centos/$releasever/extras/$basearch/ http://mirrors.aliyuncs.com/centos/$releasever/extras/$basearch/ http://mirrors.cloud.aliyuncs.com/centos/$releasever/extras/$basearch/ gpgcheck=1 gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7 #additional packages that extend functionality of existing packages [centosplus] name=CentOS-$releasever - Plus - mirrors.aliyun.com failovermethod=priority baseurl=http://mirrors.aliyun.com/centos/$releasever/centosplus/$basearch/ http://mirrors.aliyuncs.com/centos/$releasever/centosplus/$basearch/ http://mirrors.cloud.aliyuncs.com/centos/$releasever/centosplus/$basearch/ gpgcheck=1 enabled=0 gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7 #contrib - packages by Centos Users [contrib] name=CentOS-$releasever - Contrib - mirrors.aliyun.com failovermethod=priority baseurl=http://mirrors.aliyun.com/centos/$releasever/contrib/$basearch/ http://mirrors.aliyuncs.com/centos/$releasever/contrib/$basearch/ http://mirrors.cloud.aliyuncs.com/centos/$releasever/contrib/$basearch/ gpgcheck=1 enabled=0 gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7 EOF
---
注意事項:
由於CentOS的安全限制,經過RKE安裝K8S集羣時候沒法使用root帳戶。因此,建議CentOS用戶使用非root用戶來運行docker,無論是RKE仍是custom安裝k8s,詳情查看沒法爲主機配置SSH隧道,詳情請參考
https://www.cnrancher.com/docs/rancher/v2.x/cn/faq/troubleshooting-ha/ssh-tunneling/。
###添加用戶
###本文設置<new_user>=dockerli
sudo adduser `<new_user>`# 爲新用戶設置密碼
sudo passwd `<new_user>`# 爲新用戶添加sudo權限
sudo echo '<new_user> ALL=(ALL) ALL' >> /etc/sudoers
# 卸載舊版本Docker軟件
sudo yum remove docker \ docker-client \ docker-client-latest \ docker-common \ docker-latest \ docker-latest-logrotate \ docker-logrotate \ docker-selinux \ docker-engine-selinux \ docker-engine \ container*
# 定義安裝版本
export docker_version=17.03.2
# step 1: 安裝必要的一些系統工具
sudo yum update -y sudo yum install -y yum-utils device-mapper-persistent-data lvm2 bash-completion
# Step 2: 添加軟件源信息
sudo yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
# Step 3: 更新並安裝 Docker-CE ,Docker-Engine Docker官方已經不推薦使用,請安裝Docker-CE
sudo yum makecache all
version=$(yum list docker-ce.x86_64 --showduplicates | sort -r|grep ${docker_version}|awk '{print $2}')
sudo yum -y install --setopt=obsoletes=0 docker-ce-${version} docker-ce-selinux-${version}# 若是已經安裝高版本Docker,可進行降級安裝(可選)
yum downgrade --setopt=obsoletes=0 -y docker-ce-${version} docker-ce-selinux-${version}# 把當前用戶加入docker組
sudo usermod -aG docker `<new_user>`# 設置開機啓動
sudo systemctl enable docker
【docker配置】
建立文件:
/etc/docker/daemon.json
[root@rancher ~]# cat /etc/docker/daemon.json
{
"registry-mirrors": ["https://7bezldxe.mirror.aliyuncs.com/"],
"max-concurrent-downloads": 3,
"max-concurrent-uploads": 5,
"storage-driver": "overlay2",
"storage-opts": ["overlay2.override_kernel_check=true"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m",
"max-file": "3"
}
}
---
[root@node01 ~]# cat /etc/docker/daemon.json
{
"registry-mirrors": ["https://7bezldxe.mirror.aliyuncs.com/"],
"max-concurrent-downloads": 3,
"max-concurrent-uploads": 5,
"storage-driver": "overlay2",
"storage-opts": ["overlay2.override_kernel_check=true"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m",
"max-file": "3"
}
}
###詳細解釋docker配置注意事項
對於經過systemd來管理服務的系統(好比CentOS7.X), Docker有兩處能夠配置參數:
一個是docker.service服務配置文件,一個是Docker daemon配置文件daemon.json
1. docker.service
對於CentOS系統,docker.service默認位於/usr/lib/systemd/system/docker.service;
對於Ubuntu系統,docker.service默認位於/lib/systemd/system/docker.service
2. daemon.json
daemon.json默認位於/etc/docker/daemon.json,若是沒有可手動建立,基於systemd管理的系統都是相同的路徑。經過修改daemon.json來改過Docker配置,也是Docker官方推薦的方法。
###如下說明均基於systemd,並經過/etc/docker/daemon.json來修改配置
#配置鏡像下載和上傳併發數#
"max-concurrent-downloads": 3, "max-concurrent-uploads": 5
#配置鏡像加速地址#
Rancher從v1.6.15開始到v2.x.x,Rancher系統相關的全部鏡像(包括1.6.x上的K8S鏡像)都託管在Dockerhub倉庫。Dockerhub節點在國外,國內直接拉取鏡像會有些緩慢。爲了加速鏡像的下載,能夠給Docker配置國內的鏡像地址,能夠設置多個registry-mirrors地址,以數組形式書寫,地址須要添加協議頭(https或者http)
{
"registry-mirrors": ["https://7bezldxe.mirror.aliyuncs.com/","https://IP:PORT/"]
}
#(option)配置insecure-registries私有倉庫#
Docker默認只信任TLS加密的倉庫地址(https),全部非https倉庫默認沒法登錄也沒法拉取鏡像。insecure-registries字面意思爲不安全的倉庫,經過添加這個參數對非https倉庫進行授信。能夠設置多個insecure-registries地址,以數組形式書寫,地址不能添加協議頭(http)
{
"insecure-registries": ["192.168.1.100","IP:PORT"]
}
#配置Docker存儲驅動#
OverlayFS是一個新一代的聯合文件系統,相似於AUFS,但速度更快,實現更簡單。Docker爲OverlayFS提供了兩個存儲驅動程序:舊版的overlay,新版的overlay2(更穩定)。
先決條件:
* overlay2: Linux內核版本4.0或更高版本,或使用內核版本3.10.0-514+的RHEL或CentOS。
* overlay: 主機Linux內核版本3.18+
* 支持的磁盤文件系統
ext4(僅限RHEL 7.1)
xfs(RHEL7.2及更高版本),須要啓用d_type=true。 >具體詳情參考 Docker Use the OverlayFS storage driver
{
"storage-driver": "overlay2",
"storage-opts": ["overlay2.override_kernel_check=true"]
}
#配置日誌驅動#
{
"log-driver": "json-file",
"log-opts": {
"max-size": "100m",
"max-file": "3"
}
}
經過以上配置/etc/docker/daemon.json後從新啓動docker
[root@rancher ~]# docker version Client: Version: 17.03.2-ce API version: 1.27 Go version: go1.7.5 Git commit: f5ec1e2 Built: Tue Jun 27 02:21:36 2017 OS/Arch: linux/amd64 Server: Version: 17.03.2-ce API version: 1.27 (minimum version 1.12) Go version: go1.7.5 Git commit: f5ec1e2 Built: Tue Jun 27 02:21:36 2017 OS/Arch: linux/amd64 Experimental: false --- [root@node01 ~]# cat /etc/redhat-release CentOS Linux release 7.6.1810 (Core) [root@node01 ~]# docker version Client: Version: 17.03.2-ce API version: 1.27 Go version: go1.7.5 Git commit: f5ec1e2 Built: Tue Jun 27 02:21:36 2017 OS/Arch: linux/amd64 Server: Version: 17.03.2-ce API version: 1.27 (minimum version 1.12) Go version: go1.7.5 Git commit: f5ec1e2 Built: Tue Jun 27 02:21:36 2017 OS/Arch: linux/amd64 Experimental: false
【運行Rancher Server】
sudo docker run -d --restart=unless-stopped -p 80:80 -p 443:443 rancher/rancher:stable
Rancher Server容器啓動很快速,不到一分鐘你就能夠經過https://訪問Rancher UI。
一旦Rancher Server成功安裝,用戶界面將指導你添加第一個集羣
【打開rancher dashboard】
在瀏覽器運行:
https://192.168.0.166/login
根據提示設置用戶名/密碼
這裏我設置的爲admin/123456
--- 內容直達電梯
CentOS7安裝Rancher2.0並部署kubernetes (一)---部署Rancher
CentOS7安裝Rancher2.0並部署kubernetes (二)---部署kubernetes
CentOS7安裝Rancher2.0並部署kubernetes (三)---解決登陸kubernets超時和部署測試Pod和Containter[nginx爲例]
-------
參考文檔:
https://www.cnrancher.com/docs/rancher/v2.x/cn/install-prepare/basic-environment-configuration/
相關文章
- 1. [原]CentOS7安裝Rancher2.1並部署kubernetes (一)---部署Rancher
- 2. [原]CentOS7安裝Rancher2.1並部署kubernetes (二)---部署kubernetes
- 3. Rancher2.1安裝部署
- 4. [原]CentOS7安裝Rancher2.1並部署kubernetes (三)---解決登錄kubernets超時和部署測試Pod和Containter[nginx爲例]...
- 5. [原]CentOS7安裝Rancher2.1並部署kubernetes (三)---解決登陸kubernets超時和部署測試Pod和Containter[nginx爲例]
- 6. Rancher的Kubernetes dashboard安裝部署
- 7. CentOS7 部署Kubernetes
- 8. CentOS7安裝Nginx並部署
- 9. Rancher部署kubernetes爬坑記
- 10. ubuntu Docker安裝部署Rancher
- 更多相關文章...
- • Maven 自動化部署 - Maven教程
- • ionic 頭部與底部 - ionic 教程
- • 使用阿里雲OSS+CDN部署前端頁面與加速靜態資源
- • Composer 安裝與使用
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
相關文章
- 1. [原]CentOS7安裝Rancher2.1並部署kubernetes (一)---部署Rancher
- 2. [原]CentOS7安裝Rancher2.1並部署kubernetes (二)---部署kubernetes
- 3. Rancher2.1安裝部署
- 4. [原]CentOS7安裝Rancher2.1並部署kubernetes (三)---解決登錄kubernets超時和部署測試Pod和Containter[nginx爲例]...
- 5. [原]CentOS7安裝Rancher2.1並部署kubernetes (三)---解決登陸kubernets超時和部署測試Pod和Containter[nginx爲例]
- 6. Rancher的Kubernetes dashboard安裝部署
- 7. CentOS7 部署Kubernetes
- 8. CentOS7安裝Nginx並部署
- 9. Rancher部署kubernetes爬坑記
- 10. ubuntu Docker安裝部署Rancher