使用rancher2搭建k8s集群
使用rancher搭建k8s集群使用vmware安装rancher启动rancher创建coreos集群搭建k8s集群使用vmware安装rancherrancher可以使用docker machine来安装,但是这个方法要求物理机是linux系统。官方提供启动rancher创建coreos集群搭建k8s集群...
使用rancher搭建k8s集群
使用vmware安装rancher
rancher可以使用docker machine来安装,但是这个方法要求物理机是linux系统。
在官网下载vmdk文件
启动rancher
docker run -d --name rancher -p 80:80 -p 443:443 --restart=unless-stopped rancher/rancher
安装coreos(iso)
官方提供提供了ova,也可以下载iso 来安装
安装coreos(vmware)
参考了网上资料 但是文件格式转换搞不定
下载vmware格式文件
配置文件
编写yml文件
passwd:
users:
- name: root
password_hash: $1$VZmbR0yt$9FWIpMVPTbouVNzQbXkfv0
ssh_authorized_keys:
- ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAs8yiypQZiiNcI/kkr1DtZoaHI1NopxfsA7DjW+Qf5roWZRXOqfoUHidb2rQ06C5JAiH+up1urUScEtBO9xjKcBtc9QTSOqk84oWlImQ8czXh9JWbrYJhIEQHdhOj5F76hjstLPYRG0hIh3+VAyDM1+WZrcmrnSmTxfoaOPdB8dMdJ2R4brjXnsIzXhZ7O/IZrymyP6ELV4NSqNYcNdWFbpm5yHV9xOCTlDayVYITISooR8sVsEqGLysb+XHEjqoWUj+5nhpemvuoAXeQh/WF
groups:
- sudo
- docker
networkd:
units:
- name: static.network
contents: |
[Match]
Name=ens192
[Network]
Address=192.168.1.222/24
storage:
files:
- path: /etc/hostname
filesystem: root
mode: 0644
contents:
inline: core2
- path: /etc/hosts
filesystem: root
mode: 0644
contents:
inline: |
127.0.0.1 localhost
::1 localhost
192.168.1.221 core1
192.168.1.222 core2
192.168.1.223 core3
systemd:
units:
- name: "settimezone.service"
enabled: true
contents: |
[Unit]
Description=Set the timezone
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/bin/timedatectl set-timezone Asia/Shanghai
[Install]
WantedBy=multi-user.target
etcd:
version: "3.3.12"
name: "core2"
advertise_client_urls: "http://192.168.1.222:2379"
initial_advertise_peer_urls: "http://192.168.1.222:2380"
listen_client_urls: "http://0.0.0.0:2379"
listen_peer_urls: "http://192.168.1.222:2380"
initial_cluster: "core1=http://192.168.1.221:2380,core2=http://192.168.1.222:2380,core3=http://192.168.1.223:2380"
具体格式可以参考前面那个网站。不过我设置了password_hash和ssh_authorized_keys貌似都不生效
转成json格式
按照上面的方法用ct工具转json得到的是一个空文件
我是用的网上转json 工具转json
补上version信息
然后按照官网 上面Ignition Config格式给json加上一段
"ignition": {
"config": {},
"timeouts": {},
"version": "2.1.0"
},
如果不加上上面这一段就会报failed to fetch config: unsupported config version这个错误
现在的json是这个样子
{
"ignition": {
"config": {},
"timeouts": {},
"version": "2.1.0"
},
"passwd": {
"users": [
{
"name": "root",
"password_hash": "$1$VZmbR0yt$9FWIpMVPTbouVNzQbXkfv0",
"ssh_authorized_keys": [
"ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAs8yiypQZiiNcI/kkr1DtZoaHI1NopxfsA7DjW+Qf5roWZRXOqfoUHidb2rQ06C5JAiH+up1urUScEtBO9xjKcBtc9QTSOqk84oWlImQ8czXh9JWbrYJhIEQHdhOj5F76hjstLPYRG0hIh3+VAyDM1+WZrcmrnSmTxfoaOPdB8dMdJ2R4brjXnsIzXhZ7O/IZrymyP6ELV4NSqNYcNdWFbpm5yHV9xOCTlDayVYITISooR8sVsEqGLysb+XHEjqoWUj+5nhpemvuoAXeQh/WF"
],
"groups": [
"sudo",
"docker"
]
}
]
},
"networkd": {
"units": [
{
"name": "static.network",
"contents": "[Match]\nName=ens192\n\n[Network]\nAddress=192.168.1.222/24\n"
}
]
},
"storage": {
"files": [
{
"path": "/etc/hostname",
"filesystem": "root",
"mode": 420,
"contents": {
"inline": "core2"
}
},
{
"path": "/etc/hosts",
"filesystem": "root",
"mode": 420,
"contents": {
"inline": "127.0.0.1 localhost\n::1 localhost\n192.168.1.221 core1\n192.168.1.222 core2\n192.168.1.223 core3\n"
}
}
]
},
"systemd": {
"units": [
{
"name": "settimezone.service",
"enabled": true,
"contents": "[Unit]\nDescription=Set the timezone\n\n[Service]\nType=oneshot\nRemainAfterExit=yes\nExecStart=/usr/bin/timedatectl set-timezone Asia/Shanghai\n\n[Install]\nWantedBy=multi-user.target\n"
}
]
},
"etcd": {
"version": "3.3.12",
"name": "core2",
"advertise_client_urls": "http://192.168.1.222:2379",
"initial_advertise_peer_urls": "http://192.168.1.222:2380",
"listen_client_urls": "http://0.0.0.0:2379",
"listen_peer_urls": "http://192.168.1.222:2380",
"initial_cluster": "core1=http://192.168.1.221:2380,core2=http://192.168.1.222:2380,core3=http://192.168.1.223:2380"
}
}
base64加密
然后找个网站 进行base64加密得到
ewoiaWduaXRpb24iOiB7CiAgICAiY29uZmlnIjoge30sCiAgICAidGltZW91dHMiOiB7fSwKICAgICJ2ZXJzaW9uIjogIjIuMS4wIgogIH0sCiAgInBhc3N3ZCI6IHsKICAgICJ1c2VycyI6IFsKICAgICAgewogICAgICAgICJuYW1lIjogInJvb3QiLAogICAgICAgICJwYXNzd29yZF9oYXNoIjogIiQxJFZabWJSMHl0JDlGV0lwTVZQVGJvdVZOelFiWGtmdjAiLAogICAgICAgICJzc2hfYXV0aG9yaXplZF9rZXlzIjogWwogICAgICAgICAgInNzaC1yc2EgQUFBQUIzTnphQzF5YzJFQUFBQUJJd0FBQVFFQXM4eWl5cFFaaWlOY0kva2tyMUR0Wm9hSEkxTm9weGZzQTdEalcrUWY1cm9XWlJYT3Fmb1VIaWRiMnJRMDZDNUpBaUgrdXAxdXJVU2NFdEJPOXhqS2NCdGM5UVRTT3FrODRvV2xJbVE4Y3pYaDlKV2JyWUpoSUVRSGRoT2o1Rjc2aGpzdExQWVJHMGhJaDMrVkF5RE0xK1dacmNtcm5TbVR4Zm9hT1BkQjhkTWRKMlI0YnJqWG5zSXpYaFo3Ty9JWnJ5bXlQNkVMVjROU3FOWWNOZFdGYnBtNXlIVjl4T0NUbERheVZZSVRJU29vUjhzVnNFcUdMeXNiK1hIRWpxb1dVais1bmhwZW12dW9BWGVRaC9XRiIKICAgICAgICBdLAogICAgICAgICJncm91cHMiOiBbCiAgICAgICAgICAic3VkbyIsCiAgICAgICAgICAiZG9ja2VyIgogICAgICAgIF0KICAgICAgfQogICAgXQogIH0sCiAgIm5ldHdvcmtkIjogewogICAgInVuaXRzIjogWwogICAgICB7CiAgICAgICAgIm5hbWUiOiAic3RhdGljLm5ldHdvcmsiLAogICAgICAgICJjb250ZW50cyI6ICJbTWF0Y2hdXG5OYW1lPWVuczE5MlxuXG5bTmV0d29ya11cbkFkZHJlc3M9MTkyLjE2OC4xLjIyMi8yNFxuIgogICAgICB9CiAgICBdCiAgfSwKICAic3RvcmFnZSI6IHsKICAgICJmaWxlcyI6IFsKICAgICAgewogICAgICAgICJwYXRoIjogIi9ldGMvaG9zdG5hbWUiLAogICAgICAgICJmaWxlc3lzdGVtIjogInJvb3QiLAogICAgICAgICJtb2RlIjogNDIwLAogICAgICAgICJjb250ZW50cyI6IHsKICAgICAgICAgICJpbmxpbmUiOiAiY29yZTIiCiAgICAgICAgfQogICAgICB9LAogICAgICB7CiAgICAgICAgInBhdGgiOiAiL2V0Yy9ob3N0cyIsCiAgICAgICAgImZpbGVzeXN0ZW0iOiAicm9vdCIsCiAgICAgICAgIm1vZGUiOiA0MjAsCiAgICAgICAgImNvbnRlbnRzIjogewogICAgICAgICAgImlubGluZSI6ICIxMjcuMC4wLjEgIGxvY2FsaG9zdFxuOjoxICAgICAgICBsb2NhbGhvc3RcbjE5Mi4xNjguMS4yMjEgY29yZTFcbjE5Mi4xNjguMS4yMjIgY29yZTJcbjE5Mi4xNjguMS4yMjMgY29yZTNcbiIKICAgICAgICB9CiAgICAgIH0KICAgIF0KICB9LAogICJzeXN0ZW1kIjogewogICAgInVuaXRzIjogWwogICAgICB7CiAgICAgICAgIm5hbWUiOiAic2V0dGltZXpvbmUuc2VydmljZSIsCiAgICAgICAgImVuYWJsZWQiOiB0cnVlLAogICAgICAgICJjb250ZW50cyI6ICJbVW5pdF1cbkRlc2NyaXB0aW9uPVNldCB0aGUgdGltZXpvbmVcblxuW1NlcnZpY2VdXG5UeXBlPW9uZXNob3RcblJlbWFpbkFmdGVyRXhpdD15ZXNcbkV4ZWNTdGFydD0vdXNyL2Jpbi90aW1lZGF0ZWN0bCBzZXQtdGltZXpvbmUgQXNpYS9TaGFuZ2hhaVxuXG5bSW5zdGFsbF1cbldhbnRlZEJ5PW11bHRpLXVzZXIudGFyZ2V0XG4iCiAgICAgIH0KICAgIF0KICB9LAogICJldGNkIjogewogICAgInZlcnNpb24iOiAiMy4zLjEyIiwKICAgICJuYW1lIjogImNvcmUyIiwKICAgICJhZHZlcnRpc2VfY2xpZW50X3VybHMiOiAiaHR0cDovLzE5Mi4xNjguMS4yMjI6MjM3OSIsCiAgICAiaW5pdGlhbF9hZHZlcnRpc2VfcGVlcl91cmxzIjogImh0dHA6Ly8xOTIuMTY4LjEuMjIyOjIzODAiLAogICAgImxpc3Rlbl9jbGllbnRfdXJscyI6ICJodHRwOi8vMC4wLjAuMDoyMzc5IiwKICAgICJsaXN0ZW5fcGVlcl91cmxzIjogImh0dHA6Ly8xOTIuMTY4LjEuMjIyOjIzODAiLAogICAgImluaXRpYWxfY2x1c3RlciI6ICJjb3JlMT1odHRwOi8vMTkyLjE2OC4xLjIyMToyMzgwLGNvcmUyPWh0dHA6Ly8xOTIuMTY4LjEuMjIyOjIzODAsY29yZTM9aHR0cDovLzE5Mi4xNjguMS4yMjM6MjM4MCIKICB9Cn0=
启动虚拟机
启动
按照前面网站的提示启动虚拟机,填入配置和加密方式,启动
修改密码
进去后发现无论如何都无法登陆,并且更坑的是已经进入虚拟机就无法出来,只能重启物理机
按照网上说明 进入grub加入coreos.autologin在$linux_commandline前面,Ctrl+X退出来启动,然后修改密码。这个autologin只会生效一次
允许远程登陆
cd /etc/ssh/
mv sshd_config sshd_config.backup
cat sshd_config.backup > sshd_config
vi sshd_config
# 加上PermitRootLogin yes 然后 wq!保存退出
systemctl restart sshd
搭建k8s集群
开放端口
firewall-cmd --zone=public --add-port=10250/tcp --permanent && firewall-cmd --zone=public --add-port=2379/tcp --permanent && firewall-cmd --zone=public --add-port=2380/tcp --permanent && firewall-cmd --zone=public --add-port=6443/tcp --permanent && firewall-cmd --zone=public --add-port=80/tcp --permanent
注意防火墙只能打开端口而不能关闭,否则会报错。
创建集群
在rancher页面上选择k8s集群的选项,然后rancher会给出一个docker run的命令,然后在各个安装了docker的node上执行
然后在rancher的控制台上就会看到这些node,在创建的过程中会有各种错误提示,不用管。过个几分钟后会发现所有node都是active的state
关闭防火墙
在集群创建完毕后关闭所有node的防火墙,否者会出现连不上ingress或者报504等
更多推荐
所有评论(0)