Rancher导入原生Kubernetes集群
如果您收到“由未知机构签署的证书”错误,则Rancher安装具有自签名或不受信任的SSL证书。如果在创建某些资源时出现权限错误,则用户可能没有群集管理员角色。上面的用户是 default-auth,通过以下命令得出,在node上执行。以导入现有集群以做管理。现导入原生K8S集群以做案例。这样就可以了,剩下的Rancher会自己调试好,见下。文章知识点与官方知识档案匹配,可进一步学习相关知识。是k8
rancher是k8s集群管理工具,除了自建集群之外,也可
1.安装docker
apt-get update
apt-get install docker.io
2.安装Rancher
docker run -d --restart=unless-stopped
–name=rancher-server
-p 80:80 -p 443:443 -p 6443:6443
–privileged
-v /var/server/rancher:/var/lib/rancher
rancher/rancher:stable
以导入现有集群以做管理。现导入原生K8S集群以做案例
从 集群管理 - 导入现有集群开始
翻译后见下:
在运行受支持的Kubernetes版本的现有Kubernetes群集上运行下面的kubectl命令,将其导入Rancher:
kubectl apply -f https:
如果您收到“由未知机构签署的证书”错误,则Rancher安装具有自签名或不受信任的SSL证书。请运行以下命令以绕过证书验证:
curl --insecure -sfL https:
如果在创建某些资源时出现权限错误,则用户可能没有群集管理员角色。使用以下命令应用它:
kubectl create clusterrolebinding cluster-admin-binding --clusterrole cluster-admin --user default-auth
上面的用户是 default-auth,通过以下命令得出,在node上执行
[root@node1 ~]# ps -ef|grep kubelet|grep kubeconfig
root 21920 1 1 Feb22 ? 00:12:38 /usr/bin/kubelet --bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf --config=/var/lib/kubelet/config.yaml --network-plugin=cni --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.2
[root@node1 ~]# cat /etc/kubernetes/kubelet.conf|grep user
user: default-auth
现在开始操作:
[root@master1 ~]# kubectl apply -f https:
Unable to connect to the server: x509: certificate signed by unknown authority
[root@master1 ~]# curl --insecure -sfL https:
clusterrole.rbac.authorization.k8s.io/proxy-clusterrole-kubeapiserver created
clusterrolebinding.rbac.authorization.k8s.io/proxy-role-binding-kubernetes-master created
namespace/cattle-system created
serviceaccount/cattle created
clusterrolebinding.rbac.authorization.k8s.io/cattle-admin-binding created
secret/cattle-credentials-4858df9 created
clusterrole.rbac.authorization.k8s.io/cattle-admin created
deployment.apps/cattle-cluster-agent created
service/cattle-cluster-agent created
[root@master1 ~]# kubectl apply -f https:
Unable to connect to the server: x509: certificate signed by unknown authority
[root@master1 ~]# kubectl create clusterrolebinding cluster-admin-binding --clusterrole cluster-admin --user default-auth
clusterrolebinding.rbac.authorization.k8s.io/cluster-admin-binding created
这样就可以了,剩下的Rancher会自己调试好,见下
------------------end
文章知识点与官方知识档案匹配,可进一步学习相关知识
更多推荐
所有评论(0)