使用RKE部署高可用Rancher
微信公眾號:運維開發故事,作者:劉大仙
RKE簡述:
Rancher Kubernetes Engine(RKE)是一款輕量級Kubernetes安裝程序,支持在裸機和虛擬化服務器上安裝Kubernetes。RKE解決了Kubernetes社區中的一個常見問題,比如:安裝復雜性。RKE支持多種平臺運行,比如MacOS,linux,windows。
詳情見:https://docs.rancher.cn/rke/
Rancher簡述:
Rancher 是為使用容器的公司打造的容器管理平臺。Rancher 簡化了使用 Kubernetes 的流程,開發者可以隨處運行 Kubernetes(Run Kubernetes Everywhere),滿足 IT 需求規范,賦能 DevOps 團隊。
詳情見:https://rancher2.docs.rancher.cn/docs/overview/_index
使用環境:
| CentOS 7 1810 | nginx-master | 192.168.111.21 | Nginx主服務器 | 負載均衡 |
| CentOS 7 1810 | nginx-backup | 192.168.111.22 | Nginx備服務器 | 負載均衡 |
| ubuntu-18.04.3-live-server | rke-node1 | 192.168.111.50 | rke節點1 | RKE集群 |
| ubuntu-18.04.3-live-server | rke-node2 | 192.168.111.51 | rke節點2 | RKE集群 |
| ubuntu-18.04.3-live-server | rke-node3 | 192.168.111.52 | rke節點3 | RKE集群 |
部署前系統環境準備:
關閉防火墻和SeLinux
為防止因端口問題造成集群組建失敗,我們在這里提前關閉防火墻以及selinux
-
centos :
systemctl stop firewalld systemctl disable firewalld setenforce 0 sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config -
Ubuntu:
sudo ufw stop
配置host文件:
192.168.111.21 nginx-master 192.168.111.22 nginx-backup 192.168.111.50 rke-node1 192.168.111.51 rke-node2 192.168.111.52 rke-node3- 配置host文件,并確保每臺機器上都可以通過主機名互通
需要用到的工具:
此安裝需要以下 CLI 工具。請確保這些工具已經安裝并在$PATH中可用
CLI工具的安裝在RKE節點上進行,確保3臺節點都已經安裝正確
-
kubectl - Kubernetes 命令行工具.
-
rke - Rancher Kubernetes Engine,用于構建 Kubernetes 集群的 cli。
-
helm - Kubernetes 的軟件包管理工具。
請參閱Helm 版本要求選擇 Helm 的版本來安裝 Rancher。
安裝 Kubectl:
-
安裝參考K8S官網,由于某些特殊原因,此處我們使用snap
sudo apt-get install snapd sudo snap install kubectl --classic # 此處安裝較慢,請耐心等待 # 驗證安裝 kubectl help
安裝 RKE:
-
安裝參考Rancher官網,由于是從GitHub上下載,文件較大,網絡原因請自行解決
wget https://github.com/rancher/rke/releases/download/v1.0.8/rke_linux-amd64 # 將二進制文件移動至/usr/local/bin/下并改名成rke,并賦予可執行權限 sudo mv rke_linux-amd64 /usr/local/bin/rke sudo chmod +x /usr/local/bin/rke # 驗證安裝 rke --version
安裝 Helm:
-
安裝參考Helm官網,Helm是Kubernetes的包管理器,Helm的版本需要高于v3
# 下載安裝包 wget https://get.helm.sh/helm-v3.2.1-linux-amd64.tar.gz # 解壓 tar zxvf helm-v3.2.1-linux-amd64.tar.gz # 將二進制文件移動至/usr/local/bin/ sudo mv linux-amd64/helm /usr/local/bin/helm # 驗證安裝 helm help
創建 Nginx+Keepalived 集群:
此處在CentOS節點上進行
-
安裝 Nginx
# 下載Nginx安裝包 wget http://nginx.org/download/nginx-1.17.10.tar.gz # 解壓安裝包 tar zxvf nginx-1.17.10.tar.gz # 安裝編譯時必備的軟件包 yum install -y gcc gcc-c++ pcre pcre-devel zlib zlib-devel openssl openssl-devel libnl3-devel # 進入nginx目錄,此處我們需要使用https,所有在編譯時選擇 --with-http_ssl_module 模塊 cd nginx-1.17.10 mkdir -p /usr/local/nginx ./configure --prefix=/usr/local/nginx --with-http_ssl_module --with-stream # 安裝nginx make && make install # 創建nginx命令軟連接 ln -s /usr/local/nginx/sbin/nginx /usr/local/bin/nginx # 驗證安裝 nginx -V # 啟動nginx nginx -
安裝 Keepalived
# 下載安裝包 wget https://www.keepalived.org/software/keepalived-2.0.20.tar.gz # 解壓安裝包 tar zxvf keepalived-2.0.20.tar.gz # 編譯安裝keepalived cd keepalived-2.0.20 mkdir /usr/local/keepalived ./configure --prefix=/usr/local/keepalived/ make && make install # 配置 keepalived 為系統服務 cp /usr/local/keepalived/sbin/keepalived /usr/sbin/keepalived cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/keepalived touch /etc/init.d/keepalived chmod +x /etc/init.d/keepalived # keepalived 中的內容見下文 vim /etc/init.d/keepalived # 配置 keepalived mkdir /etc/keepalived/ cp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/ vim /etc/keepalived/keepalived.conf #keepalived.conf 中的內容見下文 # 啟動keepalived systemctl start keepalived systemctl enable keepalived # 驗證 systemctl status keepalived # 此時keepalived應該是運行,一個為master,一個為backup, master上執行 ip addr 命令時,應該存在一個虛擬ip地址,backup上不應該有 # 訪問 https://192.168.111.20 驗證配置/etc/init.d/keepalived文件內容
#!/bin/sh
Startup script for the Keepalived daemon
processname: keepalived
pidfile: /var/run/keepalived.pid
config: /etc/keepalived/keepalived.conf
chkconfig: - 21 79
description: Start and stop Keepalived
Source function library
. /etc/rc.d/init.d/functions
Source configuration file (we set KEEPALIVED_OPTIONS there)
. /etc/sysconfig/keepalived
RETVAL=0
prog=“keepalived”
start() {
echo -n $"Starting $prog: "
daemon keepalived KEEPALIVEDOPTIONSRETVAL={KEEPALIVED_OPTIONS} RETVAL=KEEPALIVEDO?PTIONSRETVAL=?
echo
[ KaTeX parse error: Expected 'EOF', got '&' at position 16: RETVAL -eq 0 ] &?& touch /var/lo…prog
}stop() {
echo -n $"Stopping prog:"killprockeepalivedRETVAL=prog: " killproc keepalived RETVAL=prog:"killprockeepalivedRETVAL=?
echo
[ KaTeX parse error: Expected 'EOF', got '&' at position 16: RETVAL -eq 0 ] &?& rm -f /var/lo…prog
}reload() {
echo -n $"Reloading prog:"killprockeepalived?1RETVAL=prog: " killproc keepalived -1 RETVAL=prog:"killprockeepalived?1RETVAL=?
echo
}See how we were called.
case "1"instart)start;;stop)stop;;reload)reload;;restart)stopstart;;condrestart)if[?f/var/lock/subsys/1" in start) start ;; stop) stop ;; reload) reload ;; restart) stop start ;; condrestart) if [ -f /var/lock/subsys/1"instart)start;;stop)stop;;reload)reload;;restart)stopstart;;condrestart)if[?f/var/lock/subsys/prog ]; then
stop
start
fi
;;
status)
status keepalived
RETVAL=$?
;;
*)
echo “Usage: $0 {start|stop|reload|restart|condrestart|status}”
RETVAL=1
esacexit $RETVAL
# /etc/keepalived/keepalived.conf 中的內容 ! Configuration File for keepalivedglobal_defs {router_id 192.168.111.21 # 此id在網絡中有且只有一個,不應有重復的id }vrrp_script chk_nginx { #因為要檢測nginx服務狀態,所以創建一個檢查腳本script "/usr/local/keepalived/check_ng.sh"interval 3 }vrrp_instance VI_1 {state MASTER # 配置此節點為master,備機上設置為BACKUPinterface ens33 # 設置綁定的網卡virtual_router_id 51 # vrrp 組, 主備的vrrp組應該一樣priority 120 # 優先級,優先級大的為主advert_int 1 # 檢查間隔authentication { # 認證auth_type PASSauth_pass 1111}virtual_ipaddress { # 虛擬IP192.168.111.20}track_script { # 執行腳本chk_nginx} }/usr/local/keepalived/check_ng.sh 中的內容
#!/bin/bash
d=date --date today +%Y%m%d_%H:%M:%S
n=ps -C nginx --no-heading|wc -l
if [ $n -eq “0” ]; then
systemctl start nginx
n2=ps -C nginx --no-heading|wc -l
if [ n2?eq"0"];thenecho"n2 -eq "0" ]; then echo "n2?eq"0"];thenecho"d nginx down,keepalived will stop" >> /var/log/check_ng.log
systemctl stop keepalived
fi
fi
安裝 docker-ce :
此處在RKE節點上進行
# 移除舊版本Docker sudo apt-get remove docker docker-engine docker.io containerd runc # 安裝工具包 sudo apt-get install -y \apt-transport-https \ca-certificates \curl \gnupg-agent \software-properties-common # 添加 Docker官方 GPG key curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - # 添加 stable apt 源 sudo add-apt-repository \"deb [arch=amd64] https://download.docker.com/linux/ubuntu \$(lsb_release -cs) \stable" # 安裝 Docker-ce sudo apt-get update sudo apt-get install -y docker-ce docker-ce-cli containerd.io # 驗證安裝 docker info # 將當前用戶加入"docker"用戶組,加入到該用戶組的賬號在隨后安裝過程會用到。用于節點訪問的SSH用戶必須是節點上docker組的成員 sudo usermod -aG docker $USER配置四層負載均衡
此處在Nginx集群操作
# 更新nginx配置文件 # vim /usr/local/nginx/conf/nginx.conf#user nobody; worker_processes 4; worker_rlimit_nofile 40000;events {worker_connections 8192; }stream {upstream rancher_servers_http {least_conn;server 192.168.111.50:80 max_fails=3 fail_timeout=5s;server 192.168.111.51:80 max_fails=3 fail_timeout=5s;server 192.168.111.52:80 max_fails=3 fail_timeout=5s;}server {listen 80;proxy_pass rancher_servers_http;}upstream rancher_servers_https {least_conn;server 192.168.111.50:443 max_fails=3 fail_timeout=5s;server 192.168.111.51:443 max_fails=3 fail_timeout=5s;server 192.168.111.52:443 max_fails=3 fail_timeout=5s;}server {listen 443;proxy_pass rancher_servers_https;} }開始部署:
使用 RKE 安裝 Kubernetes
-
RKE-Node 之間建立 ssh 免密登陸
# 生成 rsa 公鑰秘鑰 ssh-keygen # 復制當前主機上的公鑰到另外兩臺上面,實現免密碼登錄 ssh-copy-id -i ~/.ssh/id_rsa.pub docker@192.168.111.50 ssh-copy-id -i ~/.ssh/id_rsa.pub docker@192.168.111.51 ssh-copy-id -i ~/.ssh/id_rsa.pub docker@192.168.111.52 # 注意,自已也要跟自己注冊一下,三個節點都要執行 # 驗證 docker@rke-node3:~$ ssh docker@192.168.111.50 # 在node3上遠程node1 此時ssh應該不需要密碼 -
編寫 rancher-cluster.yml 文件
# vim rancher-cluster.yml nodes:- address: 192.168.111.50 # 主機IPuser: docker # 可以執行docker命令的用戶role: [controlplane,worker,etcd] # 節點角色- address: 192.168.111.51user: dockerrole: [controlplane,worker,etcd]- address: 192.168.111.52user: dockerrole: [controlplane,worker,etcd]services:etcd:snapshot: truecreation: 6hretention: 24 -
運行 RKE 構建 Kubernetes 集群
rke up --config ./rancher-cluster.yml # 驗證:返回下面的消息則說明執行成功。 # Finished building Kubernetes cluster successfully. -
Pod 是Running或Completed狀態。
-
STATUS 為 Running 的 Pod,READY 應該顯示所有容器正在運行 (例如,3/3)。
-
STATUS 為 Completed的 Pod 是一次運行的作業。對于這些 Pod,READY應為0/1。
kubectl get pods --all-namespacesNAMESPACE NAME READY STATUS RESTARTS AGE ingress-nginx nginx-ingress-controller-tnsn4 1/1 Running 0 30s ingress-nginx nginx-ingress-controller-tw2ht 1/1 Running 0 30s ingress-nginx nginx-ingress-controller-v874b 1/1 Running 0 30s kube-system canal-jp4hz 3/3 Running 0 30s kube-system canal-z2hg8 3/3 Running 0 30s kube-system canal-z6kpw 3/3 Running 0 30s kube-system kube-dns-7588d5b5f5-sf4vh 3/3 Running 0 30s kube-system kube-dns-autoscaler-5db9bbb766-jz2k6 1/1 Running 0 30s kube-system metrics-server-97bc649d5-4rl2q 1/1 Running 0 30s kube-system rke-ingress-controller-deploy-job-bhzgm 0/1 Completed 0 30s kube-system rke-kubedns-addon-deploy-job-gl7t4 0/1 Completed 0 30s kube-system rke-metrics-addon-deploy-job-7ljkc 0/1 Completed 0 30s kube-system rke-network-plugin-deploy-job-6pbgj 0/1 Completed 0 30s -
保存好配置文件
rancher-cluster.yml:RKE集群配置文件。 kube_config_rancher-cluster.yml:群集的Kubeconfig文件,此文件包含完全訪問群集的憑據。 rancher-cluster.rkestate:Kubernetes群集狀態文件,此文件包含完全訪問群集的憑據。 -
執行成功后會在當前目錄下生成一個 kube_config_rancher-cluster.yml 的文件, 把這個文件復制到 .kube/kube_config_rancher-cluster.yml
# 在用戶家目錄下進行 mkdir .kube cp kube_config_rancher-cluster.yml .kube/ export KUBECONFIG=$(pwd)/kube_config_rancher-cluster.yml # 驗證 kubectl get nodes NAME STATUS ROLES AGE VERSION 192.168.111.50 Ready controlplane,etcd,worker 5m47s v1.17.5 192.168.111.51 Ready controlplane,etcd,worker 5m46s v1.17.5 192.168.111.52 Ready controlplane,etcd,worker 5m47s v1.17.5 -
檢查集群 Pod 的運行情況
檢查所有必需的 Pod 和容器是否狀況良好,然后可以繼續進行。
安裝 Rancher
-
添加 Helm Chart 倉庫
helm repo add rancher-stable https://releases.rancher.com/server-charts/stable -
為 Rancher 創建 Namespace
kubectl create namespace cattle-system -
使用 Rancher 生成的自簽名證書
# 安裝 CustomResourceDefinition 資源kubectl apply -f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.12/deploy/manifests/00-crds.yaml# **重要:** # 如果您正在運行 Kubernetes v1.15 或更低版本, # 則需要在上方的 kubectl apply 命令中添加`--validate=false`標志, # 否則您將在 cert-manager 的 CustomResourceDefinition 資源中收到與 # x-kubernetes-preserve-unknown-fields 字段有關的驗證錯誤。 # 這是一個良性錯誤,是由于 kubectl 執行資源驗證的方式造成的。# 為 cert-manager 創建命名空間 kubectl create namespace cert-manager# 添加 Jetstack Helm 倉庫 helm repo add jetstack https://charts.jetstack.io# 更新本地 Helm chart 倉庫緩存 helm repo update# 安裝 cert-manager Helm chart helm install \cert-manager jetstack/cert-manager \--namespace cert-manager \--version v0.12.0# 驗證 kubectl get pods --namespace cert-managerNAME READY STATUS RESTARTS AGE cert-manager-754d9b75d9-6xbk4 1/1 Running 0 94s cert-manager-cainjector-85fbdf788-hthfn 1/1 Running 0 94s cert-manager-webhook-76f9b64b45-bmt5z 1/1 Running 0 94s -
部署 Rancher 集群
helm install rancher rancher-stable/rancher \--namespace cattle-system \--set hostname=rancher.hzqx.com -
等待 Rancher 集群運行
kubectl -n cattle-system rollout status deploy/rancher Waiting for deployment "rancher" rollout to finish: 0 of 3 updated replicas are available... deployment "rancher" successfully rolled out -
搭建完成, 訪問 https://rancher.hzqx.com, 默認用戶名密碼均為 admin
總結
以上是生活随笔為你收集整理的使用RKE部署高可用Rancher的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: 如何关闭或启动mysql服务
- 下一篇: 创建一个3D角色模型很难?3dmax和m