ubuntu系统上基于RKE2部署K8S及Rancher
由于我们特殊的网络环境,所以只能使用国内资源来进行安装
- Rancher Releases Mirrors:https://mirror.rancher.cn/
- 阿里云镜像仓库:registry.cn-hangzhou.aliyuncs.com
1、配置资源仓库及token
root@demo-1:~# mkdir -p /etc/rancher/rke2/
root@demo-1:~# cat >/etc/rancher/rke2/config.yaml <<EOL
token: 123456
system-default-registry: registry.cn-hangzhou.aliyuncs.com
EOL2、安装RKE2
root@demo-1:~# curl -sfL https://rancher-mirror.rancher.cn/rke2/install.sh | \INSTALL_RKE2_MIRROR=cn sh -
[INFO] finding release for channel stable
[INFO] using v1.28.10-rke2r1 as release
[INFO] downloading checksums at https://rancher-mirror.rancher.cn/rke2/releases/download/v1.28.10-rke2r1/sha256sum-amd64.txt
[INFO] downloading tarball at https://rancher-mirror.rancher.cn/rke2/releases/download/v1.28.10-rke2r1/rke2.linux-amd64.tar.gz
[INFO] verifying tarball
[INFO] unpacking tarball file to /usr/local
3、启动RKE2
root@demo-1:~# systemctl start rke2-server.service这里看网络速度了,可能要等一会才会完成。
4、软连接集群配置文件和操作工具
ln -s /var/lib/rancher/rke2/bin/kubectl /usr/local/bin/kubectl
ln -s /var/lib/rancher/rke2/bin/crictl /usr/local/bin/crictl5、至此,k8s部署完成,再新增一个负载节点,在另一台主机上执行
cat >/etc/rancher/rke2/config.yaml <<EOL
server: https://172.16.103.14:9345
token: 123456
EOL这里的172.16.103.14就是上面一开始部署的主机IP,充当管理节点角色
6、然后在负载节点上执行
curl -sfL https://rancher-mirror.rancher.cn/rke2/install.sh | INSTALL_RKE2_MIRROR=cn INSTALL_RKE2_TYPE="agent" sh -7、在负载节点上启动rke2
systemctl start rke2-agent.service等待一会,就启动完成了
8、此时k8s已安装完成,可以使用指令查看节点和pod状态
root@ems04:/data/rancher# kubectl get no
NAME STATUS ROLES AGE VERSION
ems03 Ready <none> 4h14m v1.31.7+rke2r1
ems04 Ready control-plane,etcd,master 24h v1.31.7+rke2r1root@ems04:/data/rancher# kubectl get pod -A
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system cloud-controller-manager-ems04 1/1 Running 0 24h
kube-system etcd-ems04 1/1 Running 0 24h
kube-system helm-install-rke2-canal-4hwjb 0/1 Completed 0 24h
kube-system helm-install-rke2-coredns-d97wm 0/1 Completed 0 24h
kube-system helm-install-rke2-ingress-nginx-gvxcs 0/1 Completed 0 24h
kube-system helm-install-rke2-metrics-server-2ftmq 0/1 Completed 0 24h
kube-system helm-install-rke2-runtimeclasses-f9429 0/1 Completed 0 24h
kube-system helm-install-rke2-snapshot-controller-crd-h57wz 0/1 Completed 0 24h
kube-system helm-install-rke2-snapshot-controller-dwxdj 0/1 Completed 1 24h
kube-system kube-apiserver-ems04 1/1 Running 0 24h
kube-system kube-controller-manager-ems04 1/1 Running 0 24h
kube-system kube-proxy-ems03 1/1 Running 0 4h19m
kube-system kube-proxy-ems04 1/1 Running 0 24h
kube-system kube-scheduler-ems04 1/1 Running 0 24h
kube-system rke2-canal-27q8x 2/2 Running 0 24h
kube-system rke2-canal-4klks 2/2 Running 0 4h19m
kube-system rke2-coredns-rke2-coredns-54dfd85b5c-5wvs5 1/1 Running 0 24h
kube-system rke2-coredns-rke2-coredns-54dfd85b5c-ct6k9 1/1 Running 0 4h19m
kube-system rke2-coredns-rke2-coredns-autoscaler-7ccb6b464f-wtvnd 1/1 Running 0 24h
kube-system rke2-ingress-nginx-controller-lsgb2 1/1 Running 0 24h
kube-system rke2-ingress-nginx-controller-z6czw 1/1 Running 0 4h16m
kube-system rke2-metrics-server-69487b88b6-gn7f7 1/1 Running 0 24h
kube-system rke2-snapshot-controller-6bd8fc774f-tnhv4 1/1 Running 0 24h
9、安装helm
curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash
10、添加 Helm Chart 仓库
helm repo add rancher-stable https://releases.rancher.com/server-charts/stable
helm repo add rancher-latest https://releases.rancher.com/server-charts/latest# 更新helm仓库
helm repo update
# 查看helm仓库
helm repo list
11、为 Rancher 创建命名空间
kubectl create namespace cattle-system12、一键生成自签名 SSL 证书
证书来自:生成自签名 SSL 证书 | Rancher文档 3
bash create_self-signed-cert.sh --ssl-domain=rancher.platform.com --ssl-size=2048 --ssl-date=36500此处的域名要记住,后面会用到
13、添加 TLS 密文,该步骤必不可少,不然后面安装rancher不成功!
# 创建命名空间:cattle-system
cd
kubectl create namespace cattle-system## 创建自签名Ingress证书
kubectl -n cattle-system create secret tls tls-rancher-ingress \--cert=/root/ssl/tls.crt \--key=/root/ssl/tls.key## 创建自签名证书CA
kubectl -n cattle-system create secret generic tls-ca \--from-file=cacerts.pem=/root/ssl/cacerts.pem注:这里的/root/ssl是我用的路径,各位大侠使用的时候,记得换成自己生成证书的路径
14、安装rancher,注意配置上述生成证书时候使用的域名
helm install rancher rancher-stable/rancher \--namespace cattle-system \--set hostname=rancher.platform.com \--set replicas=1 \--set ingress.tls.source=secret \--set privateCA=true \--set bootstrapPassword=123456 \--set rancherImage=registry.cn-hangzhou.aliyuncs.com/rancher/rancher \--set systemDefaultRegistry=registry.cn-hangzhou.aliyuncs.com#或者使用离线方式
helm install rancher ./rancher-2.11.0.tgz \--namespace cattle-system \--set hostname=rancher.platform.com \--set replicas=1 \--set ingress.tls.source=secret \--set privateCA=true \--set bootstrapPassword=123456 \--set rancherImage=registry.cn-hangzhou.aliyuncs.com/rancher/rancher \--set systemDefaultRegistry=registry.cn-hangzhou.aliyuncs.com#列出所有podkubectl get pod -A
#查看rancher pod状态
kubectl describe pod rancher-6d8fd95966-pxzd9 -n cattle-system不出意外,经过一段时间的等待后,rancher即可部署成功,
配置好本地host域名解析,
浏览器输入https://rancher.platform.com即可访问到ranche欢迎界面