0
点赞
收藏
分享

微信扫一扫

使用K3S集群搭建高可用Rancher笔记

抓个新东西,重温小朋友辛苦学习123的过程

K3s运行环境

DISTRIB_ID=Ubuntu

DISTRIB_RELEASE=20.04

DISTRIB_CODENAME=focal

DISTRIB_DESCRIPTION="Ubuntu 20.04.3 LTS"

Client: Docker Engine

  • ent: Docker Engine - Community

Version: 20.10.12
API version: 1.41
Go version: go1.16.12
Git commit: e91ed57
Built: Mon Dec 13 11:45:33 2021
OS/Arch: linux/amd64
Context: default
Experimental: true
Server: Docker Engine

  • ver: Docker Engine - Community

Engine:
Version: 20.10.12
API version: 1.41 (minimum version 1.12)
Go version: go1.16.12
Git commit: 459d0df
Built: Mon Dec 13 11:43:42 2021
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.4.12
GitCommit: 7b11cfaabd73bb80907dd23182b9347b4245eb5d
runc:
Version: 1.0.2
GitCommit: v1.0.2-0-g52b36a2
docker-init:
Version: 0.19.0
GitCommit: de40ad0

禁用防火墙 sudo ufw disable

随便挑一个节点使用内置数据库etcd初始化k3s集群 (以192.168.192.168为例)

  • l -sfL http://rancher-mirror.cnrancher.com/k3s/k3s-install.sh | INSTALL_K3S_MIRROR=cn K3S_TOKEN=secrettoken sh -s - --cluster-init

换另外两个节点分别加入集群,其中server参数为上面初始化群集的ip

  • l -sfL http://rancher-mirror.cnrancher.com/k3s/k3s-install.sh | INSTALL_K3S_MIRROR=cn K3S_TOKEN=secrettoken sh -s - --server https://192.168.192.168:6443

等三个节点全部ready后找个节点开始helm部署rancher

sudo kubectl get nodes

NAME                   STATUS   ROLES                       AGE    VERSION

k3s2-rancher   Ready    control-plane,etcd,master   144m   v1.22.6+k3s1

k3s3-rancher   Ready    control-plane,etcd,master   147m   v1.22.6+k3s1

k3s4-rancher   Ready    control-plane,etcd,master   145m   v1.22.6+k3s1

先生成自签名证书,使用rancher官网的脚本即可

​​https://docs.rancher.cn/docs/rancher2.5/installation/resources/advanced/self-signed-ssl/_index/#41-%E4%B8%80%E9%94%AE%E7%94%9F%E6%88%90-ssl-%E8%87%AA%E7%AD%BE%E5%90%8D%E8%AF%81%E4%B9%A6%E8%84%9A%E6%9C%AC​​

把ip 域名都加进去

./ssl.sh --ssl-domain=rancher.yourdomain.com --ssl-trusted-domain=k3s2-rancher.yourdomain.com,k3s3-rancher.yourdomain.com,k3s4-rancher.yourdomain.com \

--ssl-trusted-ip=192.168.192.167,192.168.192.168,192.168.192.169--ssl-size=2048 --ssl-date=3650

helm可以从rancher官网的镜像网站下载 ​​http://mirror.cnrancher.com/​​

rancher chart仓库使用官方的阿里云,这里使用stable

helm repo add rancher-stable http://rancher-mirror.oss-cn-beijing.aliyuncs.com/server-charts/stable

跟着文档一步步创建namespace

kubectl create namespace cattle-system

安装rancher前因为使用了自签名证书,还要配置一下K8S这边

kubectl -n cattle-system create secret tls tls-rancher-ingress \

 --cert=tls.crt \

 --key=tls.key

网友这篇博客还加了另一个generic,暂时不懂先记下来​​https://blog.51cto.com/denwork/2525330​​ 

kubectl create secret generic tls-ca -n cattle-system --from-file=cacerts.pem

完事就是最后一步

sudo helm --kubeconfig=/etc/rancher/k3s/k3s.yaml install rancher rancher-stable/rancher --name cattle-system --set hostname=rancher.yourdomain.com --set replicas=3 --set tls=external --set privateCA=true

在DNS上做好解析,等K8S搞完就可以访问rancher了


举报

相关推荐

0 条评论