抓个新东西,重温小朋友辛苦学习123的过程
K3s运行环境
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=20.04
DISTRIB_CODENAME=focal
DISTRIB_DESCRIPTION="Ubuntu 20.04.3 LTS"
Client: Docker Engine
- ent: Docker Engine - Community
Version: 20.10.12
API version: 1.41
Go version: go1.16.12
Git commit: e91ed57
Built: Mon Dec 13 11:45:33 2021
OS/Arch: linux/amd64
Context: default
Experimental: true
Server: Docker Engine
- ver: Docker Engine - Community
Engine:
Version: 20.10.12
API version: 1.41 (minimum version 1.12)
Go version: go1.16.12
Git commit: 459d0df
Built: Mon Dec 13 11:43:42 2021
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.4.12
GitCommit: 7b11cfaabd73bb80907dd23182b9347b4245eb5d
runc:
Version: 1.0.2
GitCommit: v1.0.2-0-g52b36a2
docker-init:
Version: 0.19.0
GitCommit: de40ad0
禁用防火墙 sudo ufw disable
随便挑一个节点使用内置数据库etcd初始化k3s集群 (以192.168.192.168为例)
- l -sfL http://rancher-mirror.cnrancher.com/k3s/k3s-install.sh | INSTALL_K3S_MIRROR=cn K3S_TOKEN=secrettoken sh -s - --cluster-init
换另外两个节点分别加入集群,其中server参数为上面初始化群集的ip
- l -sfL http://rancher-mirror.cnrancher.com/k3s/k3s-install.sh | INSTALL_K3S_MIRROR=cn K3S_TOKEN=secrettoken sh -s - --server https://192.168.192.168:6443
等三个节点全部ready后找个节点开始helm部署rancher
sudo kubectl get nodes
NAME STATUS ROLES AGE VERSION
k3s2-rancher Ready control-plane,etcd,master 144m v1.22.6+k3s1
k3s3-rancher Ready control-plane,etcd,master 147m v1.22.6+k3s1
k3s4-rancher Ready control-plane,etcd,master 145m v1.22.6+k3s1
先生成自签名证书,使用rancher官网的脚本即可
https://docs.rancher.cn/docs/rancher2.5/installation/resources/advanced/self-signed-ssl/_index/#41-%E4%B8%80%E9%94%AE%E7%94%9F%E6%88%90-ssl-%E8%87%AA%E7%AD%BE%E5%90%8D%E8%AF%81%E4%B9%A6%E8%84%9A%E6%9C%AC
把ip 域名都加进去
./ssl.sh --ssl-domain=rancher.yourdomain.com --ssl-trusted-domain=k3s2-rancher.yourdomain.com,k3s3-rancher.yourdomain.com,k3s4-rancher.yourdomain.com \
--ssl-trusted-ip=192.168.192.167,192.168.192.168,192.168.192.169--ssl-size=2048 --ssl-date=3650
helm可以从rancher官网的镜像网站下载 http://mirror.cnrancher.com/
rancher chart仓库使用官方的阿里云,这里使用stable
helm repo add rancher-stable http://rancher-mirror.oss-cn-beijing.aliyuncs.com/server-charts/stable
跟着文档一步步创建namespace
kubectl create namespace cattle-system
安装rancher前因为使用了自签名证书,还要配置一下K8S这边
kubectl -n cattle-system create secret tls tls-rancher-ingress \
--cert=tls.crt \
--key=tls.key
网友这篇博客还加了另一个generic,暂时不懂先记下来https://blog.51cto.com/denwork/2525330
kubectl create secret generic tls-ca -n cattle-system --from-file=cacerts.pem
完事就是最后一步
sudo helm --kubeconfig=/etc/rancher/k3s/k3s.yaml install rancher rancher-stable/rancher --name cattle-system --set hostname=rancher.yourdomain.com --set replicas=3 --set tls=external --set privateCA=true
在DNS上做好解析,等K8S搞完就可以访问rancher了