rke安装环境准备

Operating System Requirements

RKE runs on almost any Linux OS with Docker installed. Most of the development and testing of RKE occurred on Ubuntu 16.04. However, some OS's have restrictions and specific requirements.

  • [SSH user]({{< baseurl >}}/rke/v0.1.x/en/config-options/nodes/#ssh-user) - The SSH user used for node access must be a member of the docker group on the node:

    usermod -aG docker 

    See Manage Docker as a non-root user to see how you can configure access to Docker without using the root user.

  • Swap should be disabled on any worker nodes

RedHat Enterprise Linux (RHEL) / CentOS

If using RedHat Enterprise Linux or CentOS, you cannot use the root user as [SSH user]({{< baseurl >}}/rke/v0.1.x/en/config-options/nodes/#ssh-user) due to Bugzilla 1527565. Please follow the instructions below how to setup Docker correctly, based on the way you installed Docker on the node.

Using upstream Docker

If you are using upstream Docker, the package name is docker-ce or docker-ee. You can check the installed package by executing:

rpm -q docker-ce

When using the upstream Docker packages, please follow Manage Docker as a non-root user.

Using RHEL/CentOS packaged Docker

If you are using the Docker Docker package supplied by RedHat / CentOS, the package name is docker. You can check the installed package by executing:

rpm -q docker

If you are using the Docker package supplied by RedHat / CentOS, the dockerroot group is automatically added to the system. You will need to edit (or create) /etc/docker/daemon.json to include the following:

{
    "group": "dockerroot"
}

Restart Docker after editing or creating the file. After restarting Docker, you can check the group permission of the Docker socket (/var/run/docker.sock), which should show dockerroot as group:

srw-rw----. 1 root dockerroot 0 Jul  4 09:57 /var/run/docker.sock

Add the SSH user you want to use to this group, this can't be the root user.

usermod -aG dockerroot 

To verify that the user is correctly configured, log out of the node and login with your SSH user, and execute docker ps:

ssh @node
$ docker ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES

Software

  • Docker - Each Kubernetes version supports different Docker versions.
Kubernetes Version Docker 1.12.6 Docker 1.13.1 Docker 17.03.2
v1.10.x X X X
v1.9.x X X X
v1.8.x X X X

You can either follow the Docker installation instructions or use one of Rancher's install scripts to install Docker.

Docker Version Install Script
17.03.2 curl https://releases.rancher.com/install-docker/17.03.sh sh
1.13.1 curl https://releases.rancher.com/install-docker/1.13.sh sh
1.12.6 curl https://releases.rancher.com/install-docker/1.12.sh sh

Confirm that a Kubernetes supported version of Docker is installed on your machine, by running docker version.

$ docker version
Client:
 Version:      17.03.2-ce
 API version:  1.27
 Go version:   go1.7.5
 Git commit:   f5ec1e2
 Built:        Tue Jun 27 03:35:14 2017
 OS/Arch:      linux/amd64

Server:
 Version:      17.03.2-ce
 API version:  1.27 (minimum version 1.12)
 Go version:   go1.7.5
 Git commit:   f5ec1e2
 Built:        Tue Jun 27 03:35:14 2017
 OS/Arch:      linux/amd64
 Experimental: false
  • OpenSSH 7.0+ - In order to SSH into each node, OpenSSH must be installed on each node.

Ports

{{< requirements_ports_rke >}}

If you are using an external firewall, make sure you have this port opened between the machine you are using to run rke and the nodes that you are going to use in the cluster.

Opening port TCP/6443 using `iptables``

# Open TCP/6443 for all
iptables -A INPUT -p tcp --dport 6443 -j ACCEPT

# Open TCP/6443 for one specific IP
iptables -A INPUT -p tcp -s your_ip_here --dport 6443 -j ACCEPT

Opening port TCP/6443 using firewalld

# Open TCP/6443 for all
firewall-cmd --zone=public --add-port=6443/tcp --permanent
firewall-cmd --reload

# Open TCP/6443 for one specific IP
firewall-cmd --permanent --zone=public --add-rich-rule='
  rule family="ipv4"
  source address="your_ip_here/32"
  port protocol="tcp" port="6443" accept'
firewall-cmd --reload

Notes about Atomic Nodes

Before trying to use RKE with Atomic nodes, there are a couple of updates to the OS that need to occur in order to get RKE working.

Container Volumes

In RKE, most of the volumes are mounted with option z, but there are some container volumes that may have some issues in Atomic due to SELinux.

Before running RKE, users will need to run the following commands to make some additional directories:

# mkdir /opt/cni /etc/cni
# chcon -Rt svirt_sandbox_file_t /etc/cni
# chcon -Rt svirt_sandbox_file_t /opt/cni

OpenSSH version

By default, Atomic hosts ship with OpenSSH 6.4, which doesn't support SSH tunneling, which is a core RKE requirement. If you upgrade to the latest version of OpenSSH supported by Atomic, it will correct the SSH issue.

Creating a Docker Group

By default, Atomic hosts do not come with a Docker group. You can update the ownership of the Docker socket by enabling the specific user in order to launch RKE.

# chown  /var/run/docker.sock

你可能感兴趣的:(rke安装环境准备)