使用rancher2搭建k8s集群

使用rancher搭建k8s集群

  • 使用vmware安装rancher
  • 启动rancher
  • 安装coreos(iso)
  • 安装coreos(vmware)
    • 下载vmware格式文件
    • 配置文件
      • 编写yml文件
      • 转成json格式
      • 补上version信息
      • base64加密
    • 启动虚拟机
      • 启动
      • 修改密码
      • 允许远程登陆
  • 搭建k8s集群
    • 开放端口
    • 创建集群
    • 关闭防火墙

使用vmware安装rancher

rancher可以使用docker machine来安装,但是这个方法要求物理机是linux系统。
在官网下载vmdk文件

启动rancher

docker run -d --name rancher -p 80:80 -p 443:443 --restart=unless-stopped rancher/rancher

安装coreos(iso)

官方提供提供了ova,也可以下载iso 来安装

安装coreos(vmware)

参考了网上资料 但是文件格式转换搞不定

下载vmware格式文件

配置文件

编写yml文件

passwd:
 users:
  - name: root
    password_hash: $1$VZmbR0yt$9FWIpMVPTbouVNzQbXkfv0
    ssh_authorized_keys:
     - ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAs8yiypQZiiNcI/kkr1DtZoaHI1NopxfsA7DjW+Qf5roWZRXOqfoUHidb2rQ06C5JAiH+up1urUScEtBO9xjKcBtc9QTSOqk84oWlImQ8czXh9JWbrYJhIEQHdhOj5F76hjstLPYRG0hIh3+VAyDM1+WZrcmrnSmTxfoaOPdB8dMdJ2R4brjXnsIzXhZ7O/IZrymyP6ELV4NSqNYcNdWFbpm5yHV9xOCTlDayVYITISooR8sVsEqGLysb+XHEjqoWUj+5nhpemvuoAXeQh/WF
    groups:
     - sudo
     - docker

networkd:
 units:
  - name: static.network
    contents: |
      [Match]
      Name=ens192

      [Network]
      Address=192.168.1.222/24

storage:
 files:
 - path: /etc/hostname
    filesystem: root
    mode: 0644
    contents:
     inline: core2
- path: /etc/hosts
  filesystem: root
  mode: 0644
  contents:
    inline: |
      127.0.0.1  localhost
      ::1        localhost
      192.168.1.221 core1
      192.168.1.222 core2
      192.168.1.223 core3

systemd:
units:
- name: "settimezone.service"
  enabled: true
  contents: |
    [Unit]
    Description=Set the timezone

    [Service]
    Type=oneshot
    RemainAfterExit=yes
    ExecStart=/usr/bin/timedatectl set-timezone Asia/Shanghai

    [Install]
    WantedBy=multi-user.target

etcd:
version:                     "3.3.12"
name:                        "core2"
advertise_client_urls:       "http://192.168.1.222:2379"
initial_advertise_peer_urls:  "http://192.168.1.222:2380"
listen_client_urls:          "http://0.0.0.0:2379"
listen_peer_urls:           "http://192.168.1.222:2380"
initial_cluster:             "core1=http://192.168.1.221:2380,core2=http://192.168.1.222:2380,core3=http://192.168.1.223:2380"

具体格式可以参考前面那个网站。不过我设置了password_hash和ssh_authorized_keys貌似都不生效

转成json格式

按照上面的方法用ct工具转json得到的是一个空文件
我是用的网上转json 工具转json

补上version信息

然后按照官网 上面Ignition Config格式给json加上一段

"ignition": {
	"config": {},
"timeouts": {},
"version": "2.1.0"
},

如果不加上上面这一段就会报failed to fetch config: unsupported config version这个错误
现在的json是这个样子

{
"ignition": {
"config": {},
"timeouts": {},
"version": "2.1.0"
},
"passwd": {
"users": [
  {
    "name": "root",
    "password_hash": "$1$VZmbR0yt$9FWIpMVPTbouVNzQbXkfv0",
    "ssh_authorized_keys": [
      "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAs8yiypQZiiNcI/kkr1DtZoaHI1NopxfsA7DjW+Qf5roWZRXOqfoUHidb2rQ06C5JAiH+up1urUScEtBO9xjKcBtc9QTSOqk84oWlImQ8czXh9JWbrYJhIEQHdhOj5F76hjstLPYRG0hIh3+VAyDM1+WZrcmrnSmTxfoaOPdB8dMdJ2R4brjXnsIzXhZ7O/IZrymyP6ELV4NSqNYcNdWFbpm5yHV9xOCTlDayVYITISooR8sVsEqGLysb+XHEjqoWUj+5nhpemvuoAXeQh/WF"
    ],
    "groups": [
      "sudo",
      "docker"
    ]
  }
]
},
"networkd": {
"units": [
  {
    "name": "static.network",
    "contents": "[Match]\nName=ens192\n\n[Network]\nAddress=192.168.1.222/24\n"
  }
]
},
"storage": {
"files": [
  {
    "path": "/etc/hostname",
    "filesystem": "root",
    "mode": 420,
    "contents": {
      "inline": "core2"
    }
  },
  {
    "path": "/etc/hosts",
    "filesystem": "root",
    "mode": 420,
    "contents": {
      "inline": "127.0.0.1  localhost\n::1        localhost\n192.168.1.221 core1\n192.168.1.222 core2\n192.168.1.223 core3\n"
    }
  }
]
},
"systemd": {
"units": [
  {
    "name": "settimezone.service",
    "enabled": true,
    "contents": "[Unit]\nDescription=Set the timezone\n\n[Service]\nType=oneshot\nRemainAfterExit=yes\nExecStart=/usr/bin/timedatectl set-timezone Asia/Shanghai\n\n[Install]\nWantedBy=multi-user.target\n"
  }
]
},
"etcd": {
"version": "3.3.12",
"name": "core2",
"advertise_client_urls": "http://192.168.1.222:2379",
"initial_advertise_peer_urls": "http://192.168.1.222:2380",
"listen_client_urls": "http://0.0.0.0:2379",
"listen_peer_urls": "http://192.168.1.222:2380",
"initial_cluster": "core1=http://192.168.1.221:2380,core2=http://192.168.1.222:2380,core3=http://192.168.1.223:2380"
}
}

base64加密

然后找个网站 进行base64加密得到

ewoiaWduaXRpb24iOiB7CiAgICAiY29uZmlnIjoge30sCiAgICAidGltZW91dHMiOiB7fSwKICAgICJ2ZXJzaW9uIjogIjIuMS4wIgogIH0sCiAgInBhc3N3ZCI6IHsKICAgICJ1c2VycyI6IFsKICAgICAgewogICAgICAgICJuYW1lIjogInJvb3QiLAogICAgICAgICJwYXNzd29yZF9oYXNoIjogIiQxJFZabWJSMHl0JDlGV0lwTVZQVGJvdVZOelFiWGtmdjAiLAogICAgICAgICJzc2hfYXV0aG9yaXplZF9rZXlzIjogWwogICAgICAgICAgInNzaC1yc2EgQUFBQUIzTnphQzF5YzJFQUFBQUJJd0FBQVFFQXM4eWl5cFFaaWlOY0kva2tyMUR0Wm9hSEkxTm9weGZzQTdEalcrUWY1cm9XWlJYT3Fmb1VIaWRiMnJRMDZDNUpBaUgrdXAxdXJVU2NFdEJPOXhqS2NCdGM5UVRTT3FrODRvV2xJbVE4Y3pYaDlKV2JyWUpoSUVRSGRoT2o1Rjc2aGpzdExQWVJHMGhJaDMrVkF5RE0xK1dacmNtcm5TbVR4Zm9hT1BkQjhkTWRKMlI0YnJqWG5zSXpYaFo3Ty9JWnJ5bXlQNkVMVjROU3FOWWNOZFdGYnBtNXlIVjl4T0NUbERheVZZSVRJU29vUjhzVnNFcUdMeXNiK1hIRWpxb1dVais1bmhwZW12dW9BWGVRaC9XRiIKICAgICAgICBdLAogICAgICAgICJncm91cHMiOiBbCiAgICAgICAgICAic3VkbyIsCiAgICAgICAgICAiZG9ja2VyIgogICAgICAgIF0KICAgICAgfQogICAgXQogIH0sCiAgIm5ldHdvcmtkIjogewogICAgInVuaXRzIjogWwogICAgICB7CiAgICAgICAgIm5hbWUiOiAic3RhdGljLm5ldHdvcmsiLAogICAgICAgICJjb250ZW50cyI6ICJbTWF0Y2hdXG5OYW1lPWVuczE5MlxuXG5bTmV0d29ya11cbkFkZHJlc3M9MTkyLjE2OC4xLjIyMi8yNFxuIgogICAgICB9CiAgICBdCiAgfSwKICAic3RvcmFnZSI6IHsKICAgICJmaWxlcyI6IFsKICAgICAgewogICAgICAgICJwYXRoIjogIi9ldGMvaG9zdG5hbWUiLAogICAgICAgICJmaWxlc3lzdGVtIjogInJvb3QiLAogICAgICAgICJtb2RlIjogNDIwLAogICAgICAgICJjb250ZW50cyI6IHsKICAgICAgICAgICJpbmxpbmUiOiAiY29yZTIiCiAgICAgICAgfQogICAgICB9LAogICAgICB7CiAgICAgICAgInBhdGgiOiAiL2V0Yy9ob3N0cyIsCiAgICAgICAgImZpbGVzeXN0ZW0iOiAicm9vdCIsCiAgICAgICAgIm1vZGUiOiA0MjAsCiAgICAgICAgImNvbnRlbnRzIjogewogICAgICAgICAgImlubGluZSI6ICIxMjcuMC4wLjEgIGxvY2FsaG9zdFxuOjoxICAgICAgICBsb2NhbGhvc3RcbjE5Mi4xNjguMS4yMjEgY29yZTFcbjE5Mi4xNjguMS4yMjIgY29yZTJcbjE5Mi4xNjguMS4yMjMgY29yZTNcbiIKICAgICAgICB9CiAgICAgIH0KICAgIF0KICB9LAogICJzeXN0ZW1kIjogewogICAgInVuaXRzIjogWwogICAgICB7CiAgICAgICAgIm5hbWUiOiAic2V0dGltZXpvbmUuc2VydmljZSIsCiAgICAgICAgImVuYWJsZWQiOiB0cnVlLAogICAgICAgICJjb250ZW50cyI6ICJbVW5pdF1cbkRlc2NyaXB0aW9uPVNldCB0aGUgdGltZXpvbmVcblxuW1NlcnZpY2VdXG5UeXBlPW9uZXNob3RcblJlbWFpbkFmdGVyRXhpdD15ZXNcbkV4ZWNTdGFydD0vdXNyL2Jpbi90aW1lZGF0ZWN0bCBzZXQtdGltZXpvbmUgQXNpYS9TaGFuZ2hhaVxuXG5bSW5zdGFsbF1cbldhbnRlZEJ5PW11bHRpLXVzZXIudGFyZ2V0XG4iCiAgICAgIH0KICAgIF0KICB9LAogICJldGNkIjogewogICAgInZlcnNpb24iOiAiMy4zLjEyIiwKICAgICJuYW1lIjogImNvcmUyIiwKICAgICJhZHZlcnRpc2VfY2xpZW50X3VybHMiOiAiaHR0cDovLzE5Mi4xNjguMS4yMjI6MjM3OSIsCiAgICAiaW5pdGlhbF9hZHZlcnRpc2VfcGVlcl91cmxzIjogImh0dHA6Ly8xOTIuMTY4LjEuMjIyOjIzODAiLAogICAgImxpc3Rlbl9jbGllbnRfdXJscyI6ICJodHRwOi8vMC4wLjAuMDoyMzc5IiwKICAgICJsaXN0ZW5fcGVlcl91cmxzIjogImh0dHA6Ly8xOTIuMTY4LjEuMjIyOjIzODAiLAogICAgImluaXRpYWxfY2x1c3RlciI6ICJjb3JlMT1odHRwOi8vMTkyLjE2OC4xLjIyMToyMzgwLGNvcmUyPWh0dHA6Ly8xOTIuMTY4LjEuMjIyOjIzODAsY29yZTM9aHR0cDovLzE5Mi4xNjguMS4yMjM6MjM4MCIKICB9Cn0=

启动虚拟机

启动

按照前面网站的提示启动虚拟机,填入配置和加密方式,启动

修改密码

进去后发现无论如何都无法登陆,并且更坑的是已经进入虚拟机就无法出来,只能重启物理机
按照网上说明 进入grub加入coreos.autologin在$linux_commandline前面,Ctrl+X退出来启动,然后修改密码。这个autologin只会生效一次

允许远程登陆

cd /etc/ssh/
mv sshd_config sshd_config.backup
cat sshd_config.backup > sshd_config
vi sshd_config
# 加上PermitRootLogin yes  然后 wq!保存退出
systemctl restart sshd

搭建k8s集群

开放端口

firewall-cmd --zone=public --add-port=10250/tcp --permanent && firewall-cmd --zone=public --add-port=2379/tcp --permanent && firewall-cmd --zone=public --add-port=2380/tcp --permanent && firewall-cmd --zone=public --add-port=6443/tcp --permanent && firewall-cmd --zone=public --add-port=80/tcp --permanent

注意防火墙只能打开端口而不能关闭,否则会报错。

创建集群

在rancher页面上选择k8s集群的选项,然后rancher会给出一个docker run的命令,然后在各个安装了docker的node上执行
然后在rancher的控制台上就会看到这些node,在创建的过程中会有各种错误提示,不用管。过个几分钟后会发现所有node都是active的state

关闭防火墙

在集群创建完毕后关闭所有node的防火墙,否者会出现连不上ingress或者报504等

你可能感兴趣的:(docker)