要为rancher搭建在 K3s 高可用集群,我们建议设置以下基础设施:
说明: 由于我只准备了三台主机,将dns服务器,数据库服务,负载均衡器全都配置到其中一台主机上,如果在正式环境中,建议将它们分开部署,具体搭建步骤如下:
机器配置如下:
配置 | 数量 | 操作系统 | 用途 |
---|---|---|---|
4C8G | 3 | centos7.6+ | k3s相关服务 |
1. 分别对三台主机设置主机名
[root@rancher-server ~]# hostnamectl set-hostname $hostname
2. 修改/etc/hosts文件,在文件中添加以下内容
"""
ip1 server
ip2 node01
ip3 node02
"""
3.关闭Selinux
sudo sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
setenforce 0
4.关闭防火墙
systemctl stop firewalld.service && systemctl disable firewalld.service
5.检查与设置时区与时间
timedatectl status
6.设置时区
ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
timedatectl set-timezone Asia/Shanghai
sudo yum install -y yum-utils device-mapper-persistent-data lvm2
sudo yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
sudo yum install docker-ce
sudo systemctl start docker
docker pull mysql:5.7
方式一:
# 版本阔以自己指定,这里安装 nginx-1.14.2
rpm -ivh http://nginx.org/packages/centos/7/x86_64/RPMS/nginx-1.14.2-1.el7_4.ngx.x86_64.rpm
rpm -ql nginx
方式二
# 下载 nginx
wget http://nginx.org/download/nginx-1.14.2.tar.gz
# 安装编译依赖包
yum -y install gcc gcc-c++ automake pcre pcre-devel zlib zlib-devel openssl openssl-devel
# 解压并移动文件夹到/usr/local下
tar -zxvf nginx-1.14.2.tar.gz
mv -t /usr/local/nginx-1.14.2
# 编译nginx,加入stream模块
./configure --with-stream --with-stream_ssl_module --with-http_stub_status_module
# 执行编译,安装
make && make install
# 查看nginx版本以及新增模块
cd /usr/local/nginx/sbin
./nginx -V
# vim ~/.bash_profile
加入 export PATH=$PATH:/usr/local/nginx/sbin/
source ~/.bash_profile
# 验证是否成功
nginx -t
# 重启/停止
nginx -s reload/start
# 配置如下
user nginx;
worker_processes 4;
worker_rlimit_nofile 40000;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 8192;
}
# 四层负载均衡
stream {
# 为后面rancher访问提供负载均衡,Rancher 服务器将通过端口 80 和 443 到达
upstream rancher_servers_http {
least_conn;
server 192.168.4.97:80 max_fails=3 fail_timeout=5s;
server 192.168.4.98:80 max_fails=3 fail_timeout=5s;
}
server {
listen 80;
proxy_pass rancher_servers_http;
}
upstream rancher_servers_https {
least_conn;
server 192.168.4.97:443 max_fails=3 fail_timeout=5s;
server 192.168.4.98:443 max_fails=3 fail_timeout=5s;
}
server {
listen 443;
proxy_pass rancher_servers_https;
}
upstream k3s {
server 192.168.4.97:6443;
server 192.168.4.98:6443;
}
# Kubernetes API 服务器将通过端口 6443 到达
server {
listen 6443;
proxy_pass k3s;
}
}
yum -y install net-tools
netstat -ant
在centos 配置dns服务(具体搭建可以查看相关资料)
Generated by NetworkManager
nameserver 192.168.4.96
nameserver 188.188.77.79
nameserver 8.8.8.8
vim /etc/sysconfig/network-scripts/ifcfg-eth0
...
GATEWAY="192.168.4.1"
DNS1="192.168.4.96"
DNS2="188.188.77.79"
DNS3="8.8.8.8"
IPV6_PRIVACY="no"
...
systemctl restart network
检查dns是否配置成功 ping 域名
[root@server named]# systemctl restart network
[root@server named]# ping ns.skyrancher.com
PING ns.skyrancher.com (192.168.4.96) 56(84) bytes of data.
64 bytes from server (192.168.4.96): icmp_seq=1 ttl=64 time=0.027 ms
64 bytes from server (192.168.4.96): icmp_seq=2 ttl=64 time=0.034 ms
64 bytes from server (192.168.4.96): icmp_seq=3 ttl=64 time=0.030 ms
64 bytes from server (192.168.4.96): icmp_seq=4 ttl=64 time=0.042 ms
1. 在线安装
# 安装脚本 --tls-san YOUR_IP_OR_HOSTNAME_HERE 配置固定的注册地址
curl -sfL http://rancher-mirror.cnrancher.com/k3s/k3s-install.sh | INSTALL_K3S_MIRROR=cn INSTALL_K3S_VERSION=v1.19.8+k3s1 sh -s - server --tls-san ns.skyrancher.com --datastore-endpoint="mysql://root:123456@tcp(ip:3306)/db"
# 在另一台主机重复执行相同的命令
# 安装完成,检测是否安装成功
[root@rancher-node02 ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
rancher-node01 Ready control-plane,master 16h v1.19.8+k3s1
rancher-node02 Ready control-plane,master 16h v1.19.8+k3s1
[root@rancher-node02 ~]# kubectl get pods --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system helm-install-traefik-crd-7sr5s 0/1 Completed 0 16h
kube-system helm-install-traefik-22kcd 0/1 Completed 3 16h
kube-system svclb-traefik-m6wqw 2/2 Running 0 16h
kube-system traefik-97b44b794-tpkgl 1/1 Running 0 16h
kube-system coredns-7448499f4d-ngm4g 1/1 Running 5 16h
kube-system local-path-provisioner-5ff76fc89d-q5cx6 1/1 Running 5 16h
kube-system metrics-server-86cbb8457f-vsj6z 1/1 Running 5 16h
kube-system svclb-traefik-jn29x 2/2 Running 6 16h
k3s高可用服务搭建完成
2.离线安装
1. 请按照以下步骤准备镜像目录和 K3s 二进制文件。
从K3s GitHub Release页面获取你所运行的 K3s 版本的镜像 tar 文件,文件包括
k3s-airgap-images-$ARCH.tar
k3s # 二进制文件
install.sh # 对应发行版本的安装脚本
2.将 tar 文件放在images目录下,例如:
"""
sudo mkdir -p /var/lib/rancher/k3s/agent/images/
sudo cp ./k3s-airgap-images-amd64.tar /var/lib/rancher/k3s/agent/images/
"""
3.将 k3s 二进制文件放在 /usr/local/bin/k3s路径,并确保拥有可执行权限。完成后,现在可以转到下面的安装 K3s部分,开始安装 K3s
cp k3s /usr/local/bin/k3s
chmod u+x /usr/local/bin/k3s
4.高可用安装您需要调整安装命令,以便指定INSTALL_K3S_SKIP_DOWNLOAD=true并在本地运行安装脚本。您还将利用INSTALL_K3S_EXEC='args'为 k3s 提供其他参数。
yum install -y container-selinux selinux-policy-base
yum install -y https://rpm.rancher.io/k3s/stable/common/centos/7/noarch/k3s-selinux-0.2-1.el7_8.noarch.rpm
5.安装k3s
INSTALL_K3S_SKIP_DOWNLOAD=true INSTALL_K3S_EXEC='server --tls-san 192.168.4.96 --datastore-endpoint=mysql://root:123456@tcp(192.168.4.96:3306)/test' ./install.sh
5.集群访问,可以在本地通过kubectl 对k3s集群进行管理
# 在/etc/yum.repos.d/目录下添加Kubernetes的yum源
sudo vim /etc/yum.repos.d/kubernetes.repo
添加信息如下:
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=0
# 安装kubectl
yum install -y kubectl.x86_64
# 远程拷贝k3s服务配置文件
scp root@ip:/etc/rancher/k3s/k3s.yaml .
# 复制到 ~/.kube目录下,这可以通过导出KUBECONFIG环境变量或调用--kubeconfig命令行标志来指定配置文件路径
cp k3s.yaml .kube/config
# 修改配置文件
vim .kube/config
"""
server: https://ip或者域名:6443 # 这个ip为负载均衡的ip
"""
# 本地访问集群
kubectl get nodes
"""
NAME STATUS ROLES AGE VERSION
rancher-node02 Ready control-plane,master 16h v1.21.1+k3s1
rancher-node01 Ready control-plane,master 16h v1.21.1+k3s1
"""
kubectl get pods --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system svclb-traefik-m6wqw 2/2 Running 0 17h
kube-system traefik-97b44b794-tpkgl 1/1 Running 0 17h
kube-system coredns-7448499f4d-ggrfx 1/1 Running 0 16m
kube-system metrics-server-86cbb8457f-nprj9 1/1 Running 0 16m
kube-system local-path-provisioner-5ff76fc89d-96slh 1/1 Running 0 16m
kube-system svclb-traefik-jn29x 2/2 Running 12 17h
/usr/local/bin/k3s-uninstall.sh