tags:
categories:
# 自动配置脚本
curl -O http://pigx.vip/os7init.sh
sh os7init.sh hostname(自己的)
yum install -y yum-utils device-mapper-persistent-data lvm2
# 设置yum源
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
yum install -y docker-ce-19.03.8 docker-ce-cli-19.03.8 containerd.io
# 开机启动
cat <<EOF > /etc/docker/daemon.json
{
"exec-opts": ["native.cgroupdriver=systemd"],
"registry-mirrors": [
"https://registry.cn-hangzhou.aliyuncs.com",
"https://fz5yth0r.mirror.aliyuncs.com",
"https://dockerhub.mirrors.nwafu.edu.cn/",
"https://mirror.ccs.tencentyun.com",
"https://docker.mirrors.ustc.edu.cn/",
"https://reg-mirror.qiniu.com",
"http://hub-mirror.c.163.com/",
"https://registry.docker-cn.com"
]
}
EOF
systemctl enable docker && systemctl start docker
# https://docs.rancher.cn/docs/rancher2/installation/other-installation-methods/single-node-docker/_index/
# rancher:v2.5.5
docker run -d --privileged --restart=unless-stopped -p 80:80 -p 443:443 --privileged -e CATTLE_SYSTEM_CATALOG=bundled -e AUDIT_LEVEL=3 rancher/rancher:v2.5.9
# 加上自己的证书
# rancher的ssl证书文件名规则是,将rancher.tongfu.net.pem文件改成cert.pem,将rancher.tongfu.net.key文件改成key.pem。
docker run -d --privileged --restart=unless-stopped -p 443:443 --privileged -e CATTLE_SYSTEM_CATALOG=bundled -e AUDIT_LEVEL=3 -v /root/rancher/ssl/:/etc/rancher/ssl/ --memory 4g --memory-swap -1 rancher/rancher:v2.5.9 --no-cacerts
# 一定要耐心等待 访问即可
https://192.168.0.109/
hostnamectl set-hostname xxx
# 下载二进制文件1.14到1.16
https://github.com/rancher/rke/releases/tag/v1.0.0
# 下载二进制文件1.16到1.18
https://github.com/rancher/rke/releases/tag/v1.2.0
# 下载二进制文件最新
https://github.com/rancher/rke/releases/latest
wget https://github.com/rancher/rke/releases/download/v1.2.0/rke_linux-amd64
chmod +x rke_linux-amd64
mv rke_linux-amd64 /usr/bin/
rke_linux-amd64 --version
# 下载
https://storage.googleapis.com/kubernetes-release/release/v1.19.0/kubernetes-client-linux-amd64.tar.gz
# 安装
tar zxvf kubernetes-client-linux-amd64.tar.gz -C /usr/src/
cp /usr/src/kubernetes/client/bin/kubectl /usr/bin/kubectl
chmod +x /usr/bin/kubectl
# 配置kubectl的shell补全 CentOS未安装的bash-completion软件包。
yum install bash-completion -y
# 可将kubectl自动补全添加到当前shell,要使kubectl自动补全命令自动加载
echo "source <(kubectl completion bash)" >> ~/.bashrc
# 1. 在rancher1,rancher2,rancher3执行以下命令
useradd rancher
passwd rancher
# 授权docker权限 在rancher1,rancher2,rancher3执行以下命令
# 2. 将登陆用户develop加入到docker用户组中
gpasswd -a rancher docker
#更新用户组
newgrp docker
# 切换到rancher用户进行测试
su rancher
docker ps
# 3. 添加ssh信任,在rancher1,rancher2,rancher3执行以下命令
su rancher
ssh-keygen -t rsa -P "" -f ~/.ssh/id_rsa
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
# 4. 复制公钥 在rancher1,rancher2,rancher3上执行 注意:以rancher用户执行。
ssh-copy-id 192.168.0.109
ssh-copy-id 192.168.0.111
ssh-copy-id 192.168.0.113
# 测试ssh免密
ssh 192.168.0.109
ssh 192.168.0.111
ssh 192.168.0.113
cd ~
# vi rancher-cluster.yml
nodes:
- address: 192.168.0.109
internal_address: 192.168.0.109
user: rancher
role: [controlplane,worker,etcd]
hostname_override: rancher01
- address: 192.168.0.111
internal_address: 192.168.0.111
user: rancher
role: [controlplane,worker,etcd]
hostname_override: rancher02
- address: 192.168.0.113
internal_address: 192.168.0.113
user: rancher
role: [controlplane,worker,etcd]
hostname_override: rancher03
services:
etcd:
backup_config:
enabled: true
interval_hours: 6
retention: 60
rke_linux-amd64 up --config ./rancher-cluster.yml
# 如果报错 就重新执行以下上面
# WARN[0542] Failed to deploy addon execute job [rke-ingress-controller]: Failed to get job complete status for job rke-ingress-controller-deploy-job in namespace kube-system
rke_linux-amd64 up --config ./rancher-cluster.yml
mkdir ~/.kube
cp kube_config_rancher-cluster.yml ~/.kube/config
export KUBECONFIG=$(pwd)/kube_config_rancher-cluster.yml
# 查看node
kubectl get nodes
# 如果需要root用户执行kubectl,切换到root用户,执行以下命令
mkdir ~/.kube
cp /home/rancher/kube_config_rancher-cluster.yml ~/.kube/config
export KUBECONFIG=~/.kube/config
# 测试一下
kubectl get pods -A
# 在kube-system命名空间中创建ServiceAccount;创建ClusterRoleBinding以授予tiller帐户对集群的访问权限;helm初始化tiller服务
kubectl -n kube-system create serviceaccount tiller
kubectl create clusterrolebinding tiller --clusterrole cluster-admin --serviceaccount=kube-system:tiller
# 安装客户端和服务器端
wget https://get.helm.sh/helm-v2.16.6-linux-amd64.tar.gz
tar zxvf helm-v2.16.6-linux-amd64.tar.gz -C /usr/src/
cp /usr/src/linux-amd64/helm /usr/local/bin/
helm init --service-account tiller --skip-refresh --tiller-image registry.cn-shanghai.aliyuncs.com/rancher/tiller:v2.16.6
helm repo add rancher-stable https://releases.rancher.com/server-charts/stable
# 配置SSL 注意:rancher默认使用https访问,因此,需要有一个公网的SSL才行。将证书上传到rancher-01创建secret
# 没有SSL 手动制作自签名证书 https://blog.zhenglin.work/ca/make_key.html
curl -O http://pigx.vip/key.sh
sh key.sh --ssl-domain=qnhyn.com --ssl-size=2048 --ssl-date=3650
kubectl create ns cattle-system
kubectl -n cattle-system create secret tls tls-rancher-ingress --cert=./tls.crt --key=./tls.key
kubectl -n cattle-system create secret generic tls-ca --from-file=cacerts.pem
# 安装 --version 2.4.3 可以指定版本
helm install rancher-stable/rancher --name rancher --namespace cattle-system --set hostname=rancher.qnhyn.com --set ingress.tls.source=secret --set privateCA=true
https://www.codenong.com/cs106745791/
https://cloud.tencent.com/developer/article/1638170
https://www.bookstack.cn/read/rancher-2.4.4-zh/Rancher%E5%91%BD%E4%BB%A4%E8%A1%8C.md
#删除所有容器
sudo docker rm -f $(sudo docker ps -qa)
#删除/var/etcd目录
sudo rm -rf /var/etcd
#删除/var/lib/kubelet/目录,删除前先卸载
for m in $(sudo tac /proc/mounts | sudo awk '{print $2}'|sudo grep /var/lib/kubelet);do
sudo umount $m||true
done
sudo rm -rf /var/lib/kubelet/
#删除/var/lib/rancher/目录,删除前先卸载
for m in $(sudo tac /proc/mounts | sudo awk '{print $2}'|sudo grep /var/lib/rancher);do
sudo umount $m||true
done
sudo rm -rf /var/lib/rancher/
#删除/run/kubernetes/ 目录
sudo rm -rf /run/kubernetes/
#删除所有的数据卷
sudo docker volume rm $(sudo docker volume ls -q)
rm -rf /etc/cni \
/etc/kubernetes \
/opt/cni \
/opt/rke \
/run/secrets/kubernetes.io \
/run/calico \
/run/flannel \
/var/lib/calico \
/var/lib/etcd \
/var/lib/cni \
/var/lib/kubelet \
/var/lib/rancher/rke/log \
/var/log/containers \
/var/log/pods \
/var/run/calico
rm -f /var/lib/containerd/io.containerd.metadata.v1.bolt/meta.db
sudo systemctl restart containerd
sudo systemctl restart docker
#再次显示所有的容器和数据卷,确保没有残留
sudo docker ps -a
sudo docker volume ls