快速搭建rancher
-v 用来挂载证书,如果没有证书,可以删除,默认使用rancher内置的自签证书
- docker run -d --name rancher --privileged --restart=unless-stopped \
- -p 10080:80 -p 10443:443 \
- -v /root/tmp/rancher.mb.com.crt:/etc/rancher/ssl/cert.pem \
- -v /root/tmp/rancher.mb.com.key:/etc/rancher/ssl/key.pem \
- -v /root/tmp/cacerts.pem:/etc/rancher/ssl/cacerts.pem \
- rancher/rancher:v2.7.5
rancher启动较慢,可以稍等片刻,大约半分钟,即可访问。前提是防火墙放行端口10443
获取rancher UI 默认的登录密码
浏览器访问到rancher的登录页面后,执行shell docker logs rancher 2>&1 | grep "Bootstrap Password:" 查看默认的登录密码
登录成功后,进入集群管理
创建集群
由于docker run的时候没有信任的证书,所以此处打勾
复制注册命令在需要安装的k8s机器上执行命令,静默安装. 我这边4h8g的机器大概在5分钟内安装完毕
rancher查看安装日志
安装过程中,会看到些许ERROR日志, 只要这个日志不会卡在那里1分钟以上, 就不要人为干预,rancher会自行调整
安装过程中的图
安装完成。节点状态变成Active,表示k8s可用。
需要安装k8s集群时,拿着命令在目标机上执行即可
遇到的坑
执行创建k8s的命令后, 一直都在Update状态
- 背景说明:安装完成后,想再折腾一下,于是删除节点,再重复上面的操作,发现一直都创建不成功
- 解决办法
- 在rancher移除节点
- 在rancher集群管理,删除前面创建的集群
- 在k8s机器上执行卸载命令, 命令一般放在/usr/local/bin目录,可以通过 shell /usr/local/bin/k3s-uninstall.sh 查找
- 如果安装的k3s,执行 k3s-uninstall.sh 和 rancher-system-agent-uninstall.sh ;如果安装的是rke2,则卸载rke2的命令,rke2卸载命令的查找方法和k3s的查找方法类似
卸载命令备份
这些命令是rancher安装集群的时候自动生成的,做个备份在这里,防止失联
k3s-uninstall.sh
- #!/bin/sh
- set -x
- [ $(id -u) -eq 0 ] || exec sudo $0 $@
- /usr/local/bin/k3s-killall.sh
- if command -v systemctl; then
- systemctl disable k3s
- systemctl reset-failed k3s
- systemctl daemon-reload
- fi
- if command -v rc-update; then
- rc-update delete k3s default
- fi
- rm -f /etc/systemd/system/k3s.service
- rm -f /etc/systemd/system/k3s.service.env
- remove_uninstall() {
- rm -f /usr/local/bin/k3s-uninstall.sh
- }
- trap remove_uninstall EXIT
- if (ls /etc/systemd/system/k3s*.service || ls /etc/init.d/k3s*) >/dev/null 2>&1; then
- set +x; echo 'Additional k3s services installed, skipping uninstall of k3s'; set -x
- exit
- fi
- for cmd in kubectl crictl ctr; do
- if [ -L /usr/local/bin/$cmd ]; then
- rm -f /usr/local/bin/$cmd
- fi
- done
- rm -rf /etc/rancher/k3s
- rm -rf /run/k3s
- rm -rf /run/flannel
- rm -rf /var/lib/rancher/k3s
- rm -rf /var/lib/kubelet
- rm -f /usr/local/bin/k3s
- rm -f /usr/local/bin/k3s-killall.sh
- if type yum >/dev/null 2>&1; then
- yum remove -y k3s-selinux
- rm -f /etc/yum.repos.d/rancher-k3s-common*.repo
- elif type rpm-ostree >/dev/null 2>&1; then
- rpm-ostree uninstall k3s-selinux
- rm -f /etc/yum.repos.d/rancher-k3s-common*.repo
- elif type zypper >/dev/null 2>&1; then
- uninstall_cmd="zypper remove -y k3s-selinux"
- if [ "${TRANSACTIONAL_UPDATE=false}" != "true" ] && [ -x /usr/sbin/transactional-update ]; then
- uninstall_cmd="transactional-update --no-selfupdate -d run $uninstall_cmd"
- fi
- $uninstall_cmd
- rm -f /etc/zypp/repos.d/rancher-k3s-common*.repo
- fi
- #!/bin/sh
- if [ ! $(id -u) -eq 0 ]; then
- fatal "This script must be run as root."
- fi
- # Environment variables:
- # System Agent Variables
- # - CATTLE_AGENT_CONFIG_DIR (default: /etc/rancher/agent)
- # - CATTLE_AGENT_VAR_DIR (default: /var/lib/rancher/agent)
- # - CATTLE_AGENT_BIN_PREFIX (default: /usr/local)
- #
- # warn logs the given argument at warn log level.
- warn() {
- echo "[WARN] " "$@" >&2
- }
- # check_target_mountpoint return success if the target directory is on a dedicated mount point
- check_target_mountpoint() {
- mountpoint -q "${CATTLE_AGENT_BIN_PREFIX}"
- }
- # check_target_ro returns success if the target directory is read-only
- check_target_ro() {
- touch "${CATTLE_AGENT_BIN_PREFIX}"/.r-sa-ro-test && rm -rf "${CATTLE_AGENT_BIN_PREFIX}"/.r-sa-ro-test
- test $? -ne 0
- }
- setup_env() {
- if [ -z "${CATTLE_AGENT_CONFIG_DIR}" ]; then
- CATTLE_AGENT_CONFIG_DIR=/etc/rancher/agent
- fi
- if [ -z "${CATTLE_AGENT_VAR_DIR}" ]; then
- CATTLE_AGENT_VAR_DIR=/var/lib/rancher/agent
- fi
- # --- resources are installed to /usr/local by default, except if /usr/local is on a separate partition or is
- # --- read-only in which case we go into /opt/rancher-system-agent. If variable isn't passed and this criteria is
- # --- true, assume that is what was done, since removing from /usr/local wouldn't be possible anyway.
- if [ -z "${CATTLE_AGENT_BIN_PREFIX}" ]; then
- CATTLE_AGENT_BIN_PREFIX="/usr/local"
- if check_target_mountpoint || check_target_ro; then
- CATTLE_AGENT_BIN_PREFIX="/opt/rancher-system-agent"
- warn "/usr/local is read-only or a mount point; checking ${CATTLE_AGENT_BIN_PREFIX}"
- fi
- fi
- }
- uninstall_stop_services() {
- if command -v systemctl >/dev/null 2>&1; then
- systemctl stop rancher-system-agent
- fi
- }
- uninstall_remove_self() {
- rm -f "${CATTLE_AGENT_BIN_PREFIX}/bin/rancher-system-agent-uninstall.sh"
- }
- uninstall_disable_services()
- {
- if command -v systemctl >/dev/null 2>&1; then
- systemctl disable rancher-system-agent || true
- systemctl reset-failed rancher-system-agent || true
- systemctl daemon-reload
- fi
- }
- uninstall_remove_files() {
- rm -f /etc/systemd/system/rancher-system-agent.service
- rm -f /etc/systemd/system/rancher-system-agent.env
- rm -rf ${CATTLE_AGENT_VAR_DIR}
- rm -rf ${CATTLE_AGENT_CONFIG_DIR}
- rm -f "${CATTLE_AGENT_BIN_PREFIX}/bin/rancher-system-agent"
- }
- setup_env
- uninstall_stop_services
- trap uninstall_remove_self EXIT
- uninstall_disable_services
- uninstall_remove_files
|
