使用rancher快速搭建kubernetes环境

2018-08-14

kubernetes rancher

> 本文介绍如何在ubuntu环境下使用rancher快速搭建kubernetes环境

# Linux环境准备

kubernetes环境需先在server集群安装好docker，安装docker有两种方式：

1. ssh到每台server上执行命令：

```sh
curl -fsSL https://get.docker.com -o get-docker.sh && sudo sh get-docker.sh
```

2. 通过docker-machine安装

### 先在一台server上安装好docker和docker-machine

Linux安装docker-machine方法：

```
base=https://github.com/docker/machine/releases/download/v0.14.0 &&
  curl -L $base/docker-machine-$(uname -s)-$(uname -m) >/tmp/docker-machine &&
  sudo install /tmp/docker-machine /usr/local/bin/docker-machine
```

参考：

[Install Docker Machine](https://docs.docker.com/machine/install-machine/)

### 让server之间可以无需密码登录

```bash
ssh-keygen -t rsa
ssh-copy-id your-server-name
```

### 让server非root用户执行sudo命令无需密码

```
sudo su
visodu
```

在 # Allow members of group sudo to execute any command下面添加

your-user-name ALL=(ALL) NOPASSWD:ALL

### 安装docker

    docker-machine create --driver generic --generic-ip-address=your-server-ip --generic-ssh-user=your-user-name your-server-name

## 让 docker 无需 sudo

    sudo usermod -aG docker your-user-name


# 准备 Rancher


1. 创建 nginx Load Balancer

配置文件：nginx.conf

```
worker_processes 4;
worker_rlimit_nofile 40000;

events {
    worker_connections 8192;
}

http {
    server {
        listen         80;
        return 301 https://$host$request_uri;
    }
}

stream {
    upstream rancher_servers {
        least_conn;
        server IP_NODE_1:443 max_fails=3 fail_timeout=5s;
        server IP_NODE_2:443 max_fails=3 fail_timeout=5s;
        server IP_NODE_3:443 max_fails=3 fail_timeout=5s;
    }
    server {
        listen     443;
        proxy_pass rancher_servers;
    }
}
```

使用docker启动：

```
docker run -d --restart=unless-stopped \
  --name=rancher-nginx \
  -p 80:80 -p 443:443 \
  -v ~/nginx/nginx.conf:/etc/nginx/nginx.conf \
  nginx
```

2. 配置 dns 解析

配置dns解析，比如  rancher.supperxin.com，到 LB 的 IP地址

3. 下载 rancher

```
wget https://github.com/rancher/rke/releases/download/v0.1.9/rke_linux-amd64
chmod +x rke_linux-amd64
```

4. 下载 rke 配置模板

```
wget https://raw.githubusercontent.com/rancher/rancher/e9d29b3f3b9673421961c68adf0516807d1317eb/rke-templates/3-node-certificate.yml
mv 3-node-certificate.yml rancher-cluster.yml
```

5. 修改配置中的节点信息

下面的示例配置配置了2个主节点，4个工作节点

```
nodes:
  - address: 172.21.145.122
    user: srv_search
    role: [controlplane,etcd,worker]
    ssh_key_path: ~/.ssh/id_rsa
  - address: 172.21.145.123
    user: srv_search
    role: [controlplane,etcd,worker]
    ssh_key_path: ~/.ssh/id_rsa
  - address: 172.21.145.124
    user: srv_search
    role: [worker]
    ssh_key_path: ~/.ssh/id_rsa
  - address: 172.21.145.125
    user: srv_search
    role: [worker]
    ssh_key_path: ~/.ssh/id_rsa
```

6. 创建自签名证书

```
docker run -v $PWD/certs:/certs \
  -e SSL_SUBJECT=rancher.supperxin.com \
  -e SSL_DNS=rancher.supperxin.com \
  -e SSL_IP=10.0.0.1 \
  -e K8S_SAVE_CA_CRT=true \
  -e K8S_NAME=cattle-keys-ingress \
  -e K8S_NAMESPACE=cattle-system \
  paulczar/omgwtfssl
```

7. 修改配置中的证书信息

需要将证书内容用base64编码，需要用到的证书文件为：

* cert.pem --> tls.crt
* ca.pem --> tls.key
* key.pem --> cacerts.pem

编码指令：

    cat cert.pem | base64 -w0

8. 修改配置中的FQDN

替换为 DNS 名称

9. 启动 rancher 配置 kubernetes 集群

    ./rke_linux-amd64 up --config rancher-cluster.yml

如果报错：

FATA[0000] Unsupported Docker version found [18.06.0-ce], supported versions are [1.11.x 1.12.x 1.13.x 17.03.x]

则在配置文件中添加忽略docker版本之后再启动：

```
# If set to true, RKE will not fail when unsupported Docker version are found
ignore_docker_version: true
```

# 安装k8s命令行工具 kubectl

ubuntu 执行如下命令安装 kubectl：

```bash
sudo apt-get update && sudo apt-get install -y apt-transport-https
curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -
sudo touch /etc/apt/sources.list.d/kubernetes.list 
echo "deb http://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee -a /etc/apt/sources.list.d/kubernetes.list
sudo apt-get update
sudo apt-get install -y kubectl
```

登录 rancher 控制台，在默认的 local cluster 页面，点击 “kubeconfig file”，可以看到该集群的配置文件，类似：

```yaml
apiVersion: v1
kind: Config
clusters:
- name: "local"
  cluster:
    server: "xxxx"
    api-version: v1
    certificate-authority-data: "xxxx"

users:
- name: "xxxx"
  user:
    token: "xxxx"

contexts:
- name: "local"
  context:
    user: "xxxx"
    cluster: "local"

current-context: "local"
```

将其内容复制到文件 ~/.kube/config ，然后就可以用 kubectl 获取集群信息了。

# 参考：

* [install rancher](https://rancher.com/docs/rancher/v2.x/en/installation/ha-server-install)
* [cert create](https://gist.github.com/superseb/f129ad4204ca119249db00965acf657a)
* [Install kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/#install-kubectl)
* [Accessing Clusters with kubectl and a kubeconfig File](https://rancher.com/docs/rancher/v2.x/en/k8s-in-rancher/kubectl/#accessing-clusters-with-kubectl-shell)

本文为博主原创，如需转载，请注明出处：http://www.supperxin.com

返回博客列表