Rancher安装
k8s external ip #worker集群高可用IP.
英文版最新部署指南,这是离线部署链接 https://rancher.com/docs/rancher/v2.x/en/installation/other-installation-methods/air-gap/
Rancher 2.4.3 - HA 部署高可用k8s集群 #参考此文件
https://www.cnblogs.com/xiao987334176/p/12981735.html
本文参考链接:
https://blog.51cto.com/bilibili/2440304
https://blog.51cto.com/liuzhengwei521/2398244
https://www.cnblogs.com/xzkzzz/p/9995956.html
https://www.cnblogs.com/kelsen/p/10836332.html
Rancher 2.4.4-高可用集群HA部署-离线安装 2020-06-14 https://blog.csdn.net/weixin_42331537/article/details/106745662 rancher-images.txt rancher-save-images.sh rancher-images.txt rancher-load-images.sh
Rancher Releases Mirror http://mirror.cnrancher.com/
rancher-server离线的高可用部署 https://blog.csdn.net/qq_39919755/article/details/94858022
安装前镜像下载,参考rancher官网离线安装中的“同步镜像到私有镜像仓库”,下载三个文件,找一台docker机器事先下载好。
阿里云加速配置
下载前,请先配置阿里镜加速配置,内容如下:
{ "registry-mirrors" : ["https://dekn3ozn.mirror.aliyuncs.com"] }
登录私有仓库报错及解决办法
报错信息:
[root@worker-01 rancher]# docker login 172.16.7.199:5000
Username: docker
Password: docker
Error response from daemon: Get https://172.16.7.199:5000/v2/: http: server gave HTTP response to HTTPS client
解决办法: 在客户端需要配置如下信息: [root@worker-01 rancher]# cat /etc/docker/daemon.json
{ "insecure-registries":["172.16.7.199:5000"] }
说明:上述这个内容与阿里加速内容是不一样的,不能简单修改URL来使用。
准备离线镜像 https://www.bookstack.cn/read/rancher-v2.x/102ad603fddd1ea1.md
-----------按上文Rancher 2.4.3 - HA 部署高可用k8s集群 整理的-----------------
如何在国内优雅地使用Rancher https://mp.weixin.qq.com/s/XMh0-SscBPDYFfPdpmqdkw 如果你想单独pull这个,可以用阿里云的 registry.cn-hangzhou.aliyuncs.com/rancher/rke-tools:v0.1.65
一、概述
对于生产环境,需以高可用的配置安装 Rancher,确保用户始终可以访问 Rancher Server。当安装在Kubernetes集群中时,Rancher将与集群的 etcd 集成,并利用Kubernetes 调度实现高可用。 为确保高可用,本文所部署的 Kubernetes 集群将专用于运行 Rancher ,Rancher 运行起来后,可再创建或导入集群以运行具体的工作负载。
推荐架构
- Rancher的DNS 应解析到 4层(TCP) 负载均衡上。
- 负载均衡应将端口 TCP/80 和 TCP/443 转发到 Kubernetes 集群中的所有3个节点。
- Ingress-controller 将 HTTP 重定向到HTTPS并终止端口 TCP/443 上的 SSL/TLS(SSL数字证书在这里部署)。
- Ingress-controller 将流量转发到 pod 的 TCP/80 端口。
下面是一张从官网拉过来的图片,更直观一些。
二、准备工作
1.服务器准备
- 1台 Linux服务器,配置不用很高,用于四层负载均衡
- 3台 Linux服务器,Rancker-server-node 节点
- n台 Linux服务器,Rancker-agent-node 节点(n<=50) RKE 高可用安装的 CPU 和 内存要求 节点服务器的硬件配置,可根据实际情况依据该表自行选择。 在 Rancher v2.4.0 中提高了性能。有关 v2.4.0 之前的 Rancher 的要求,请参阅本节。
规模 | 集群 | 节点 | CPU | 内存 |
---|---|---|---|---|
小 | 最多150个 | 最多1500个 | 2 | 8 GB |
中 | 最多300个 | 最多3000个 | 4 | 16 GB |
大 | 最多500个 | 最多5000个 | 8 | 32 GB |
特大 | 最多1000个 | 最多10000个 | 16 | 64 GB |
超大 | 最多2000个 | 最多20000个 | 32 | 128 GB |
联系 Rancher,如果您要管理 2000+ 集群和/或 20000+ 节点。
2.环境说明
服务器使用本地的EXSI,虚拟机具体配置如下:
主机名称 | 系统版本 | 内网ip | 配置 |
---|---|---|---|
rancher-01 | CentOS 7.8 | 172.16.7.201 | 2核3g |
rancher-02 | CentOS 7.8 | 172.16.7.202 | 2核3g |
rancher-03 | CentOS 7.8 | 172.16.7.203 | 2核3g |
rancher-slb | CentOS 7.8 | 172.16.7.200 | 1核1g |
3.centos7 永久修改主机名
hostnamectl set-hostname xxx
三、docker安装
关于docker安装,请参考链接: https://www.showdoc.com.cn/557523996513244?page_id=3839601638128520
四、安装RKE
Rancher Kubernetes Engine(RKE)是一款轻量级Kubernetes安装程序,支持在裸机和虚拟化服务器上安装Kubernetes。 RKE解决了Kubernettes社区中的一个常见问题,比如:安装复杂性。RKE支持多种平台运行,比如MacOS,linux,windows。 这里在rancher-01上安装rke:
1.下载二进制文件
rancher二进制文件下载
https://github.com/rancher/rke/releases
找到最新稳定版本,目前稳定版本为v1.1.12
下载文件:
Kubernetes Versions
v1.18.12-rancher1-1
rke_linux-amd64 点此行下载或右键获取下载链接如下
https://github.com/rancher/rke/releases/download/v1.1.12/rke_linux-arm64
XX:上次下载的v1.2.2 <<---
2.安装rke
chmod +x rke_linux-amd64
mv rke_linux-amd64 /usr/bin/
rke_linux-amd64 --version
注意:此文件安装的k8s版本为v1.18.12 XX:上次下载的为v1.19.3
三.安装Kubectl
kubectl是一个CLI命令行工具,用于运行Kubernetes集群的命令。Rancher 2.x中的许多维护和管理都需要它。 这里在 rancher-01 上安装kubectl:
1.kubectl下载
https://github.com/kubernetes
https://kubernetes.io/zh/docs/setup/release/notes/
https://dl.k8s.io/v1.18.0/kubernetes-client-linux-arm64.tar.gz
变更日志:
https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG
https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.19.md #最新稳定版本
注意:此链接必须在访问谷歌的电脑上面才行下载。
2.解压,并放到path路径下
tar zxvf kubernetes-client-linux-amd64.tar.gz -C /usr/src/
cp /usr/src/kubernetes/client/bin/kubectl /usr/bin/kubectl
chmod +x /usr/bin/kubectl
3.配置kubectl的shell补全
CentOS Linux上,您可能需要安装默认情况下未安装的bash-completion软件包。 bash-completion包centos yum自带
yum install -y bash-completion
可将kubectl自动补全添加到当前shell,要使kubectl自动补全命令自动加载,运行
echo 'source <(kubectl completion bash)' >> /root/.bashrc
4.验证补全命令
退出,重新登录一下即可。命令实例示例:
# kubectl desc<TAB> no<TAB> node<TAB>
三、使用RKE安装kubernetes
下面使用 RKE(Kubernetes Engine) 安装高可用的 Kubernetes。
1.NODE-SERVER 之间建立 ssh 信任
我们目前有三台服务器用作 local 集群,首先要确保我们主机能够通过 ssh 访问到另外两台主机并执行相关操作。
1.1.创建用户rancher
注意:使用rke安装kubernetes时,不能以root用户执行。必须是一个普通用户才行!!! 在 rancher-01,rancher-02,rancher-02 执行以下命令:
useradd rancher
passwd rancher
2.授予rancher具有docker权限
2.1.在 rancher-01,rancher-02,rancher-03 执行以下命令:
使用root账号登录
#将登陆用户develop加入到docker用户组中
gpasswd -a rancher docker
#更新用户组
newgrp docker #或 usermod -aG docker rancher
2.2.切换到rancher用户进行测试
su rancher
docker ps
输出正常,则表示成功。
2.3.ssh信任
在 rancher-01,rancher-02,rancher-03 执行以下命令:
# su rancher
$ ssh-keygen -t rsa -P "" -f ~/.ssh/id_rsa
$ cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
$ chmod 600 ~/.ssh/authorized_keys
2.4.复制公钥
在rancher-01上执行,,,,XXX 我觉得应该在三台主机都执行这一步。待验证。 注意:以rancher用户执行。
$ ssh-copy-id 172.16.7.201
$ ssh-copy-id 172.16.7.202
$ ssh-copy-id 172.16.7.203
2.5.测试ssh免密
在rancher-01上执行 注意:以rancher用户执行。
$ ssh 172.16.7.201
$ ssh 172.16.7.202
$ ssh 172.16.7.203
3.编写 rancher-cluster.yml 文件
这里需要注意,这个文件没有明确配置rsa文件名,默认会使用 $HOME/.ssh/id_rsa 建立连接。内容如下 在rancher-01上执行 注意:以rancher用户执行。
$ vim rancher-cluster.yml
内容如下:
nodes:
- address: 172.16.7.201
internal_address: 172.16.7.201
user: rancher
role: [controlplane,worker,etcd]
hostname_override: rancher-01.techzsun.com
- address: 172.16.7.202
internal_address: 172.16.7.202
user: rancher
role: [controlplane,worker,etcd]
hostname_override: rancher-02.techzsun.com
- address: 172.16.7.203
internal_address: 172.16.7.203
user: rancher
role: [controlplane,worker,etcd]
hostname_override: rancher-03.techzsun.com
services:
etcd:
backup_config:
enabled: true
interval_hours: 6
retention: 60
备注: address 公共域名或IP地址 user 可以运行docker命令的用户 role 分配给节点的Kubernetes角色列表 internal_address 内部集群通信的私有域名或IP地址 开启了etcd的备份机制,每隔6小时备份一次,保存60天数据
4.运行 RKE 构建 kubernetes 集群
在rancher-01上执行 注意:以rancher用户执行。
$ rke_linux-amd64 up --config ./rancher-cluster.yml
输出如下:
执行成功会在当前目录生成2个文件,分别是rancher-cluster.rkestate和kube_config_rancher-cluster.yml 文件说明
rancher-cluster.yml:RKE集群配置文件。
kube_config_rancher-cluster.yml:群集的Kubeconfig文件,此文件包含完全访问群集的凭据。
rancher-cluster.rkestate:Kubernetes群集状态文件,此文件包含完全访问群集的凭据。
5.测试集群以及检查集群状态
5.1 设置环境变量
在 rancher-01 上执行 注意:以rancher用户执行。
mkdir ~/.kube
cp kube_config_rancher-cluster.yml ~/.kube/config
export KUBECONFIG=$(pwd)/kube_config_rancher-cluster.yml
查看node
$ kubectl get nodes
NAME STATUS ROLES AGE VERSION
rancher-01.techzsun.com Ready controlplane,etcd,worker 163m v1.19.3
rancher-02.techzsun.com NotReady controlplane,etcd,worker 163m v1.19.3
rancher-03.techzsun.com NotReady controlplane,etcd,worker 163m v1.19.3
如果需要root用户执行kubectl,切换到root用户,执行以下命令
mkdir ~/.kube
cp /home/rancher/kube_config_rancher-cluster.yml ~/.kube/config
export KUBECONFIG=~/.kube/config
5.2 测试集群以及检查集群状态
[rancher@rancher-01 ~]$ kubectl get nodes
NAME STATUS ROLES AGE VERSION
rancher-01.techzsun.com Ready controlplane,etcd,worker 4d v1.19.3
rancher-02.techzsun.com Ready controlplane,etcd,worker 4d v1.19.3
rancher-03.techzsun.com Ready controlplane,etcd,worker 4d v1.19.3
[rancher@rancher-01 ~]$ kubectl get pods
No resources found in default namespace.
[rancher@rancher-01 ~]$ kubectl get pods -A
NAMESPACE NAME READY STATUS RESTARTS AGE
ingress-nginx default-http-backend-65dd5949d9-qsc7j 1/1 Running 1 4d
ingress-nginx nginx-ingress-controller-4r7g7 1/1 Running 1 4d
ingress-nginx nginx-ingress-controller-8fh9g 1/1 Running 1 4d
ingress-nginx nginx-ingress-controller-pv7h8 1/1 Running 1 4d
kube-system calico-kube-controllers-649b7b795b-p5cb2 1/1 Running 1 4d
kube-system canal-2kl6r 2/2 Running 2 4d
kube-system canal-bcwjw 2/2 Running 2 4d
kube-system canal-qzp9s 2/2 Running 2 4d
kube-system coredns-6f85d5fb88-f4t5b 1/1 Running 1 4d
kube-system coredns-6f85d5fb88-j2l5n 1/1 Running 1 4d
kube-system coredns-autoscaler-79599b9dc6-7pkxp 1/1 Running 1 4d
kube-system metrics-server-8449844bf-l5r2s 1/1 Running 1 4d
kube-system rke-coredns-addon-deploy-job-kwc5l 0/1 Completed 0 4d
kube-system rke-ingress-controller-deploy-job-nqbjr 0/1 Completed 0 4d
kube-system rke-metrics-addon-deploy-job-jqd9t 0/1 Completed 0 4d
kube-system rke-network-plugin-deploy-job-hghvw 0/1 Completed 0 4d
[rancher@rancher-01 ~]$ kubectl get pods --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
ingress-nginx default-http-backend-65dd5949d9-qsc7j 1/1 Running 1 4d
ingress-nginx nginx-ingress-controller-4r7g7 1/1 Running 1 4d
ingress-nginx nginx-ingress-controller-8fh9g 1/1 Running 1 4d
ingress-nginx nginx-ingress-controller-pv7h8 1/1 Running 1 4d
kube-system calico-kube-controllers-649b7b795b-p5cb2 1/1 Running 1 4d
kube-system canal-2kl6r 2/2 Running 2 4d
kube-system canal-bcwjw 2/2 Running 2 4d
kube-system canal-qzp9s 2/2 Running 2 4d
kube-system coredns-6f85d5fb88-f4t5b 1/1 Running 1 4d
kube-system coredns-6f85d5fb88-j2l5n 1/1 Running 1 4d
kube-system coredns-autoscaler-79599b9dc6-7pkxp 1/1 Running 1 4d
kube-system metrics-server-8449844bf-l5r2s 1/1 Running 1 4d
kube-system rke-coredns-addon-deploy-job-kwc5l 0/1 Completed 0 4d
kube-system rke-ingress-controller-deploy-job-nqbjr 0/1 Completed 0 4d
kube-system rke-metrics-addon-deploy-job-jqd9t 0/1 Completed 0 4d
kube-system rke-network-plugin-deploy-job-hghvw 0/1 Completed 0 4d
五、安装Rancher
1、添加 Helm Chart 仓库
此步骤在有公网的主机执行即可,为了得到tgz文件(cert-manager-v0.12.0.tgz)
1.1 添加 Helm Chart 仓库
helm repo add rancher-stable https://releases.rancher.com/server-charts/stable
1.2.获取最新的 Rancher Chart, tgz 文件会下载到本地。
helm fetch rancher-stable/rancher
将rancher-2.5.2.tgz文件拷贝到内网rancher1中的rancher用户家目录下
2.使用 Rancher 默认的自签名证书在公网环境下获取最新的cert-manager Chart
2.1.在可以连接互联网的系统中,添加 cert-manager 仓库。
helm repo add jetstack https://charts.jetstack.io
helm repo update
2.2.从 Helm Chart 仓库 中获取最新的 cert-manager Chart。
helm fetch jetstack/cert-manager --version v0.12.0
2.3.将tgz文件拷贝到内网rancher1中的rancher用户家目录下
将生成的cert-manager-v0.12.0.tgz文件拷贝到内网主机rancher1中 [rancher@rancher1 ~]$ scp root@10.0.0.20:/root/install/cert-manager-v0.12.0.tgz .
3、使用期望的参数渲染 chart 模板
[rancher@rancher1 ~]$ helm template cert-manager ./cert-manager-v0.12.0.tgz --output-dir . \
--namespace cert-manager \
--set image.repository=172.16.7.199:5000/quay.io/jetstack/cert-manager-controller \
--set webhook.image.repository=172.16.7.199:5000/quay.io/jetstack/cert-manager-webhook \
--set cainjector.image.repository=172.16.7.199:5000/quay.io/jetstack/cert-manager-cainjector
执行完成会得到一个包含相关 YAML文件的cert-manager目录,内容如下:
[rancher@rancher-01 ~]$ tree -L 3 cert-manager
cert-manager
└── templates
├── cainjector-deployment.yaml
├── cainjector-rbac.yaml
├── cainjector-serviceaccount.yaml
├── deployment.yaml
├── rbac.yaml
├── serviceaccount.yaml
├── service.yaml
├── webhook-deployment.yaml
├── webhook-mutating-webhook.yaml
├── webhook-rbac.yaml
├── webhook-serviceaccount.yaml
├── webhook-service.yaml
└── webhook-validating-webhook.yaml
4.下载 cert-manager 所需的 CRD 文件。
curl -L -o cert-manager/cert-manager-crd.yaml https://raw.githubusercontent.com/jetstack/cert-manager/release-0.12/deploy/manifests/00-crds.yaml
# 可能会下载失败,FQ下载
https://raw.githubusercontent.com/jetstack/cert-manager/release-0.12/deploy/manifests/00-crds.yaml
5.渲染 Rancher 模板
[rancher@rancher1 ~]$ helm template rancher ./rancher-2.5.2.tgz --output-dir . \
--namespace cattle-system \
--set hostname=rancher.com \
--set certmanager.version=v0.12.0 \
--set rancherImage=172.16.7.199:5000/rancher/rancher \
--set systemDefaultRegistry=172.16.7.199:5000 \
--set useBundledSystemChart=true
输出如下内容:
wrote ./rancher/templates/serviceAccount.yaml
wrote ./rancher/templates/clusterRoleBinding.yaml
wrote ./rancher/templates/service.yaml
wrote ./rancher/templates/deployment.yaml
wrote ./rancher/templates/ingress.yaml
wrote ./rancher/templates/issuer-rancher.yaml
6、安装 Cert-manager
(仅限使用 Rancher 默认自签名证书)
6.1。为 cert-manager 创建 namespace。
[rancher@rancher1 ~]$ kubectl create namespace cert-manager
namespace/cert-manager created
6.2.创建 cert-manager CRD
kubectl apply -f cert-manager/cert-manager-crd.yaml
输出
Warning: apiextensions.k8s.io/v1beta1 CustomResourceDefinition is deprecated in v1.16+, unavailable in v1.22+; use apiextensions.k8s.io/v1 CustomResourceDefinition
customresourcedefinition.apiextensions.k8s.io/certificaterequests.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/certificates.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/challenges.acme.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/clusterissuers.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/issuers.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/orders.acme.cert-manager.io created
6.3.启动 cert-manager
[rancher@rancher-01 ~]$ kubectl apply -f cert-manager/cert-manager-crd.yaml
输出结果
Warning: apiextensions.k8s.io/v1beta1 CustomResourceDefinition is deprecated in v1.16+, unavailable in v1.22+; use apiextensions.k8s.io/v1 CustomResourceDefinition
customresourcedefinition.apiextensions.k8s.io/certificaterequests.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/certificates.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/challenges.acme.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/clusterissuers.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/issuers.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/orders.acme.cert-manager.io created
[rancher@rancher-01 ~]$ kubectl apply -R -f ./cert-manager
Warning: apiextensions.k8s.io/v1beta1 CustomResourceDefinition is deprecated in v1.16+, unavailable in v1.22+; use apiextensions.k8s.io/v1 CustomResourceDefinition
customresourcedefinition.apiextensions.k8s.io/certificaterequests.cert-manager.io unchanged
customresourcedefinition.apiextensions.k8s.io/certificates.cert-manager.io unchanged
customresourcedefinition.apiextensions.k8s.io/challenges.acme.cert-manager.io unchanged
customresourcedefinition.apiextensions.k8s.io/clusterissuers.cert-manager.io unchanged
customresourcedefinition.apiextensions.k8s.io/issuers.cert-manager.io unchanged
customresourcedefinition.apiextensions.k8s.io/orders.acme.cert-manager.io unchanged
deployment.apps/cert-manager-cainjector created
Warning: rbac.authorization.k8s.io/v1beta1 ClusterRole is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 ClusterRole
clusterrole.rbac.authorization.k8s.io/cert-manager-cainjector created
Warning: rbac.authorization.k8s.io/v1beta1 ClusterRoleBinding is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 ClusterRoleBinding
clusterrolebinding.rbac.authorization.k8s.io/cert-manager-cainjector created
Warning: rbac.authorization.k8s.io/v1beta1 Role is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 Role
role.rbac.authorization.k8s.io/cert-manager-cainjector:leaderelection created
Warning: rbac.authorization.k8s.io/v1beta1 RoleBinding is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 RoleBinding
rolebinding.rbac.authorization.k8s.io/cert-manager-cainjector:leaderelection created
serviceaccount/cert-manager-cainjector created
deployment.apps/cert-manager created
clusterrole.rbac.authorization.k8s.io/cert-manager-controller-issuers created
clusterrole.rbac.authorization.k8s.io/cert-manager-controller-clusterissuers created
clusterrole.rbac.authorization.k8s.io/cert-manager-controller-certificates created
clusterrole.rbac.authorization.k8s.io/cert-manager-controller-orders created
clusterrole.rbac.authorization.k8s.io/cert-manager-controller-challenges created
clusterrole.rbac.authorization.k8s.io/cert-manager-controller-ingress-shim created
clusterrole.rbac.authorization.k8s.io/cert-manager-view created
clusterrole.rbac.authorization.k8s.io/cert-manager-edit created
clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-issuers created
clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-clusterissuers created
clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-certificates created
clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-orders created
clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-challenges created
clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-ingress-shim created
role.rbac.authorization.k8s.io/cert-manager:leaderelection created
rolebinding.rbac.authorization.k8s.io/cert-manager:leaderelection created
service/cert-manager created
serviceaccount/cert-manager created
deployment.apps/cert-manager-webhook created
Warning: admissionregistration.k8s.io/v1beta1 MutatingWebhookConfiguration is deprecated in v1.16+, unavailable in v1.22+; use admissionregistration.k8s.io/v1 MutatingWebhookConfiguration
mutatingwebhookconfiguration.admissionregistration.k8s.io/cert-manager-webhook created
clusterrole.rbac.authorization.k8s.io/cert-manager-webhook:webhook-requester created
clusterrolebinding.rbac.authorization.k8s.io/cert-manager-webhook:auth-delegator created
rolebinding.rbac.authorization.k8s.io/cert-manager-webhook:webhook-authentication-reader created
service/cert-manager-webhook created
serviceaccount/cert-manager-webhook created
Warning: admissionregistration.k8s.io/v1beta1 ValidatingWebhookConfiguration is deprecated in v1.16+, unavailable in v1.22+; use admissionregistration.k8s.io/v1 ValidatingWebhookConfiguration
validatingwebhookconfiguration.admissionregistration.k8s.io/cert-manager-webhook created
7.安装 Rancher
[rancher@rancher-01 ~]$ kubectl create namespace cattle-system
[rancher@rancher-01 ~]$ kubectl -n cattle-system apply -R -f ./rancher
输出如下:
clusterrolebinding.rbac.authorization.k8s.io/rancher created
deployment.apps/rancher created
Warning: extensions/v1beta1 Ingress is deprecated in v1.14+, unavailable in v1.22+; use networking.k8s.io/v1 Ingress
ingress.extensions/rancher created
service/rancher created
serviceaccount/rancher created
Error from server (InternalError): error when creating "rancher/templates/issuer-rancher.yaml": Internal error occurred: failed calling webhook "webhook.cert-manager.io": Post "https://cert-manager-webhook.cert-manager.svc:443/mutate?timeout=30s": context deadline exceeded
居然有报错,分析:
[rancher@rancher-01 ~]$ kubectl get pod --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
cert-manager cert-manager-cainjector-78f8678b4-lhk2b 0/1 ImagePullBackOff 0 6m50s
分析-查看详细信息
[rancher@rancher-01 ~]$ kubectl describe -n cert-manager pod cert-manager-cainjector-78f8678b4-lhk2b
看下面这部分:
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 16m default-scheduler Successfully assigned cert-manager/cert-manager-cainjector-78f8678b4-lhk2b to rancher-01.techzsun.com
Normal Pulling 15m (x4 over 16m) kubelet Pulling image "172.16.7.199:50000/quay.io/jetstack/cert-manager-cainjector:v0.12.0"
Warning Failed 15m (x4 over 16m) kubelet Failed to pull image "172.16.7.199:50000/quay.io/jetstack/cert-manager-cainjector:v0.12.0": rpc error: code = Unknown desc = Error response from daemon: Get https://172.16.7.199:50000/v2/: dial tcp 172.16.7.199:50000: connect: no route to host
Warning Failed 15m (x4 over 16m) kubelet Error: ErrImagePull
Warning Failed 6m36s (x44 over 16m) kubelet Error: ImagePullBackOff
Normal BackOff 103s (x66 over 16m) kubelet Back-off pulling image "172.16.7.199:50000/quay.io/jetstack/cert-manager-cainjector:v0.12.0"
分析上面缺少镜像:
172.16.7.199:50000/quay.io/jetstack/cert-manager-cainjector:v0.12.0
自签证书
https://my.oschina.net/u/4257408/blog/3662544
安装和配置Helm
Helm是Kubernetes首选的包管理工具。Helmcharts为Kubernetes YAML清单文档提供模板语法。使用Helm,可以创建可配置的部署,而不仅仅是使用静态文件。Helm有两个部分:Helm客户端(helm)和Helm服务端(Tiller)。
helm客户端下载
https://github.com/helm/helm/releases
https://get.helm.sh/helm-v3.4.1-linux-amd64.tar.gz #最新稳定版
Download Helm v3.4.1. The common platform binaries are here: 在这个位置下载。
helm常用命令 https://blog.csdn.net/kjh2007abc/article/details/99618455
kubeadm实现k8s高可用集群环境部署与配置 https://www.cnblogs.com/zhaoya2019/p/13032218.html