Preparation:
- Private warehouse harbor built
- Sync base images for Rancher version 2.4.11
- Domain name and domain name certificate
Cluster installation
1. Prepare nodes
Load balancing node 192.168.142.171 Rancher node: 192.168.142.111-113 To be added……
1.1 Enabling Node Ports or Disabling the firewall
sudo sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config firewall-cmd --zone=public --add-port=1-65535/ TCP -- permanent firewall-cmd --zone=public --add-port=1-65535/udp -- permanent firewall-cmd -- reloadCopy the code1.2 Synchronizing Time
192.168.142.112 is used as the time synchronization server
sudo yum install -y ntp
echo "SYNC_HWCLOCK=yes" >> /etc/sysconfig/ntpd
sudo systemctl start ntpd
sudo ntpdate 192.168.142.112
Copy the code1.3 installation docker
Docker-ce 18 to 19 is installed here. Cannot use 20
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
yum install docker-ce -y
Copy the codeTo modify the docker path, please refer to my previous blog
1.4 Authorizing Non-root Users to run Docker
Because centos has security restrictions, it is not recommended to use root to run docker remotely. So you need to create a normal user to run the useradd rancher – G docker echo “123456” | passwd — stdin rancher
Docker sudo service docker restart sudo gpasswd -a ${USER} docker sudo service docker restart
1.5 Configuring the SSH Key
Run on 192.168.142.111/112/113 server run under user Rancher: Ssh-keygen go ahead and press Enter, SSH /id_rsa.pub >> ~/. SSH /authorized_keys sz ID_RSA Node loaded with Nginx chmod 700. SSH chmod 600 authorized_keys
Install RKE
2.1 download rke_linux – amd64
Rancher-2.4.11 Indicates the corresponding version
mv rke_linux-amd64 rke
chmod a+x rke
Copy the code2.2 Creating an RKE Configuration File
# vi rancher-cluster.ymlNodes: - address: 192.168.142.111IP address of the node in offline environment
user: rancher
role: ["controlplane"."etcd"."worker"] ssh_KEY_path:./ id_rsa111-address: 192.168.142.112IP address of the node in offline environment
user: rancher
role: ["controlplane"."etcd"."worker"] ssh_KEY_path:./ id_rsa112-address: 192.168.142.113IP address of the node in offline environment
user: rancher
role: ["controlplane"."etcd"."worker"]
ssh_key_path: ./id_rsa113
private_registries:
- url: Private mirror library address
user:
password:
is_default: true
services:
kube-api:
service_node_port_range: 1-65535
Copy the code2.3 installation kubernetes
/rke up --config./rancher-cluster.yml /rke up --update-only --config./rancher-cluster.ymlCopy the codeConfigure nGINX load balancing
worker_processes 4;
worker_rlimit_nofile 40000;
events {
worker_connections 8192;
}
stream {
upstream rancher_servers_http {
least_conn;
server 192.168.142.111:80 max_fails=3 fail_timeout=5s;
server 192.168142.112.:80 max_fails=3 fail_timeout=5s;
server 192.168142.113.:80 max_fails=3 fail_timeout=5s;
}
server {
listen 80;
proxy_pass rancher_servers_http;
}
upstream rancher_servers_https {
least_conn;
server 192.168.142.111:443 max_fails=3 fail_timeout=5s;
server 192.168142.112.:443 max_fails=3 fail_timeout=5s;
server 192.168142.113.:443 max_fails=3 fail_timeout=5s; } server { listen 443; proxy_pass rancher_servers_https; }}Copy the code4. Helm generates rancher YAMl files
helm repo add rancher-stable https://releases.rancher.com/server-charts/stable
helm fetch rancher-stable/rancher --version 2.4.11
helm template rancher ./rancher-2.4.11.tgz --output-dir .
--namespace cattle-system
--set hostname=xxxx.xxx.com
--set rancherImage=xxx.xxx.xxx/rancher/rancher
--set ingress.tls.source=secret
--set systemDefaultRegistry=harbor.xxx.com
--set useBundledSystemChart=true
Copy the codeInstall kubectl
curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
chmod a+x kubectl
Copy the code5.1 Creating a Namespace
./kubectl --kubeconfig kube_config_rancher-cluster.yml create namespace cattle-system
./kubectl --kubeconfig kube_config_rancher-cluster.yml -n cattle-system create secret tls tls-rancher-ingress --cert=tls.crt --key=tls.key
Copy the code5.2. Install rancher
./kubectl --kubeconfig kube_config_rancher-cluster.yml -n cattle-system apply -R -f ./rancher
Copy the codeSix, pay attention
To be added