Rancher安装过程记录

文档建立日期：2020-11-16 请注意软件版本 该文档中涉及的软件，资料，配置均上传至网盘以方便使用。如果需要文件，请联系我。
官方文档：https://docs.rancher.cn/
Welcome to Ubuntu 20.04.1 LTS (GNU/Linux 5.4.0-53-generic x86_64)
docker 19.03
rancher 2.5
请注意，本来尝试使用centos安装了的，但是各种小问题不断，ubuntu就不会出现，rancher其实只是个平台，为了减少不必要的麻烦。使用ubuntu吧。
本文档只用作快速操作，一路复制粘贴即可使用。

# 修改操作系统 ip
netplan

# 为了方便操作，修改sudo不需要密码
visudo

# 根据实际情况修改计算机名
sudo hostnamectl set-hostname rancher-221
sudo hostnamectl set-hostname rancher-222
sudo hostnamectl set-hostname rancher-223

# 增加hosts内容
192.168.20.221 rancher-221
192.168.20.221 rancher-222
192.168.20.221 rancher-223

# 关闭防火墙
sudo ufw disable

# 基础软件安装
sudo apt install zip unzip sysstat

# 修改时区
# 查看时区
date -R  
# timedatectl

# 修改时区
sudo tzselect
sudo cp /usr/share/zoneinfo/Asia/Shanghai  /etc/localtime

# 增加系统登陆时的时区，以便时间类内容的查看
vim /etc/profile
export TZ='Asia/Shanghai'

# 修改ssh 允许使用key登陆，并让本集群内机器互通。
sed -i 's?#RSAAuthentication yes?RSAAuthentication yes?;s?#PubkeyAuthentication yes?PubkeyAuthentication yes?;s?#AuthorizedKeysFile?AuthorizedKeysFile?' /etc/ssh/sshd_config
ssh-keygen -t rsa -P '' -f ~/.ssh/id_rsa
cd ~/.ssh/
cp id_rsa.pub id_rsa_`hostname`.pub
cat id_rsa_*.pub >> ~/.ssh/authorized_keys
chmod -R 700 ~/.ssh

# 修改ulimit和sysctl
sudo echo "
net.bridge.bridge-nf-call-ip6tables=1
net.bridge.bridge-nf-call-iptables=1
net.ipv4.ip_forward=1
net.ipv4.conf.all.forwarding=1
net.ipv4.neigh.default.gc_thresh1=4096
net.ipv4.neigh.default.gc_thresh2=6144
net.ipv4.neigh.default.gc_thresh3=8192
net.ipv4.neigh.default.gc_interval=60
net.ipv4.neigh.default.gc_stale_time=120

# 参考 https://github.com/prometheus/node_exporter#disabled-by-default
kernel.perf_event_paranoid=-1

#sysctls for k8s node config
net.ipv4.tcp_slow_start_after_idle=0
net.core.rmem_max=16777216
fs.inotify.max_user_watches=524288
kernel.softlockup_all_cpu_backtrace=1

kernel.softlockup_panic=0

kernel.watchdog_thresh=30
fs.file-max=2097152
fs.inotify.max_user_instances=8192
fs.inotify.max_queued_events=16384
vm.max_map_count=262144
fs.may_detach_mounts=1
net.core.netdev_max_backlog=16384
net.ipv4.tcp_wmem=4096 12582912 16777216
net.core.wmem_max=16777216
net.core.somaxconn=32768
net.ipv4.ip_forward=1
net.ipv4.tcp_max_syn_backlog=8096
net.ipv4.tcp_rmem=4096 12582912 16777216

net.ipv6.conf.all.disable_ipv6=1
net.ipv6.conf.default.disable_ipv6=1
net.ipv6.conf.lo.disable_ipv6=1

kernel.yama.ptrace_scope=0
vm.swappiness=0

# 可以控制core文件的文件名中是否添加pid作为扩展。
kernel.core_uses_pid=1

# Do not accept source routing
net.ipv4.conf.default.accept_source_route=0
net.ipv4.conf.all.accept_source_route=0

# Promote secondary addresses when the primary address is removed
net.ipv4.conf.default.promote_secondaries=1
net.ipv4.conf.all.promote_secondaries=1

# Enable hard and soft link protection
fs.protected_hardlinks=1
fs.protected_symlinks=1

# 源路由验证
# see details in https://help.aliyun.com/knowledge_detail/39428.html
net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_announce=2
net.ipv4.conf.all.arp_announce=2

# see details in https://help.aliyun.com/knowledge_detail/41334.html
net.ipv4.tcp_max_tw_buckets=5000
net.ipv4.tcp_syncookies=1
net.ipv4.tcp_fin_timeout=30
net.ipv4.tcp_synack_retries=2
kernel.sysrq=1
" >> /etc/sysctl.conf


cat >> /etc/security/limits.conf <

# 挂载磁盘并关闭swap
sudo mkfs.ext4  /dev/sdb
sudo mkdir /var/lib/docker
sudo vim /etc/fstab
/dev/sdb    /var/lib/docker    ext4    defaults    0    0
sudo mount -a
#sudo mount /dev/sdb /var/lib/docker

# 安装 helm、rke 和 kubectl /usr/local/bin
cd /usr/local/bin
sudo mv kubectl-19.3 kubectl
sudo mv rke_linux-amd64-v1.1.11 rke
sudo tar zxf helm-v3.4.0-linux-amd64.tar.gz
sudo mv linux-amd64/helm .
sudo rm -fr linux-amd64/ helm-v3.4.0-linux-amd64.tar.gz
sudo chmod +x *
cd

# 记得此处重启一下
reboot

# 安装docker
chmod +x 19.03.sh
./19.03.sh --mirror Aliyun

sudo usermod -aG docker rancher

sudo cat >>  /etc/docker/daemon.json << EOF
{
    "registry-mirrors": ["https://z34wtdhg.mirror.aliyuncs.com","https://registry.docker-cn.com"],
    "insecure-registries":["192.168.1.1:18991"]
}
EOF

sudo systemctl enable docker
sudo systemctl start docker

# 上传k8s镜像并导入以提高安装速度
scp root@192.168.20.232:/vmfs/volumes/datastore1/rancher_images.zip /home/rancher
unzip rancher_images.zip
cd rancher_images
./rancher_load.sh

# 建立rancher集群
cd
cat > rancher-cluster.yml << EOF
nodes:
  - address: 192.168.20.221
    user: rancher
    role: [controlplane,worker,etcd]
  - address: 192.168.20.222
    user: rancher
    role: [controlplane,worker,etcd]
  - address: 192.168.20.223
    user: rancher
    role: [controlplane,worker,etcd]

services:
  etcd:
    snapshot: true
    creation: 6h
    retention: 24h
# 当使用外部 TLS 终止，并且使用 ingress-nginx v0.22或以上版本时，必须。
#ingress:
#  provider: nginx
#  options:
#    use-forwarded-headers: "true"
EOF

rke up --config ./rancher-cluster.yml

# 出现这个重新执行就可以了 rke up --config ./rancher-cluster.yml
FATA[0301] Failed to get job complete status for job rke-network-plugin-deploy-job in namespace kube-system

# 配置kubectl密钥
mkdir /home/rancher/.kube/
cp kube_config_rancher-cluster.yml $HOME/.kube/config
chmod 600 $HOME/.kube/config

# 配置helm源
kubectl -n kube-system create serviceaccount tiller
kubectl create clusterrolebinding tiller --clusterrole cluster-admin --serviceaccount=kube-system:tiller
helm repo add rancher-stable http://rancher-mirror.oss-cn-beijing.aliyuncs.com/server-charts/stable

# 使用helm安装rancher
kubectl create namespace cattle-system
helm install rancher-stable/rancher \
  --generate-name  \
  --namespace cattle-system \
  --set hostname=dev-rancher.abc.com \
  --set ingress.tls.source=secret

最后编辑：2021-04-13

作者：王, 帅

这个作者貌似有点懒，什么都没有留下。

站内专栏