基于rancher搭建k8s

快速搭建rancher

-v 用来挂载证书，如果没有证书，可以删除，默认使用rancher内置的自签证书

docker run -d --name rancher --privileged --restart=unless-stopped \
    -p 10080:80 -p 10443:443 \
    -v /root/tmp/rancher.mb.com.crt:/etc/rancher/ssl/cert.pem \
    -v /root/tmp/rancher.mb.com.key:/etc/rancher/ssl/key.pem \
    -v /root/tmp/cacerts.pem:/etc/rancher/ssl/cacerts.pem \
    rancher/rancher:v2.7.5

访问 https://ip:10443

rancher启动较慢，可以稍等片刻，大约半分钟，即可访问。前提是防火墙放行端口10443

获取rancher UI 默认的登录密码

浏览器访问到rancher的登录页面后，执行shell docker logs rancher 2>&1 | grep "Bootstrap Password:" 查看默认的登录密码

登录成功后，进入集群管理

创建集群

由于docker run的时候没有信任的证书，所以此处打勾

复制注册命令在需要安装的k8s机器上执行命令，静默安装. 我这边4h8g的机器大概在5分钟内安装完毕

rancher查看安装日志

安装过程中，会看到些许ERROR日志， 只要这个日志不会卡在那里1分钟以上， 就不要人为干预，rancher会自行调整

docker logs -f rancher

安装过程中的图

安装完成。节点状态变成Active，表示k8s可用。

需要安装k8s集群时，拿着命令在目标机上执行即可

遇到的坑

执行创建k8s的命令后， 一直都在Update状态

• 背景说明：安装完成后，想再折腾一下，于是删除节点，再重复上面的操作，发现一直都创建不成功
• 解决办法
  • 在rancher移除节点
  • 在rancher集群管理，删除前面创建的集群
  • 在k8s机器上执行卸载命令， 命令一般放在/usr/local/bin目录，可以通过 shell /usr/local/bin/k3s-uninstall.sh 查找
  • 如果安装的k3s,执行 k3s-uninstall.sh 和 rancher-system-agent-uninstall.sh ；如果安装的是rke2,则卸载rke2的命令，rke2卸载命令的查找方法和k3s的查找方法类似

卸载命令备份

这些命令是rancher安装集群的时候自动生成的，做个备份在这里，防止失联

k3s-uninstall.sh

#!/bin/sh
set -x
[ $(id -u) -eq 0 ] || exec sudo $0 $@

/usr/local/bin/k3s-killall.sh

if command -v systemctl; then
    systemctl disable k3s
    systemctl reset-failed k3s
    systemctl daemon-reload
fi
if command -v rc-update; then
    rc-update delete k3s default
fi

rm -f /etc/systemd/system/k3s.service
rm -f /etc/systemd/system/k3s.service.env

remove_uninstall() {
    rm -f /usr/local/bin/k3s-uninstall.sh
}
trap remove_uninstall EXIT

if (ls /etc/systemd/system/k3s*.service || ls /etc/init.d/k3s*) >/dev/null 2>&1; then
    set +x; echo 'Additional k3s services installed, skipping uninstall of k3s'; set -x
    exit
fi

for cmd in kubectl crictl ctr; do
    if [ -L /usr/local/bin/$cmd ]; then
        rm -f /usr/local/bin/$cmd
    fi
done

rm -rf /etc/rancher/k3s
rm -rf /run/k3s
rm -rf /run/flannel
rm -rf /var/lib/rancher/k3s
rm -rf /var/lib/kubelet
rm -f /usr/local/bin/k3s
rm -f /usr/local/bin/k3s-killall.sh

if type yum >/dev/null 2>&1; then
    yum remove -y k3s-selinux
    rm -f /etc/yum.repos.d/rancher-k3s-common*.repo
elif type rpm-ostree >/dev/null 2>&1; then
    rpm-ostree uninstall k3s-selinux
    rm -f /etc/yum.repos.d/rancher-k3s-common*.repo
elif type zypper >/dev/null 2>&1; then
    uninstall_cmd="zypper remove -y k3s-selinux"
    if [ "${TRANSACTIONAL_UPDATE=false}" != "true" ] && [ -x /usr/sbin/transactional-update ]; then
        uninstall_cmd="transactional-update --no-selfupdate -d run $uninstall_cmd"
    fi
    $uninstall_cmd
    rm -f /etc/zypp/repos.d/rancher-k3s-common*.repo
fi

rancher-system-agent-uninstall.sh

#!/bin/sh

if [ ! $(id -u) -eq 0 ]; then
  fatal "This script must be run as root."
fi

# Environment variables:
#   System Agent Variables
#   - CATTLE_AGENT_CONFIG_DIR (default: /etc/rancher/agent)
#   - CATTLE_AGENT_VAR_DIR (default: /var/lib/rancher/agent)
#   - CATTLE_AGENT_BIN_PREFIX (default: /usr/local)
#

# warn logs the given argument at warn log level.
warn() {
    echo "[WARN] " "$@" >&2
}

# check_target_mountpoint return success if the target directory is on a dedicated mount point
check_target_mountpoint() {
    mountpoint -q "${CATTLE_AGENT_BIN_PREFIX}"
}

# check_target_ro returns success if the target directory is read-only
check_target_ro() {
    touch "${CATTLE_AGENT_BIN_PREFIX}"/.r-sa-ro-test && rm -rf "${CATTLE_AGENT_BIN_PREFIX}"/.r-sa-ro-test
    test $? -ne 0
}

setup_env() {
    if [ -z "${CATTLE_AGENT_CONFIG_DIR}" ]; then
        CATTLE_AGENT_CONFIG_DIR=/etc/rancher/agent
    fi

    if [ -z "${CATTLE_AGENT_VAR_DIR}" ]; then
        CATTLE_AGENT_VAR_DIR=/var/lib/rancher/agent
    fi

    # --- resources are installed to /usr/local by default, except if /usr/local is on a separate partition or is
    # --- read-only in which case we go into /opt/rancher-system-agent. If variable isn't passed and this criteria is
    # --- true, assume that is what was done, since removing from /usr/local wouldn't be possible anyway.
    if [ -z "${CATTLE_AGENT_BIN_PREFIX}" ]; then
        CATTLE_AGENT_BIN_PREFIX="/usr/local"
        if check_target_mountpoint || check_target_ro; then
            CATTLE_AGENT_BIN_PREFIX="/opt/rancher-system-agent"
            warn "/usr/local is read-only or a mount point; checking ${CATTLE_AGENT_BIN_PREFIX}"
        fi
    fi

}

uninstall_stop_services() {
    if command -v systemctl >/dev/null 2>&1; then
        systemctl stop rancher-system-agent
    fi
}

uninstall_remove_self() {
    rm -f "${CATTLE_AGENT_BIN_PREFIX}/bin/rancher-system-agent-uninstall.sh"
}

uninstall_disable_services()
{
    if command -v systemctl >/dev/null 2>&1; then
        systemctl disable rancher-system-agent || true
        systemctl reset-failed rancher-system-agent || true
        systemctl daemon-reload
    fi
}

uninstall_remove_files() {
    rm -f /etc/systemd/system/rancher-system-agent.service
    rm -f /etc/systemd/system/rancher-system-agent.env
    rm -rf ${CATTLE_AGENT_VAR_DIR}
    rm -rf ${CATTLE_AGENT_CONFIG_DIR}
    rm -f "${CATTLE_AGENT_BIN_PREFIX}/bin/rancher-system-agent"
}

setup_env
uninstall_stop_services
trap uninstall_remove_self EXIT
uninstall_disable_services
uninstall_remove_files