rancher k3s helm 单机安装
介绍
安装时要注意版本问题。
rancher 2.8.5 最高只支持到k8s v1.28, 所以选择了v1.28.10+k3s1
https://www.suse.com/suse-rancher/support-matrix/all-supported-versions/rancher-v2-8-5/
环境
VMware® Workstation 17 Pro 17.5.2 build-23775571 CentOS-7-x86_64-DVD-2009.iso k3s v1.28.10+k3s1 helm-v3.15.1-linux-amd64 cert-manager v1.15.0 rancher:v2.8.5
一开始给的是4G 4C, 但是后面安装操作非常卡顿,所以最后的配置是 8G 4C
solate:vmware centos7 k8s kubeadm 安装
环境可以参考上面链接,一直配置到docker 前的配置。docker后面这些都不用安装。
k3s
官方:
curl -sfL https://get.k3s.io | INSTALL_K3S_VERSION=<VERSION> sh -s - server --cluster-init
采用国内镜像
使用国内镜像源, 或者直接离线安装
curl –sfL \ https://rancher-mirror.rancher.cn/k3s/k3s-install.sh | \ INSTALL_K3S_VERSION=v1.28.10+k3s1 \ INSTALL_K3S_MIRROR=cn \ sh -
操作记录
[root@master ~]# curl –sfL \ > https://rancher-mirror.oss-cn-beijing.aliyuncs.com/k3s/k3s-install.sh | \ > INSTALL_K3S_VERSION=v1.28.10+k3s1 \ > INSTALL_K3S_MIRROR=cn \ > sh - % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- 0:00:05 --:--:-- 0curl: (6) Could not resolve host: xn--sfl-1n0a; Unknown error 100 388 100 388 0 0 859 0 --:--:-- --:--:-- --:--:-- 860 sh: line 1: syntax error near unexpected token `newline' sh: line 1: `<?xml version="1.0" encoding="UTF-8"?>' [root@master ~]# curl –sfL \ > https://rancher-mirror.rancher.cn/k3s/k3s-install.sh | \ > INSTALL_K3S_VERSION=v1.28.10+k3s1 \ > INSTALL_K3S_MIRROR=cn \ > sh - % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0curl: (6) Could not resolve host: xn--sfl-1n0a; Unknown error 100 37345 100 37345 0 0 6029 0 0:00:06 0:00:06 --:--:-- 10153 [INFO] Using v1.28.10+k3s1 as release [INFO] Downloading hash rancher-mirror.rancher.cn/k3s/v1.28.10-k3s1/sha256sum-amd64.txt [INFO] Downloading binary rancher-mirror.rancher.cn/k3s/v1.28.10-k3s1/k3s [INFO] Verifying binary download [INFO] Installing k3s to /usr/local/bin/k3s [INFO] Finding available k3s-selinux versions Loaded plugins: fastestmirror, langpacks Determining fastest mirrors Could not retrieve mirrorlist http://mirrorlist.centos.org/?release=7&arch=x86_64&repo=os&infra=stock error was 14: curl#6 - "Could not resolve host: mirrorlist.centos.org; Unknown error" Could not retrieve mirrorlist http://mirrorlist.centos.org/?release=7&arch=x86_64&repo=extras&infra=stock error was 14: curl#6 - "Could not resolve host: mirrorlist.centos.org; Unknown error" Could not retrieve mirrorlist http://mirrorlist.centos.org/?release=7&arch=x86_64&repo=updates&infra=stock error was 14: curl#6 - "Could not resolve host: mirrorlist.centos.org; Unknown error" * base: mirrors.tuna.tsinghua.edu.cn * extras: mirrors.tuna.tsinghua.edu.cn * updates: mirrors.tuna.tsinghua.edu.cn http://mirrors.tuna.tsinghua.edu.cn/centos/7.9.2009/os/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found Trying other mirror. To address this issue please refer to the below wiki article https://wiki.centos.org/yum-errors If above article doesn't help to resolve this issue please use https://bugs.centos.org/. http://mirrors.bupt.edu.cn/centos/7.9.2009/os/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found Trying other mirror. http://mirrors.bfsu.edu.cn/centos/7.9.2009/os/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found Trying other mirror. base | 3.6 kB 00:00:00 extras | 2.9 kB 00:00:00 updates | 2.9 kB 00:00:00 Package yum-utils-1.1.31-54.el7_8.noarch already installed and latest version Nothing to do Loaded plugins: fastestmirror, langpacks Loaded plugins: fastestmirror, langpacks Loading mirror speeds from cached hostfile * base: mirrors.tuna.tsinghua.edu.cn * extras: mirrors.tuna.tsinghua.edu.cn * updates: mirrors.tuna.tsinghua.edu.cn rancher-k3s-common-stable | 2.9 kB 00:00:00 rancher-k3s-common-stable/primary_db | 4.6 kB 00:00:01 Resolving Dependencies --> Running transaction check ---> Package k3s-selinux.noarch 0:1.5-1.el7 will be installed --> Processing Dependency: container-selinux < 2:2.164.2 for package: k3s-selinux-1.5-1.el7.noarch --> Processing Dependency: container-selinux >= 2:2.107-3 for package: k3s-selinux-1.5-1.el7.noarch --> Running transaction check ---> Package container-selinux.noarch 2:2.119.2-1.911c772.el7_8 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================================================================================================================================== Package Arch Version Repository Size ================================================================================================================================================================== Installing: k3s-selinux noarch 1.5-1.el7 rancher-k3s-common-stable 16 k Installing for dependencies: container-selinux noarch 2:2.119.2-1.911c772.el7_8 extras 40 k Transaction Summary ================================================================================================================================================================== Install 1 Package (+1 Dependent package) Total download size: 56 k Installed size: 135 k Downloading packages: warning: /var/cache/yum/x86_64/7/extras/packages/container-selinux-2.119.2-1.911c772.el7_8.noarch.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY ETA Public key for container-selinux-2.119.2-1.911c772.el7_8.noarch.rpm is not installed (1/2): container-selinux-2.119.2-1.911c772.el7_8.noarch.rpm | 40 kB 00:00:05 warning: /var/cache/yum/x86_64/7/rancher-k3s-common-stable/packages/k3s-selinux-1.5-1.el7.noarch.rpm: Header V3 RSA/SHA256 Signature, key ID e257814a: NOKEY- ETA Public key for k3s-selinux-1.5-1.el7.noarch.rpm is not installed (2/2): k3s-selinux-1.5-1.el7.noarch.rpm | 16 kB 00:00:06 ------------------------------------------------------------------------------------------------------------------------------------------------------------------Total 7.7 kB/s | 56 kB 00:00:07 Retrieving key from https://rpm.rancher.io/public.key Importing GPG key 0xE257814A: Userid : "Rancher (CI) <ci@rancher.com>" Fingerprint: c8cf f216 4551 26e9 b9c9 18be 925e a29a e257 814a From : https://rpm.rancher.io/public.key Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 Importing GPG key 0xF4A80EB5: Userid : "CentOS-7 Key (CentOS 7 Official Signing Key) <security@centos.org>" Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5 Package : centos-release-7-9.2009.0.el7.centos.x86_64 (@anaconda) From : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : 2:container-selinux-2.119.2-1.911c772.el7_8.noarch 1/2 setsebool: SELinux is disabled. Installing : k3s-selinux-1.5-1.el7.noarch 2/2 Verifying : k3s-selinux-1.5-1.el7.noarch 1/2 Verifying : 2:container-selinux-2.119.2-1.911c772.el7_8.noarch 2/2 Installed: k3s-selinux.noarch 0:1.5-1.el7 Dependency Installed: container-selinux.noarch 2:2.119.2-1.911c772.el7_8 Complete! [INFO] Creating /usr/local/bin/kubectl symlink to k3s [INFO] Creating /usr/local/bin/crictl symlink to k3s [INFO] Creating /usr/local/bin/ctr symlink to k3s [INFO] Creating killall script /usr/local/bin/k3s-killall.sh [INFO] Creating uninstall script /usr/local/bin/k3s-uninstall.sh [INFO] env: Creating environment file /etc/systemd/system/k3s.service.env [INFO] systemd: Creating service file /etc/systemd/system/k3s.service [INFO] systemd: Enabling k3s unit Created symlink from /etc/systemd/system/multi-user.target.wants/k3s.service to /etc/systemd/system/k3s.service. [INFO] systemd: Starting k3s [root@master ~]#
会自动安装依赖安装 k3s-selinux , container-selinux 。
查看版本
[root@master ~]# k3s -v k3s version v1.28.10+k3s1 (a4c5612e) go version go1.21.9
查看节点
[root@master ~]# kubectl get node NAME STATUS ROLES AGE VERSION master Ready control-plane,master 115s v1.28.10+k3s1
保存config
官方文档写的是
scp root@192.168.232.5:/etc/rancher/k3s/k3s.yaml ~/.kube/config
但是我们是本机安装,所以直接拷贝
cp /etc/rancher/k3s/k3s.yaml ~/.kube/config
镜像加速
添加代理
cat > /etc/rancher/k3s/registries.yaml << EOF mirrors: docker.io: endpoint: - "https://fsp2sfpr.mirror.aliyuncs.com/" - "https://docker.mirrors.sjtug.sjtu.edu.cn" EOF
重启
systemctl restart k3s
报错1
正常安装不会出现, 如果出现报错
Error: INSTALLATION FAILED: Kubernetes cluster unreachable: Get "http://localhost:8080/version": dial tcp [::1]:8080: connect: connection refused
使用下面的命令添加
export KUBECONFIG=/etc/rancher/k3s/k3s.yaml kubectl get pods --all-namespaces helm ls --all-namespaces
helm
本次直接使用压缩包。
获取二进制文件
移动到 /usr/local/bin/
[root@master kk]# vmhgfs-fuse .host:/ /mnt/hgfs -o nonempty [root@master kk]# cp /mnt/hgfs/workspace/helm-v3.15.1-linux-amd64.tar.gz . [root@master kk]# tar -zxvf helm-v3.15.1-linux-amd64.tar.gz [root@master kk]# mv linux-amd64/helm /usr/local/bin/helm
验证
[root@master ~]# helm version
version.BuildInfo{Version:"v3.15.1", GitCommit:"e211f2aa62992bd72586b395de50979e31231829", GitTreeState:"clean", GoVersion:"go1.22.3"}WARNING 提示解决
[root@master ~]# helm version
WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /root/.kube/config
WARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /root/.kube/config
version.BuildInfo{Version:"v3.15.1", GitCommit:"e211f2aa62992bd72586b395de50979e31231829", GitTreeState:"clean", GoVersion:"go1.22.3"}碰到WARNING 提示解决
删除Helm使用时关于kubernetes文件的警告_kubernetes configuration file is group-readable. t-CSDN博客
前两行警告信息的意思是当前使用的kubernetes的配置文件不安全,同用户组的用户和其他用户都可以读取这个文件
[root@master ~]# ll .kube/config -rw-rw-rw- 1 root root 2965 Jun 28 11:03 .kube/config
可以看到组内用户拥有读写权限(第二个rw),其他用户拥有读权限(第三个r)。
解决这个告警,修改权限即可:
[root@master ~]# chmod g-rw ~/.kube/config [root@master ~]# chmod o-r ~/.kube/config [root@master ~]# ll .kube/config -rw-----w- 1 root root 2965 Jun 28 11:03 .kube/config
再次执行helm命令,告警信息已经没有了:
[root@master ~]# helm version
version.BuildInfo{Version:"v3.15.1", GitCommit:"e211f2aa62992bd72586b395de50979e31231829", GitTreeState:"clean", GoVersion:"go1.22.3"}cert-manager
由于Rancher Manager Server 默认需要SSL/TLS 配置来保证访问安全性,所以需要部署cert-manager, 用于自动签发证书使用。
也可以使用真实域名及真实域名证书。
https://cert-manager.io/docs/installation/helm/
添加helm 仓库
helm repo add jetstack https://charts.jetstack.io --force-update
2. 安装cert-manager
helm install \ cert-manager jetstack/cert-manager \ --namespace cert-manager \ --create-namespace \ --version v1.15.0 \ --set crds.enabled=true
输出
NAME: cert-manager LAST DEPLOYED: Sat Jun 15 19:39:39 2024 NAMESPACE: cert-manager STATUS: deployed REVISION: 1 TEST SUITE: None NOTES: cert-manager v1.15.0 has been deployed successfully! In order to begin issuing certificates, you will need to set up a ClusterIssuer or Issuer resource (for example, by creating a 'letsencrypt-staging' issuer). More information on the different types of issuers and how to configure them can be found in our documentation: https://cert-manager.io/docs/configuration/ For information on how to configure cert-manager to automatically provision Certificates for Ingress resources, take a look at the `ingress-shim` documentation: https://cert-manager.io/docs/usage/ingress/
查看结果
[root@master kk]# kubectl get pods -n cert-manager NAME READY STATUS RESTARTS AGE cert-manager-5968cf46f7-rhfb7 1/1 Running 0 4m42s cert-manager-cainjector-ffdb48d95-gcb9l 1/1 Running 0 4m42s cert-manager-webhook-cd4d58467-zzwx5 1/1 Running 0 4m42s
rancher
添加仓库
helm repo add rancher-latest https://releases.rancher.com/server-charts/latest
2. 创建命名空间
kubectl create namespace cattle-system
3. 安装rancher
安装 Rancher 的最终命令如下。该命令需要一个将流量转发到 Linux 主机的域名。为了简化本教程,你可以使用假域名。<IP_OF_LINUX_NODE>.sslip.io是一个假域名的例子。
要安装特定的 Rancher 版本,请使用--version标志(例如,--version 2.6.6)。否则,默认安装最新的 Rancher
请注意,密码至少需要 12 个字符。
操作 创建install.sh 文件, 改为国内镜像源,
[root@master ~]# mkdir -p workspace/rancher && cd workspace/rancher [root@master rancher]# vim install.sh [root@master rancher]# cat install.sh helm install rancher rancher-latest/rancher \ --namespace cattle-system \ --set hostname=192.168.232.5.sslip.io \ --set replicas=1 \ --set bootstrapPassword=root@123456789 \ --set rancherImage=registry.cn-hangzhou.aliyuncs.com/rancher/rancher \ --set systemDefaultRegistry=registry.cn-hangzhou.aliyuncs.com
rancherImage : 指定rancher镜像
systemDefaultRegistry : 设置系统默认镜像仓库
replicas=1 因为是单机,所以设置成1, 默认是3
启动脚本
[root@master rancher]# chmod +x install.sh [root@master rancher]# ./install.sh
等待pod 启动, 这样配置后,使用的镜像是是国内阿里云的镜像
registry.cn-hangzhou.aliyuncs.com/rancher/rancher:v2.8.5
查看pod 启动情况
[root@master ~]# kubectl get pods -n cattle-system NAME READY STATUS RESTARTS AGE rancher-657b6f9f7d-xz8v8 1/1 Running 0 27m helm-operation-nfrmt 0/2 Completed 0 22m helm-operation-jf8x6 0/2 Completed 0 21m helm-operation-48dbx 0/2 Completed 0 20m rancher-webhook-868c78c94c-ksjgj 1/1 Running 0 20m helm-operation-vs9pb 0/2 Completed 0 20m helm-operation-f8rh4 0/2 Completed 0 19m helm-operation-sb675 0/2 Completed 0 17m
根据提示获取访问地址
[root@master rancher]# echo https://192.168.232.5.sslip.io/dashboard/?setup=$(kubectl get secret --namespace cattle-system bootstrap-secret -o go-template='{{.data.bootstrapPassword|base64decode}}')
https://192.168.232.5.sslip.io/dashboard/?setup=root@123456789
[root@master rancher]# kubectl get secret --namespace cattle-system bootstrap-secret -o go-template='{{.data.bootstrapPassword|base64decode}}{{ "\n" }}'
root@123456789因为是本机,所以需要修改hosts 文件
vim /etc/hosts
使用虚拟机中的firefox 访问会一直加载中,所以配置宿主机
修改win宿主机的hosts文件, 打开下面目录,找到hosts 文件
C:\Windows\System32\drivers\etc
修改host, 添加路由, 已管理员身份运行
192.168.232.5 192.168.232.5.sslip.io
在虚拟机中的界面firefox会一直转圈,
但是宿主机上是可以正常显示的。
显示界面
点击高级,继续前往
2. 进入登录界面, 输入密码进行登录 , 密码是刚才设置的 root@123456789
3. 前往地址, 需要勾选协议, 同意该协议,然后continue
4. 这样就进入了管理首页
pod 启动
使用pod 查看命令
[root@master ~]# kubectl get pods -n cattle-system NAME READY STATUS RESTARTS AGE rancher-657b6f9f7d-xz8v8 1/1 Running 0 35m helm-operation-nfrmt 0/2 Completed 0 30m helm-operation-jf8x6 0/2 Completed 0 29m helm-operation-48dbx 0/2 Completed 0 28m rancher-webhook-868c78c94c-ksjgj 1/1 Running 0 28m helm-operation-vs9pb 0/2 Completed 0 28m helm-operation-f8rh4 0/2 Completed 0 27m helm-operation-sb675 0/2 Completed 0 25m helm-operation-6xcxs 0/2 Completed 0 45s
有时候 helm-operation-xxx 状态会是Error, 但是不影响进入管理端。这些是和rancher-webhook 有关的一些pod, 可以先暂时忽略,等使用到的时候在去修复。
rancher 版本
有些版本在安装的时候会有这样或那样的问题导致安装有问题,这里记录一下现在正在运行的rancher版本号
[root@master ~]# kubectl describe pods -n cattle-system rancher-657b6f9f7d-xz8v8
可以看到使用的镜像是 rancher:v2.8.5
Successfully pulled image "registry.cn-hangzhou.aliyuncs.com/rancher/rancher:v2.8.5" in 3m34.589s
参考
How to install K3S and Rancher using Helm and manage Raspberry Pi CM4 cluster
编辑于 2024-07-14 12:37・IP 属地四川