一、服务器布局
| ip | fqdn | hostname | config |
|---|---|---|---|
| 192.168.126.10 | rancher.k8s.example.com | rancher | 治理负载4-4 |
| 192.168.126.11 | jwxt.k8s.example.com | jwxt | 利用负载4-4 |
| 192.168.126.12 | harbor.k8s.example.com | harbor | 4-8 |
| 192.168.126.20 | rancher1.k8s.example.com | rancher1 | 4-8 |
| 192.168.126.21 | rancher2.k8s.example.com | rancher2 | 4-8 |
| 192.168.126.22 | rancher3.k8s.example.com | rancher3 | 4-8 |
| 192.168.126.30 | k8s01.k8s.example.com | k8s01 | 4-8 |
| 192.168.126.31 | k8s02.k8s.example.com | k8s02 | 4-8 |
| 192.168.126.32 | k8s03.k8s.example.com | k8s03 | 4-8 |
| 192.168.126.40 | docker01.k8s.example.com | docker01 | 12-16 |
| 192.168.126.41 | docker02.k8s.example.com | docker02 | 12-16 |
| 192.168.126.42 | docker03.k8s.example.com | docker03 | 12-16 |
| 192.168.126.50 | nfs.k8s.example.com | nfs | 4-4 |
| 192.168.126.51 | oracle.k8s.example.com | oracle | 8-32 |
以下所有操作都已配置好eams用户,且eams用户具备sudo权限
yum install sudo -yuseradd eamsecho abc123 | passwd --stdin eamsusermod eams -aG wheelvim /etc/sudoersNOPASSED:ALL二、配置ansible环境
以下所有操作都在rancher(nginx负载)的主机上进行
2.1 批改hosts文件
sudo vim /etc/hostshosts文件(示例)
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4::1 localhost localhost.localdomain localhost6 localhost6.localdomain6192.168.126.10 rancher.k8s.example.com rancher192.168.126.11 app.k8s.example.com app192.168.126.12 harbor.k8s.example.com harbor192.168.126.20 rancher1.k8s.example.com rancher1192.168.126.21 rancher2.k8s.example.com rancher2192.168.126.22 rancher3.k8s.example.com rancher3192.168.126.30 k8s01.k8s.example.com k8s01192.168.126.31 k8s02.k8s.example.com k8s02192.168.126.32 k8s03.k8s.example.com k8s03192.168.126.40 docker01.k8s.example.com docker01192.168.126.41 docker02.k8s.example.com docker02192.168.126.42 docker03.k8s.example.com docker03192.168.126.50 nfs.k8s.example.com nfs用命令ping主机名,如ping nfs,测试配置胜利
2.2 装置ansible
sudo yum install epel-release -ysudo yum install ansible -y2.3 下载ansible脚本
https://e.coding.net/supwisdo...
拷贝至/home/eams目录下ansibe
2.4 编辑inventory文件
cd /home/eams/ansible/vim inventory inventory文件(示例)
绿色的名字不能更改,主机可依据理论须要增减
[nginxs]rancherjwxt[nginxs1]rancher[nginxs2]jwxt[harbors]harbor[ranchers]rancher1rancher2rancher3[k8ss]k8s01k8s02k8s03[dockers]docker01docker02docker03[nfss]nfs[appservers:children]ranchersk8ssdockersharbors2.6 设置SSH免登
ssh-keygen所有提醒都间接按回车,生成胜利后,逐条执行以下命令,过程中须要输出yes以及对应主机的eams用户明码
ssh-copy-id eams@nginx1ssh-copy-id eams@nginx2ssh-copy-id eams@harborssh-copy-id eams@rancher1ssh-copy-id eams@rancher2ssh-copy-id eams@rancher3ssh-copy-id eams@k8s01ssh-copy-id eams@k8s02ssh-copy-id eams@k8s03ssh-copy-id eams@docker01ssh-copy-id eams@docker02ssh-copy-id eams@docker03ssh-copy-id eams@nfs2.7 测试ansible环境
cd /home/eams/ansible/ansible all -m ping返回值success示意ansible环境搭建胜利
三、配置操作系统环境
以下所有操作都在rancher的nginx主机上进行
3.1 散发hosts文件
cd /home/eams/ansible/# 能够将以后主机上的hosts文件拷贝,也能够间接编辑ansible目录中的hosts.j2文件cp /etc/hosts /home/eams/ansible/hosts.j2ansible-playbook hosts.yml# 验证ansible all -m shell -a 'cat /etc/hosts'3.2 更换yum源
cd /home/eams/ansible/ansible-playbook yum.yml# 验证ansible all -m shell -a 'ls -l /etc/yum.repos.d/'3.3 降级零碎内核(可选)
cd /home/eams/ansible/# 更新除nginx1之外的所有主机内核,更新实现后主动重启ansible-playbook kernel1.yml# 验证所有虚拟机是否启动胜利ansible all -m ping# 更新nginx1主机内核ansible-playbook kernel2.yml# 重启reboot# 验证内核是否降级胜利ansible all -m shell -a 'uname -a' 如果uname -r 内核曾经是3.10及以上,本步骤能够疏忽
3.4 装置软件
cd /home/eams/ansible/ansible-playbook soft.yml 更新内核和装置软件工夫比拟长,急躁期待。如果过程中卡住了,ctrl+c终止过程,而后从新一遍脚本,直至返回胜利
3.5 敞开firewalld和selinux
cd /home/eams/ansible/ansible-playbook firewalld.yml # 长期敞开ansible all -m shell -a 'setenforce 0'#永恒敞开selinux须要重启(也可稍后重启)#ansible "nginxs2 appservers nfss" -m shell -a 'reboot'#ansible nginxs1 -m shell -a 'reboot'# 验证ansible all -m shell -a 'systemctl status firewalld' ansible all -m shell -a 'sestatus' 3.6 设置时钟同步
cd /home/eams/ansible/vim timesync.yml timesync文件
---- name: time sync hosts: all tasks: - name: Install and configure chrony include_role: name: unxnn.chrony vars: chrony_config_server: - ntp.aliyun.com chrony_timezone: Asia/Shanghai批改ntp.aliyun.com为学校的时钟服务器地址,保留退出
cd /home/eams/ansible/ansible-playbook timesync.yml# 验证ansible all -m shell -a 'timedatectl' 3.7 设置语言环境(可选)echo
# 查看所有主机的语言环境是否是en_US.UTF-8ansible all -m shell -a 'echo $LANG'# (可选)如果语言环境不是en_US.UFT-8cd /home/eams/ansible/ansible-playbook lang.yml如果你从新设置了语言环境变量,在现有关上的终端窗口echo $LANG还是未修改之前的,必须从新开启一个终端才会是批改后的
3.8 内核模块优化
cd /home/eams/ansible/ansible-playbook core.yml# 验证,抽查其中一个模块是否加载胜利ansible all -m shell -a 'lsmod | grep veth'3.9 敞开SWAP分区
cd /home/eams/ansible/ansible-playbook swap.yml# 验证ansible appservers -m shell -a 'free -m'3.10 NFS的服务端装置
cd /home/eams/ansible/ansible-playbook nfs.yml# 验证ansible nfss -m shell -a 'showmount -e localhost' 3.11 重启
至此,将所有主机重启,察看是否失常启动,若有问题,查看解决
ansible "nginxs2 appservers nfss" -m shell -a 'reboot'ansible nginxs1 -m shell -a 'reboot'四、集群装置
以下所有操作都在rancher的nginx主机上进行
4.1 Docker装置
cd /home/eams/ansible/ansible-playbook docker1.yml# 验证 有client显示示意失常ansible appservers -m shell -a 'docker version'client失常,server报错是失常的
4.2 Docker配置
cd /home/eams/ansible/ansible-playbook docker2.yml# 验证ansible appservers -m shell -a 'docker version'client失常,server也失常,示意装置胜利
4.3 rancher的nginx装置
cd /home/eams/ansible/ansible-playbook nginx1.yml4.4 rancher的nginx配置
cd /home/eams/ansible/ansible-playbook nginx2.yml如果nginx服务器超过4个CPU,须要编辑nginx.conf.j2模板文件后,再执行下面的nginx2脚本呢
4.4 装置kubectl
cd /home/eams/ansible/ansible-playbook kubectl.yml#验证kubectl version 4.5 装置RKE
cd /home/eams/ansible/ansible-playbook rke.yml# 验证rke -v4.6 RKE在rancher上装置K8S
cd /home/eams/ansible/ansible-playbook rancher.yml运行RKE创立集群
rke up --config /home/eams/rancher/rancher-cluster.yml# 验证,呈现 Finished building Kubernetes cluster successfully 示意胜利设置环境变量
echo "export KUBECONFIG=/home/eams/rancher/kube_config_rancher-cluster.yml" >> ~/.bash_profilesource ~/.bash_profile执行以下命令,看是否胜利
kubectl get nodeskubectl get pods --all-namespaceskubectl get pods -n kube-system4.7 装置Helm
cd /home/eams/ansible/ansible-playbook helm.yml# 验证helm version4.8 创立SSL私钥
cd /home/eams/ansible/ansible-playbook ssl.yml以上命令会返回result.stdout
# 切换到ssl目录cd /home/eams/ssl/# 复制result.stdout的后果执行,以下命令是参考,不要间接执行./create_self-signed-cert.sh --ssl-domain=*** --ssl-trusted-ip=*** --ssl-size=2048 --ssl-date=3650验证是否胜利
openssl verify -CAfile cacerts.pem tls.crt # 应该返回状态为 tls.crt: okopenssl x509 -in tls.crt -noout -text #执行后查看对应的域名和扩大iP是否正确4.9 装置rancher
cd /home/eams/sslhelm repo add rancher-stable http://rancher-mirror.oss-cn-beijing.aliyuncs.com/server-charts/stablehelm repo updatekubectl create namespace cattle-systemkubectl -n cattle-system create secret tls tls-rancher-ingress --cert=./tls.crt --key=./tls.keykubectl -n cattle-system create secret generic tls-ca --from-file=cacerts.pem# 上面命令须要批改域名后运行helm install rancher rancher-stable/rancher --namespace cattle-system --set hostname=**rancher.k8s.example.com** --set ingress.tls.source=secret --set privateCA=true#查看集群是否失常kubectl -n cattle-system rollout status deploy/rancher#查看deployment状态kubectl -n cattle-system get deploy rancher#查看运行的容器kubectl -n cattle-system get pods#查看运行容器的运行状态kubectl -n cattle-system describe pod#查看运行容器的运行日志kubectl -n cattle-system logs -f rancher-7674bdcd95-4nxjm#配置host拜访域名rancher.k8s.example.com 视频教程地址:
https://www.ixigua.com/695436...