概述

最近在玩 Rancher, 先从最根本的性能玩起, 目前有几个曾经搭建好的 K8S 集群, 须要批量导入, 发现官网曾经有批量导入的文档了. 依据 Rancher v2.6 进行验证微调后总结经验.

1. Rancher UI 获取创立集群参数

  1. 拜访Rancher_URL/v3/clusters/,单击右上角“Create”,创立导入集群:

  2. 在参数填写页面中,批改以下参数:

    • dockerRootDir 默认为/var/lib/docker,如果 dockerroot 门路有批改,须要批改此配置门路;
    • enableClusterAlerting(可选) 依据须要抉择是否默认开启集群告警;
    • enableClusterMonitoring(可选) 依据须要抉择是否默认开启集群监控;
    • name(必填) 设置集群名称,名称具备唯一性,不能与现有集群名称雷同;
  3. 配置好参数后单击Show Request
  4. 在弹出的窗口中,复制API RequestHTTP Request:{}中的内容,此内容即为创立的集群的 API 参数;
#!/bin/bashapi_url='https://rancher-demo.example.com'api_token='token-dbkgj:7pqf5rrjmlxxxxxxxxxxxxxxxxxxxxxxxtrnfljwtxh'cluster_name=$1create_cluster_data(){  cat <<EOF{ "agentEnvVars": [ ], "aksConfig": null, "aliyunEngineConfig": null, "amazonElasticContainerServiceConfig": null, "answers": null, "azureKubernetesServiceConfig": null, "clusterTemplateRevisionId": "", "defaultClusterRoleForProjectMembers": "", "defaultPodSecurityPolicyTemplateId": "", "dockerRootDir": "/var/lib/docker", "eksConfig": null, "enableClusterAlerting": false, "enableClusterMonitoring": false, "gkeConfig": null, "googleKubernetesEngineConfig": null, "huaweiEngineConfig": null, "k3sConfig": null, "localClusterAuthEndpoint": null, "name": "$cluster_name", "rancherKubernetesEngineConfig": null, "rke2Config": null, "scheduledClusterScan": null, "windowsPreferedCluster": false}EOF}curl -k -X POST \    -H "Authorization: Bearer ${api_token}" \    -H "Content-Type: application/json" \    -d "$(create_cluster_data)" $api_url/v3/clusters

2. 创立集群

  1. 保留以上代码为脚本文件,最初执行脚本。

    ./rancher_import_cluster.sh <your-cluster-name>

  2. 脚本执行实现后,集群状态如下所示,其状态为Provisioning;

3. 创立注册命令

这一步可能不须要, 创立集群时就会主动生成 clusterregistrationtokens

这里又生成了一遍, 会导致有多条 clusterregistrationtokens

4. 获取主机注册命令

复制并保留以下内容为脚本文件,批改前三行api_urltokencluster_name,而后执行脚本。

#!/bin/bashapi_url='https://rancher-demo.example.com'api_token='token-dbkgj:7pqf5rrjmlbgtssssssssssssssssssssssssssssnfljwtxh'cluster_name=$1cluster_ID=$( curl -s -k -H "Authorization: Bearer ${api_token}" $api_url/v3/clusters | jq -r ".data[] | select(.name == \"$cluster_name\") | .id" )# nodeCommand#curl -s -k -H "Authorization: Bearer ${api_token}" $api_url/v3/clusters/${cluster_ID}/clusterregistrationtokens | jq -r .data[].nodeCommand# command#curl -s -k -H "Authorization: Bearer ${api_token}" $api_url/v3/clusters/${cluster_ID}/clusterregistrationtokens | jq -r .data[].command# insecureCommandcurl -s -k -H "Authorization: Bearer ${api_token}" $api_url/v3/clusters/${cluster_ID}/clusterregistrationtokens | jq -r .data[].insecureCommand

Notes:

这里看须要, 有 3 种命令:

  1. nodeCommand: 间接通过 docker 来执行的;
  2. command: 通过kubectl 来执行的;
  3. insecureCommand: 公有 CA 证书, 通过 curl 联合 kubectl 来执行的.

这里我应用了第三种

AllInOne

#!/bin/bashapi_url='https://rancher-demo.example.com'api_token='token-dbkgj:7pqf5rrjxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxljwtxh'cluster_name=$1create_cluster_data(){  cat <<EOF{ "agentEnvVars": [ ], "aksConfig": null, "aliyunEngineConfig": null, "amazonElasticContainerServiceConfig": null, "answers": null, "azureKubernetesServiceConfig": null, "clusterTemplateRevisionId": "", "defaultClusterRoleForProjectMembers": "", "defaultPodSecurityPolicyTemplateId": "", "dockerRootDir": "/var/lib/docker", "eksConfig": null, "enableClusterAlerting": false, "enableClusterMonitoring": false, "gkeConfig": null, "googleKubernetesEngineConfig": null, "huaweiEngineConfig": null, "k3sConfig": null, "localClusterAuthEndpoint": null, "name": "$cluster_name", "rancherKubernetesEngineConfig": null, "rke2Config": null, "scheduledClusterScan": null, "windowsPreferedCluster": false}EOF}curl -k -X POST \    -H "Authorization: Bearer ${api_token}" \    -H "Content-Type: application/json" \    -d "$(create_cluster_data)" $api_url/v3/clusters >/dev/nullif [ $? -eq 0 ]; then    cluster_ID=$( curl -s -k -H "Authorization: Bearer ${api_token}" $api_url/v3/clusters | jq -r ".data[] | select(.name == \"$cluster_name\") | .id" )    # insecureCommand    curl -s -k -H "Authorization: Bearer ${api_token}" $api_url/v3/clusters/${cluster_ID}/clusterregistrationtokens | jq -r .data[].insecureCommand    echo "Please execute the above command in the imported cluster to complete the process."else    echo "Import cluster in rancher failed"fi
./rancher_import_cluster.sh <your-cluster-name>

执行后会输入一条命令, 在被导入集群上执行如下命令:

# curl --insecure -sfL https://rancher-demo.example.com/v3/import/lzxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxqm6v4lp576c6mg_c-vwv5l.yaml | kubectl apply -f -clusterrole.rbac.authorization.k8s.io/proxy-clusterrole-kubeapiserver createdclusterrolebinding.rbac.authorization.k8s.io/proxy-role-binding-kubernetes-master creatednamespace/cattle-system createdserviceaccount/cattle createdclusterrolebinding.rbac.authorization.k8s.io/cattle-admin-binding createdsecret/cattle-credentials-ec53bfa createdclusterrole.rbac.authorization.k8s.io/cattle-admin createddeployment.apps/cattle-cluster-agent createdservice/cattle-cluster-agent created

即可导入胜利.

TODO:

前面再把登录到对应集群的 master 机器, 并执行命令纳入脚本.

系列文章

  • Rancher 系列文章

️参考文档

  • 应用脚本创立导入集群 | Rancher文档
三人行, 必有我师; 常识共享, 天下为公. 本文由东风微鸣技术博客 EWhisper.cn 编写.