diff --git a/install/kubernetes/rancher/all_image.py b/install/kubernetes/rancher/all_image.py index 0de5f0ac..f56fae02 100644 --- a/install/kubernetes/rancher/all_image.py +++ b/install/kubernetes/rancher/all_image.py @@ -1,176 +1,6 @@ -# 所需要的所有镜像 -images = [ - 'busybox', - 'rancher/backup-restore-operator:v1.0.2', - 'rancher/banzaicloud-fluentd:v1.11.2-alpine-2', - 'rancher/banzaicloud-logging-operator:3.6.0', - 'rancher/calico-cni:v3.13.4', - 'rancher/calico-cni:v3.16.1', - 'rancher/calico-ctl:v3.13.4', - 'rancher/calico-ctl:v3.16.1', - 'rancher/calico-kube-controllers:v3.13.4', - 'rancher/calico-kube-controllers:v3.16.1', - 'rancher/calico-node:v3.13.4', - 'rancher/calico-node:v3.16.1', - 'rancher/calico-pod2daemon-flexvol:v3.13.4', - 'rancher/calico-pod2daemon-flexvol:v3.16.1', - 'rancher/cis-operator:v1.0.1', - 'rancher/cluster-proportional-autoscaler:1.7.1', - 'rancher/cluster-proportional-autoscaler:1.8.1', - 'rancher/configmap-reload:v0.3.0-rancher2', - 'rancher/coredns-coredns:1.6.2', - 'rancher/coredns-coredns:1.6.5', - 'rancher/coredns-coredns:1.6.9', - 'rancher/coredns-coredns:1.7.0', - 'rancher/coreos-etcd:v3.3.15-rancher1', - 'rancher/coreos-etcd:v3.4.13-rancher1', - 'rancher/coreos-etcd:v3.4.3-rancher1', - 'rancher/coreos-flannel:v0.12.0', - 'rancher/coreos-flannel:v0.13.0-rancher1', - 'rancher/coreos-kube-state-metrics:v1.9.7', - 'rancher/coreos-prometheus-config-reloader:v0.38.1', - 'rancher/coreos-prometheus-operator:v0.38.1', - 'rancher/curlimages-curl:7.70.0', - 'rancher/directxman12-k8s-prometheus-adapter-amd64:v0.6.0', - 'rancher/eks-operator:v1.0.4', - 'rancher/flannel-cni:v0.3.0-rancher6', - 'rancher/fleet-agent:v0.3.1', - 'rancher/fleet:v0.3.1', - 'rancher/fluent-bit-out-syslog:0.1.0', - 'rancher/fluent-fluent-bit:1.5.4', - 'rancher/fluent-fluent-bit:1.5.4-debug', - 'rancher/fluentd:v0.1.19', - 'rancher/gitjob:v0.1.8', - 'rancher/grafana-grafana:6.7.4', - 'rancher/grafana-grafana:7.1.5', - 'rancher/hyperkube:v1.16.15-rancher1', - 'rancher/hyperkube:v1.17.13-rancher1', - 'rancher/hyperkube:v1.18.10-rancher1', - 'rancher/hyperkube:v1.19.3-rancher1', - 'rancher/istio-1.5-migration:0.1.1', - 'rancher/istio-citadel:1.5.9', - 'rancher/istio-coredns-plugin:0.2-istio-1.1', - 'rancher/istio-galley:1.5.9', - 'rancher/istio-install-cni:1.7.3', - 'rancher/istio-installer:1.7.3-rancher2', - 'rancher/istio-kubectl:1.4.6', - 'rancher/istio-kubectl:1.5.10', - 'rancher/istio-kubectl:1.5.9', - 'rancher/istio-mixer:1.5.9', - 'rancher/istio-mixer:1.7.3', - 'rancher/istio-node-agent-k8s:1.5.9', - 'rancher/istio-pilot:1.5.9', - 'rancher/istio-pilot:1.7.3', - 'rancher/istio-proxyv2:1.5.9', - 'rancher/istio-proxyv2:1.7.3', - 'rancher/istio-sidecar_injector:1.5.9', - 'rancher/jaegertracing-all-in-one:1.14', - 'rancher/jenkins-jnlp-slave:3.35-4', - 'rancher/jetstack-cert-manager-controller:v0.8.1', - 'rancher/jettech-kube-webhook-certgen:v1.2.1', - 'rancher/jimmidyson-configmap-reload:v0.2.2', - 'rancher/jimmidyson-configmap-reload:v0.3.0', - 'rancher/k3s-upgrade:v1.17.13-k3s2', - 'rancher/k3s-upgrade:v1.18.10-k3s2', - 'rancher/k3s-upgrade:v1.19.3-k3s2', - 'rancher/k8s-dns-dnsmasq-nanny:1.15.0', - 'rancher/k8s-dns-dnsmasq-nanny:1.15.10', - 'rancher/k8s-dns-dnsmasq-nanny:1.15.2', - 'rancher/k8s-dns-kube-dns:1.15.0', - 'rancher/k8s-dns-kube-dns:1.15.10', - 'rancher/k8s-dns-kube-dns:1.15.2', - 'rancher/k8s-dns-node-cache:1.15.13', - 'rancher/k8s-dns-node-cache:1.15.7', - 'rancher/k8s-dns-sidecar:1.15.0', - 'rancher/k8s-dns-sidecar:1.15.10', - 'rancher/k8s-dns-sidecar:1.15.2', - 'rancher/kiali-kiali:v1.17', - 'rancher/kiali-kiali:v1.24.0', - 'rancher/kiwigrid-k8s-sidecar:0.1.151', - 'rancher/klipper-helm:v0.2.3', - 'rancher/klipper-helm:v0.2.7', - 'rancher/klipper-helm:v0.3.0', - 'rancher/klipper-lb:v0.1.2', - 'rancher/kube-api-auth:v0.1.4', - 'rancher/kubectl:v1.18.0', - 'rancher/kubectl:v1.18.6', - 'rancher/kubernetes-external-dns:v0.7.3', - 'rancher/library-busybox:1.31.1', - 'rancher/library-nginx:1.19.2-alpine', - 'rancher/library-traefik:1.7.19', - 'rancher/local-path-provisioner:v0.0.11', - 'rancher/local-path-provisioner:v0.0.14', - 'rancher/log-aggregator:v0.1.7', - 'rancher/longhornio-csi-attacher:v2.0.0', - 'rancher/longhornio-csi-node-driver-registrar:v1.2.0', - 'rancher/longhornio-csi-provisioner:v1.4.0', - 'rancher/longhornio-csi-resizer:v0.3.0', - 'rancher/longhornio-longhorn-engine:v1.0.2', - 'rancher/longhornio-longhorn-instance-manager:v1_20200514', - 'rancher/longhornio-longhorn-manager:v1.0.2', - 'rancher/longhornio-longhorn-ui:v1.0.2', - 'rancher/metrics-server:v0.3.4', - 'rancher/metrics-server:v0.3.6', - 'rancher/minio-minio:RELEASE.2020-07-13T18-09-56Z', - 'rancher/nginx-ingress-controller-defaultbackend:1.5-rancher1', - 'rancher/nginx-ingress-controller:nginx-0.35.0-rancher2', - 'rancher/opa-gatekeeper:v3.1.0-beta.7', - 'rancher/openpolicyagent-gatekeeper:v3.1.1', - 'rancher/openzipkin-zipkin:2.14.2', - 'rancher/pause:3.1', - 'rancher/pause:3.2', - 'rancher/pipeline-jenkins-server:v0.1.4', - 'rancher/pipeline-tools:v0.1.15', - 'rancher/plugins-docker:18.09', - 'rancher/prom-alertmanager:v0.21.0', - 'rancher/prom-node-exporter:v1.0.1', - 'rancher/prom-prometheus:v2.12.0', - 'rancher/prom-prometheus:v2.18.2', - 'rancher/prometheus-auth:v0.2.1', - 'rancher/pstauffer-curl:v1.0.3', - 'rancher/pushprox-client:v0.1.0-rancher1-client', - 'rancher/pushprox-proxy:v0.1.0-rancher1-proxy', - 'rancher/rancher-agent:v2.4.8', - 'rancher/rancher-agent:v2.5.2', - 'rancher/rancher-operator:v0.1.1', - 'rancher/rancher-webhook:v0.1.0-beta7', - 'rancher/rancher:v2.5.2', - 'rancher/rke-tools:v0.1.66', - 'rancher/security-scan:v0.1.14', - 'rancher/security-scan:v0.2.1', - 'rancher/shell:v0.1.5', - 'rancher/sonobuoy-sonobuoy:v0.16.3', - 'rancher/squareup-ghostunnel:v1.5.2', - 'rancher/system-upgrade-controller:v0.6.2', - 'rancher/tekton-utils:v0.1.0', - 'rancher/thanosio-thanos:v0.15.0', - 'rancher/webhook-receiver:v0.2.4', - 'registry:2' -] -# images=[ -# 'rancher/mirrored-coreos-flannel:v0.15.1', -# 'rancher/hyperkube:v1.18.20-rancher1', -# 'rancher/rke-tools:v0.1.75', -# 'rancher/mirrored-coreos-etcd:v3.4.15-rancher1', -# 'rancher/rancher-agent:v2.5.2', -# 'rancher/rancher:v2.5.2', -# 'rancher/fleet-agent:v0.3.1', -# 'rancher/nginx-ingress-controller:nginx-0.35.0-rancher2', -# 'rancher/rke-tools:v0.1.65', -# 'rancher/mirrored-calico-node:v3.13.4', -# 'rancher/mirrored-calico-pod2daemon-flexvol:v3.13.4', -# 'rancher/mirrored-calico-cni:v3.13.4', -# 'rancher/mirrored-coredns-coredns:1.6.9', -# 'rancher/kube-api-auth:v0.1.4', -# 'rancher/mirrored-metrics-server:v0.3.6', -# 'rancher/mirrored-cluster-proportional-autoscaler:1.7.1', -# 'rancher/mirrored-nginx-ingress-controller-defaultbackend:1.5-rancher1', -# 'rancher/mirrored-pause:3.1', -# 'registry:2', -# 'busybox' -# ] +images = open("rancher-images.txt").readlines() -images = list(set(images)) +images = list(set([x.strip() for x in images if x.strip()])) # 通过私有仓库,将公有镜像下发到内网每台机器上,例如内网ccr.ccs.tencentyun.com的仓库,共约26G HOST = 'ccr.ccs.tencentyun.com/cube-rancher/' # print('docker login ') @@ -182,11 +12,11 @@ for image in images: # 可联网机器上拉取公有镜像并推送到私有仓库 # print('docker pull %s && docker tag %s %s && docker push %s &' % (image,image,image_name,image_name)) - # # # 内网机器上拉取私有仓库镜像 + # 内网机器上拉取私有仓库镜像 # image=image.replace('@sha256','') # print("docker pull %s && docker tag %s %s &" % (image_name,image_name,image)) - # # 拉取公有镜像 + # 拉取公有镜像 image=image.replace('@sha256','') print("docker pull %s &" % (image,)) @@ -197,3 +27,4 @@ print('wait') + diff --git a/install/kubernetes/rancher/init_node_cpu.sh b/install/kubernetes/rancher/init_node_cpu.sh index 5d8b3598..86f073d2 100644 --- a/install/kubernetes/rancher/init_node_cpu.sh +++ b/install/kubernetes/rancher/init_node_cpu.sh @@ -1,9 +1,5 @@ -hostname=`ifconfig eth1 | grep 'inet '| awk '{print $2}' | head -n 1 | awk -F. {'printf("node%03d%03d%03d%03d\n", $1, $2, $3, $4)'}` -echo $hostname -hostnamectl set-hostname ${hostname} - -echo "127.0.0.1 ${hostname}" >> /etc/hosts -echo "::1 ${hostname}" >> /etc/hosts +# ubuntu:20.04 +#sysctl -w net/netfilter/nf_conntrack_max=524288 service docker stop rpm -qa | grep docker | xargs yum remove -y @@ -18,8 +14,13 @@ yum update -y yum install docker-ce -y yum install -y htop docker-compose yum install -y wireshark +yum install -y telnet + # 停止docker,修改配置 systemctl stop docker +systemctl stop docker.socket +systemctl stop docker.service + # 将源docker目录下文件,复制到新目录下 cp -R /var/lib/docker/* /data/docker/ diff --git a/install/kubernetes/rancher/init_node_gpu.sh b/install/kubernetes/rancher/init_node_gpu.sh index 3329944b..8bdcc629 100644 --- a/install/kubernetes/rancher/init_node_gpu.sh +++ b/install/kubernetes/rancher/init_node_gpu.sh @@ -1,9 +1,3 @@ -hostname=`ifconfig eth1 | grep 'inet '| awk '{print $2}' | head -n 1 | awk -F. {'printf("node%03d%03d%03d%03d\n", $1, $2, $3, $4)'}` -echo $hostname -hostnamectl set-hostname ${hostname} - -echo "127.0.0.1 ${hostname}" >> /etc/hosts -echo "::1 ${hostname}" >> /etc/hosts service docker stop rpm -qa | grep docker | xargs yum remove -y diff --git a/install/kubernetes/rancher/readme.md b/install/kubernetes/rancher/readme.md index 91d7c61e..7ed04cd2 100644 --- a/install/kubernetes/rancher/readme.md +++ b/install/kubernetes/rancher/readme.md @@ -12,7 +12,7 @@ 关于镜像的版本,这与rancher和k8s的版本有关。你可以在这里选择一个能够部署k8s 1.18的rancher版本:https://github.com/rancher/rancher/releases -比如我这里使用的是rancher_version=v2.5.2,即2.5.2版本,那么这个版本依赖的镜像,可以在https://github.com/rancher/rancher/releases/tag/$rancher_version 中找到其所依赖的镜像txt文件,也就是 https://github.com/rancher/rancher/releases/download/$rancher_version/rancher-images.txt +比如我这里使用的是rancher_version=v2.6.2,即2.6.2版本,那么这个版本依赖的镜像,可以在https://github.com/rancher/rancher/releases/tag/$rancher_version 中找到其所依赖的镜像txt文件,也就是 https://github.com/rancher/rancher/releases/download/$rancher_version/rancher-images.txt 之后,将依赖的镜像在开发网中拉取下来,然后重新tag成内网仓库镜像,例如docker.oa.com域名下的镜像,推送到docker.oa.com上,接着需要在idc中的每个机器上拉取下来,再tag成原始镜像名。 参考命令: @@ -46,24 +46,26 @@ reset_docker.sh 是为了在机器从rancher集群中踢出以后,把rancher # 部署rancher server -# 部署k8s集群 - 单节点部署rancher server ```bash # 清理历史部署痕迹 reset_docker.sh -# 需要拉取镜像(这里以2.5.2版本为例) +# 需要拉取镜像(这里以2.6.2版本为例) +wget https://github.com/rancher/rancher/releases/download/v2.6.2/rancher-images.txt + python3 all_image.py > pull_rancher_images.sh sh pull_rancher_images.sh -export RANCHER_CONTAINER_TAG=v2.5.2 +export RANCHER_CONTAINER_TAG=v2.6.2 sudo docker run -d --privileged --restart=unless-stopped -p 443:443 --name=myrancher -e AUDIT_LEVEL=3 rancher/rancher:$RANCHER_CONTAINER_TAG ``` -执行完毕后,进去rancher server的https://xx.xx.xx.xx/ 的web界面,这里的xx取决于你服务器的IP地址,之后选择添加集群->选择自定义集群->填写集群名称 +# 部署k8s集群 + +部署完rancher server后,进去rancher server的https://xx.xx.xx.xx/ 的web界面,这里的xx取决于你服务器的IP地址,之后选择添加集群->选择自定义集群->填写集群名称 然后选择kubernetes的版本(注意:这个版本在第一次打开选择页面时可能刷新不出来,需要等待1~2分钟再刷新才能显示) @@ -135,7 +137,6 @@ services部分的示例(注意缩进对齐) 部署完成后,集群的状态会变为"Active",之后就可以继续其他的操作了,比如执行sh start.sh xx.xx.xx.xx等等 - # rancher server 高可用 rancher server 有高可用部署方案,可以参考官网https://rancher.com/docs/rancher/v2.x/en/installation/how-ha-works/ @@ -147,13 +148,15 @@ services部分的示例(注意缩进对齐) 因此下面提供一种方案,能使在单容器模式下,机器重启后,rancher server仍可用。 ```bash export RANCHER_CONTAINER_NAME=myrancher -export RANCHER_CONTAINER_TAG=v2.5.2 +export RANCHER_CONTAINER_TAG=v2.6.2 docker stop $RANCHER_CONTAINER_NAME docker create --volumes-from $RANCHER_CONTAINER_NAME --name rancher-data rancher/rancher:$RANCHER_CONTAINER_TAG # 先备份一遍 docker run --volumes-from rancher-data --privileged -v $PWD:/backup alpine tar zcvf /backup/rancher-data-backup.tar.gz /var/lib/rancher docker run --name myrancher-new -d --privileged --volumes-from rancher-data --restart=unless-stopped -p 443:443 rancher/rancher:$RANCHER_CONTAINER_TAG +# 等到上面运行成功 +docker rm $RANCHER_CONTAINER_NAME ``` 然后就可以把原有容器删除掉了。 @@ -178,8 +181,6 @@ docker stop $RANCHER_CONTAINER_NAME docker start $RANCHER_CONTAINER_NAME ``` - - # 部署完成后需要部分修正 1、因为metric-server默认镜像拉取是Always,所以要修改成imagePullPolicy: IfNotPresent