1.服务器规划ipfqdnhostnameconfig192.168.126.10rancher.k8s.example.comrancher管理负载4-4192.168.126.11jwxt.k8s.example.comjwxt应用负载4-4192.168.126.12harbor.k8s.example.comharbor4-8192.168.126.11jwxt.k8s.example.comjwxt应用负载4-4192.168.126.12harbor.k8s.example.comharbor4-8192.12comexample.-8192.168.126.21rancher2.k8s.example.comrancher24-8192.168.126.226.22rancher3.k8k8k8s.k8s.example34samplem.com.com.com.com.com.com.com.com.com.com.com.com.complay.com.complay.complame.com.compample.com.comample.comemplk8s.example.comk8s034-8192.168.126.40docker01.k8s.example.comdocker0112-16192.168.126.41docker02.k8s.example.comdocker0212-16192.168.126.42docker03.k8s.example.comdocker0312-16192.168.126.50nfs.k8s.example.comnfs4-4192.168.126.51oracle.k8s.example.comoracle8-32以下所有操作都配置了eams用户,并且eams用户有sudo权限yuminstallsudo-yuseraddeamsechoabc123|passwd--stdineamsusermodeams-aGwheelvim/etc/sudoersNOPASSED:ALL2.配置ansible环境以下所有操作均在rancher的主机上进行(nginx加载)2.1修改hosts文件sudovim/etc/hostshosts文件(例子)127.0.0.1localhostlocalhost.localdomainlocalhost4localhost4.localdomain4::1localhostlocalhost.localdomainlocalhost6localhost6.localdomain6192.168.126.10rancher.k8s.example.comrancher192.168.126.11app.k8s.example.comapp192.168.126.12harbor.k8s.example.comharbor192.168.126.20rancher1.k8s.example.comrancher1192.168.126.21rancher2.k8s.example.comrancher2192.168.126.22rancher3.k8s.example.comrancher3192.168.126.30k8s01.k898com2.example1628.18s6231.18s.k8s.example.comk8s02192.168.126.32k8s03.k8s.example.comk8s03192.168.126.40docker01.k8s.example.comdocker01192.168.126.41docker18192.docker1.example.example.com42sdocker.example.k.comdocker03192.168.126.50nfs.k8s.example.comnfs使用命令ping主机名,如pingnfs,测试配置成功。2.2安装ansiblesudoyuminstallepel-release-ysudoyuminstallansible-y2。3下载ansible脚本https://e.coding.net/supwisdo...复制到/home/eams目录下ansibe2.4编辑库存文件cd/home/eams/ansible/viminventory库存文件(例子)是绿色的名称不可更改,host可根据实际需要增减。6不登录ssh-keygen设置SSH,所有提示直接回车。生成成功后,一条一条执行以下命令。过程中需要输入yes和对应主机的eams用户密码ssh-copy-ideams@nginx1ssh-copy-ideams@nginx2ssh-copy-ideams@harborssh-copy-ideams@rancher1ssh-copy-IDeams@rancher2ssh-copy-ideams@rancher3ssh-copy-ideams@k8s01ssh-copy-ideams@k8s02ssh-copy-ideams@k8s03ssh-copy-ideams@docker01ssh-copy-ideams@docker02ssh-copy-ideams@docker03ssh-copy-ideams@nfs2.7测试ansible环境cd/home/eams/ansible/ansibleall-mping返回值success表示ansible环境搭建成功3.配置操作系统环境以下所有操作在rancher的nginx主机上执行目录下的hosts.j2文件cp/etc/hosts/home/eams/ansible/hosts.j2ansible-playbookhosts.yml#验证ansibleall-mshell-a'cat/etc/hosts'3.2替换yumsourcecd/home/eams/ansible/ansible-playbookyum.yml#验证ansibleall-mshell-a'ls-l/etc/yum.repos.d/'3.3升级系统内核(可选)cd/home/eams/ansible/#更新除nginx1以外的所有主机更新完成后内核会自动重启ansible-playbookkernel1.yml#验证所有虚拟机都启动成功ansibleall-mping#更新nginx1主机内核ansible-playbookkernel2.yml#重启reboot#验证内核已经已经升级成功ansibleall-mshell-a'uname-a'如果uname-r内核已经是3.10或以上,这一步可以忽略3.4安装软件cd/home/eams/ansible/ansible-playbooksoft.yml更新内核和安装软件的时间比较长,耐心等待。如果进程卡住,ctrl+c终止进程,然后重复脚本直到成功返回3.5关闭firewalld和selinuxcd/home/eams/ansible/ansible-playbookfirewalld.yml#暂时关闭ansibleall-mshell-a'setenforce0'#永久关闭selinux需要重启(或者稍后重启)#ansible"nginxs2appserversnfss"-mshell-a'reboot'#ansiblenginxs1-mshell-a'reboot'#验证ansibleall-mshell-a'systemctlstatusfirewalld'ansibleall-mshell-a'sestatus'3.6设置时钟同步cd/home/eams/ansible/vimtimesync.ymltimesyncfile----name:timesynchosts:alltasks:-name:Install并配置chronyinclude_role:name:unxnn.chronyvars:chrony_config_server:-ntp.aliyun.comchrony_timezone:Asia/Shanghai把ntp.aliyun.com改成学校时钟服务器地址,保存退出cd/home/eams/ansible/ansible-playbooktimesync.yml#验证ansibleall-mshell-a'timedatectl'3.7设置语言环境(可选)echo#检查所有主机的语言环境是否为en_US.UTF-8ansibleall-mshell-a'echo$LANG'#(可选)如果语言环境不是en_US.UFT-8cd/home/eams/ansible/ansible-playbooklang.yml如果重新设置语言环境变量,在现有打开的终端窗口中echo$LANG仍然没有修改,必须重启一个终端才能修改3.8内核模块优化cd/home/eams/ansible/ansible-playbookcore.yml#验证,抽查其中一个模块是否加载成功ansibleall-mshell-a'lsmod|grepveth'3.9关闭SWAP分区cd/home/eams/ansible/ansible-playbookswap.yml#验证ansibleappservers-mshell-a'free-m'3.10NFS服务器安装cd/home/eams/ansible/ansible-playbooknfs.yml#verifyansiblenfss-mshell-a'showmount-elocalhost'3.11重启至此,重启所有主机,观察是否正常启动。如有问题,检查处理ansible"nginxs2appserversnfss"-mshell-a'reboot'ansiblenginxs1-mshell-a'reboot'4.集群安装以下所有操作均在rancher的nginx主机上进行4.1Docker安装cd/home/eams/ansible/ansible-playbookdocker1.yml#验证客户端显示是否正常。ansibleappservers-mshell-a'dockerversion'client正常,servererror正常。4.2Docker配置cd/home/eams/ansible/ansible-playbookdocker2。yml#verifyansibleappservers-mshell-a'dockerversion'client正常,server也正常,说明安装成功4.3rancher的nginx安装cd/home/eams/ansible/ansible-playbooknginx1.yml4.4rancher的nginx配置cd/home/eams/ansible/ansible-playbooknginx2.yml如果nginx服务器超过4个CPU,需要编辑nginx.conf.j2模板文件,然后执行上面的nginx2脚本。4.4安装kubectlcd/home/eams/ansible/ansible-playbookkubectl.yml#Verifykubectlversion4.5安装RKEcd/home/eams/ansible/ansible-playbookrke.yml#Verifyrke-v4.6RKEInstallK8Scdonrancher/home/eams/ansible/ansible-playbook牧场主。yml运行RKE创建集群rkeup--config/home/eams/rancher/rancher-cluster.yml#验证FinishedbuildingKubernetesclustersuccessfully出现,说明环境变量echo"exportKUBECONFIG=/home/eams/rancher/kube_config_rancher-cluster.yml">>~/.bash_profilesource~/.bash_profile执行如下命令查看是否成功kubectlgetnodeskubectlgetpods--all-namespaceskubectlgetpods-nkube-system4.7安装Helmcd/home/eams/ansible/ansible-playbookhelm.yml#验证helmversion4.8创建SSL私钥cd/home/eams/ansible/ansible-playbookssl.yml上面命令会返回result.stdout#切换到ssl目录cd/home/eams/ssl/#复制result.stdout的结果执行,以下命令供参考,不要直接执行。/create_self-signed-cert.sh--ssl-domain=***--ssl-trusted-ip=***--ssl-size=2048--ssl-date=3650验证成功opensslverify-CAfilecacerts.pemtls.crt#应该的returnstatusistls.crt:okopensslx509-intls.crt-noout-text#执行后检查对应的域名和扩展IP是否正确4.9安装ranchercd/home/eams/sslhelmrepoaddrancher-stablehttp:///rancher-mirror.oss-cn-beijing.aliyuncs.com/server-charts/stablehelmrepoupdatekubectlcreatenamespacecattle-systemkubectl-ncattle-systemcreatesecrettlstls-rancher-ingress--cert=./tls.crt--key=./tls.keykubectl-ncattle-systemcreatesecretgenerictls-ca--from-file=cacerts.pem#以下命令需要修改域名,运行helminstallrancherrancher-stable/rancher--命名空间cattle-system--sethostname=**rancher.k8s.example.com**--setingress.tls.source=secret--setprivateCA=true#检查集群是否正常kubectl-ncattle-systemrolloutstatusdeploy/rancher#查看部署状态kubectl-ncattle-systemgetdeployrancher#查看运行容器kubectl-ncattle-systemgetpods#查看运行容器运行状态kubectl-ncattle-systemdescribepod#查看运行日志运行容器kubectl-ncattle-systemlogs-francher-7674bdcd95-4nxjm#配置主机访问域名rancher.k8s.example.com视频教程地址:https://www.ixigua.com/695436。..
