Kubernetes Essentials for Rke deployment with rancher

Brief Description:

RKE (Rancher Kubernetes Engine) is a tool provided by Rancherlabs to quickly install Kubernetes clusters on bare metal, virtual machines, public and private clouds. The deployment of the entire cluster requires only one command, one configuration file, which solves the problem of how to easily deploy kubernetes.

Although rancher provides free video training (see the following link), but users in the use of Rke, still encounter a lot of error messages, can not be installed successfully, mainly because some basic preconditions are not met.

For users to use Rke deployment kubernetes more smoothly, it is necessary to comb, put the deployment points out, so that users using Rke less detours.

Deployment essentials:

System version :

It is recommended to use Ubuntu 16.04.3 LTS version, if it is CentOS7, suggest 7.3 above version;

Docker version:

Rke in the Readme on GitHub, Kubernetes1.8 need Docker 1.12.6, 1.13.1, 17.03,kubernetes1.8 do not support a higher version of Docker;

Host Name:

If the clone system must modify the host name, the hostname hostname must be different!

Host files:

/etc/hosts to configure correctly, must have 127.0.0.1 localhost this one. The Hosts file contains a list of IP and names for all host nodes. Use VI for editing, can not use Chinese full-width space;

SELinux:

Must be closed! Under CentOS, you can modify the configuration file/etc/sysconfig/selinux, set the selinux=disabled, and permanently shut down after rebooting.

IPV4 Forwarding :

Must be turned on! Edit the configuration file/etc/sysctl.conf, set enable forwarding,

Net.ipv4.ip_forward = 1

Net.bridge.bridge-nf-call-ip6tables = 1

Net.bridge.bridge-nf-call-iptables = 1

Execution of Sudo sysctl-p takes effect immediately.

Firewall:

Open cluster host node between 6443, 2379, 2380 ports, if it is just starting the trial, you can first shut down the firewall;

Disable Swap:

Be sure to disable swap, otherwise the Kubelet component will not run, permanently disable swap you can modify the/etc/fstab file directly and comment out the swap. Swapoff-a is only temporarily disabled, the next shutdown restart and restore the original;

Enable Cgroup:

Modify the configuration file/etc/default/grub, enable the Cgroup memory limit feature, configure two parameters:

grub_cmdline_linux_default= "Cgroup_enable=memory swapaccount=1"

grub_cmdline_linux= "Cgroup_enable=memory swapaccount=1"

SSH Free Trust:

Rke the installation deployment via SSH tunnel, you need to configure SSH-free trust between the nodes beforehand. If there are 5 nodes in the cluster, you will need to perform 1-pass key generation commands on 5 machines Ssh-keygen + 5 Key Distribution commands Ssh-copy-id [email protected] node IP. If the execution of the Rke of the local also to join the k8s cluster, but also to use Ssh-copy-id [email protected] Native IP, the public key distribution to the machine, the local implementation of SSH-free configuration, otherwise it will error. Secret-Free Configuration method:http://blog.csdn.net/csdn_duomaomao/article/details/79164073 .

Rke Deploying Users:

1, Rke Deployment User is the user in the Cluster.yml configuration file, that is, the above can ssh password-free login to other machine users;

2, CentOS7 can not use the root user, Ubuntu can be used both root and ordinary users;

3, if the use of ordinary users for Rke installation, to add ordinary users (such as User01) to the Docker Group, command: sudo usermod-ag docker User01

4. After using apt to install Docker on Ubuntu, the Docker user group will be created automatically without having to manually create the Docker group, simply by adding users who deploy Rke (such as User01) to the Docker group to see if there are any Docker groups, and whether the User01 user is in the Docker group, you can view the/etc/group file directly;

If Ubuntu uses the root user for Rke installation, it needs to configure the SSHD service, modify the configuration file/etc/ssh/sshd_config, and Permitrootlogin Prohibit-password Change to Permitrootlogin Yes, allow root remote ssh login, uncomment #authorizedkeysfile%h/.ssh/authorized_keys, allow record of authorization key file;

The essential:

01-Create User01 users, add User01 to the Docker group

02-Modify the Grub configuration file to enable the Cgroup memory limit feature

03-Modify etc under Fstab file, permanently disable swap

04-ubuntu If you use root to install, you need to modify the SSH configuration, allow root Telnet

05-rke Installation Deployment Process 1

06-rke Installation Deployment Process 2

07-rke Installation Deployment Process 3

01-Create User01 users, add User01 to the Docker group

02-Modify the Grub configuration file to enable the Cgroup memory limit feature

03-Modify etc under Fstab file, permanently disable swap

04-ubuntu If you use root to install, you need to modify the SSH configuration, allow root Telnet

05-rke Installation Deployment Process 1

06-rke Installation Deployment Process 2

07-rke Installation Deployment Process 3

Reference configuration file:

An available cluster.yml configuration file:

---

Auth

strategy:x509

Options

Foo:bar

# Supported plugins is:

# flannel

# calico

# Canal

# weave

#

# If you is using calico on AWS, use the Network plugin config option:

# ' Cloud_provider:aws '

Network

Plugin:flannel

Options

Flannel_image:registry.cn-shenzhen.aliyuncs.com/rancher_cn/flannel

Flannel_cni_image:registry.cn-shenzhen.aliyuncs.com/rancher_cn/flannel-cni

Nodes

-address:192.168.3.161

User:user01

Role: [Controlplane, Etcd]

Ssh_key_path: ~/.ssh/id_rsa

-address:192.168.3.162

User:user01

Role: [Worker]

Ssh_key_path: ~/.ssh/id_rsa

-address:192.168.3.163

User:user01

Role: [Worker]

Ssh_key_path: ~/.ssh/id_rsa

Services

Etcd

Image:registry.cn-shenzhen.aliyuncs.com/rancher_cn/etcd:latest

KUBE-API:

Image:rancher/k8s:v1.8.3-rancher2

Service_cluster_ip_range:10.233.0.0/18

Pod_security_policy:false

Extra_args:

V:4

Kube-controller:

Image:rancher/k8s:v1.8.3-rancher2

Cluster_cidr:10.233.64.0/18

Service_cluster_ip_range:10.233.0.0/18

Scheduler

Image:rancher/k8s:v1.8.3-rancher2

Kubelet:

Image:rancher/k8s:v1.8.3-rancher2

Cluster_domain:cluster.local

cluster_dns_server:10.233.0.3

infra_container_image:registry.cn-shenzhen.aliyuncs.com/rancher_cn/pause-amd64:3.0

Command:--fail-swap-on=false

Kubeproxy:

Image:rancher/k8s:v1.8.3-rancher2

System_images:

Alpine:alpine:latest

nginx_proxy:rancher/rke-nginx-proxy:0.1.0

cert_downloader:rancher/rke-cert-deployer:0.1.0

kubedns_image:registry.cn-shenzhen.aliyuncs.com/rancher_cn/k8s-dns-kube-dns-amd64:1.14.5

dnsmasq_image:registry.cn-shenzhen.aliyuncs.com/rancher_cn/k8s-dns-dnsmasq-nanny-amd64:1.14.5

kubedns_sidecar_image:registry.cn-shenzhen.aliyuncs.com/rancher_cn/k8s-dns-sidecar-amd64:1.14.5

kubedns_autoscaler_image:registry.cn-shenzhen.aliyuncs.com/rancher_cn/cluster-proportional-autoscaler-amd64:1.0.0

# All Addon manifests must specify a namespace

Addons: |

---

Apiversion:v1

Kind:pod

Metadata

Name:my-nginx

Namespace:default

Spec

Containers

-Name:my-nginx

Image:nginx

Ports

-CONTAINERPORT:80

Reference Links:

Rke Quick Start Guide: Open source Lightweight k8s Installer

https://www.cnrancher.com/an-introduction-to-rke/

Free Video Training: How to install using Rke

http://www.itdks.com/liveevent/detail/8343

RKE Introduction

Https://github.com/rancher/rke

Rke Tool download page

https://github.com/rancher/rke/releases/

RKE cluster.yml File Description

Https://github.com/rancher/rke/blob/master/cluster.yml

Kubernetes Essentials for Rke deployment with rancher