您好,登錄后才能下訂單哦!
Rancher提供了兩種安裝方法,即單節(jié)點(diǎn)安裝和高可用安裝。單節(jié)點(diǎn)安裝可以讓用戶快速部署適用于短期開發(fā)或PoC的Rancher 2.x,而高可用部署則明顯更適合Rancher的長(zhǎng)期部署。
要點(diǎn)須知
前期準(zhǔn)備
為了順利將單個(gè)節(jié)點(diǎn)Rancher安裝遷移到高可用性安裝,您必須做如下準(zhǔn)備:
(https://rancher.com/docs/rancher/v2.x/en/installation/ha/#recommended-architecture )
遷移教程
從Rancher的單個(gè)節(jié)點(diǎn)遷移到高可用性安裝的過(guò)程可以總結(jié)為以下幾個(gè)步驟:
在Rancher單節(jié)點(diǎn)實(shí)例上
1、 備份Rancher單節(jié)點(diǎn)容器
2、 使用單節(jié)點(diǎn)容器中找到的證書組裝pki.bundle.tar.gz
3、 運(yùn)行臨時(shí)utility容器以執(zhí)行容器內(nèi)運(yùn)行的嵌入式etcd的etcd快照
4、 停止舊的Rancher單節(jié)點(diǎn)容器
5、 將server-url的DNS記錄更改為指向新的HA負(fù)載均衡器
在您的工作站或者bastion host上
1、 將生成的pki.bundle.tar.gz和single-node-etcd-snapshot從Rancher單節(jié)點(diǎn)實(shí)例傳輸?shù)焦ぷ髂夸浿械墓ぷ髡旧希üぷ髂夸浽茸詈檬强盏模?/p>
2、 生成指向新HA節(jié)點(diǎn)的rke集群配置文件
3、 rke etcd snapshot-restore從單節(jié)點(diǎn)容器中檢索快照
4、 rke up
5、 根據(jù)文檔在HA中安裝Rancher
開始之前
在整個(gè)教程中,您將輸入一系列命令,以將您環(huán)境中的數(shù)據(jù)替換為占位符。這些占位符用斜角括號(hào)和所有大寫字母(<EXAMPLE>)表示。
下表是找到本教程中使用的各種占位符。請(qǐng)您在開始之前記下此信息,這將有助于您后續(xù)的操作。
在Rancher單節(jié)點(diǎn)實(shí)例上
步驟1 備份Rancher單節(jié)點(diǎn)容器
首先,您應(yīng)該備份Rancher單節(jié)點(diǎn)容器,以確保在遷移過(guò)程中遇到問(wèn)題時(shí)可以回滾到此前運(yùn)行的Rancher單節(jié)點(diǎn)。有關(guān)這方面的更多信息,請(qǐng)參閱:
https://rancher.com/docs/rancher/v2.x/en/backups/backups/single-node-backups/
步驟2 使用單節(jié)點(diǎn)容器中找到的證書組裝pki.bundle.tar.gz
首先,鍵入docker exec,進(jìn)入Rancher容器:
[root@single-node-rancher ~]# docker exec -it <RANCHER_CONTAINER_NAME> /bin/bash
進(jìn)入容器后,將/ etc / kubernetes / ssl目錄tar到pki.bundle.tar.gz:
root@9f4b1729d8ca:/var/lib/rancher# tar -zcvf pki.bundle.tar.gz /etc/kubernetes/ssl
root@9f4b1729d8ca:/var/lib/rancher# exit
將剛剛生成的pki.bundle.tar.gz轉(zhuǎn)移到單節(jié)點(diǎn)實(shí)例上的當(dāng)前工作目錄:
[root@single-node-rancher ~]# docker cp <RANCHER_CONTAINER_NAME>:/var/lib/rancher/pki.bundle.tar.gz .
步驟3 運(yùn)行臨時(shí)utility容器以執(zhí)行容器內(nèi)運(yùn)行的嵌入式etcd的etcd快照
docker運(yùn)行一個(gè)名為etcd-utility的臨時(shí)rke-tools容器,并附加了Rancher容器網(wǎng)絡(luò)。此外,還掛載當(dāng)前工作目錄(將pki.bundle.tar.gz放入其中:
docker run --net=container:<RANCHER_CONTAINER_NAME> -it -v $(pwd):/cwd --name etcd-utility rancher/rke-tools:v0.1.20
在此容器中創(chuàng)建一個(gè)名為ssl的文件夾,然后將pki.bundle.tar.gz解壓到:
bash-4.4# mkdir ssl && cd ssl
bash-4.4# cp /cwd/pki.bundle.tar.gz .
bash-4.4# tar -zxvf pki.bundle.tar.gz --strip-components 3
將單節(jié)點(diǎn)etcd快照到一個(gè)名為single-node-etcd-snapshot的文件中
bash-4.4# cd /
bash-4.4# ETCDCTL_API=3 etcdctl snapshot save --cacert=/ssl/kube-ca.pem --cert=/ssl/kube-etcd-127-0-0-1.pem --key=/ssl/kube-etcd-127-0-0-1-key.pem single-node-etcd-snapshot
bash-4.4# exit
將etcd快照從etcd-utility容器復(fù)制到當(dāng)前工作目錄
[root@single-node-rancher ~]# docker cp etcd-utility:/single-node-etcd-snapshot .
單節(jié)點(diǎn)實(shí)例上的當(dāng)前工作目錄應(yīng)包含兩個(gè)文件:pki.bundle.tar.gz和single-node-etcd-snapshot。這是將Rancher從單節(jié)點(diǎn)遷移到HA所需的兩個(gè)組件。
步驟4 停止舊的Rancher單節(jié)點(diǎn)容器
[root@single-node-rancher ~]# docker stop <RANCHER_CONTAINER_NAME>
步驟5 將server-url的DNS記錄更改為指向新的HA負(fù)載均衡器
為了正確遷移Rancher,您應(yīng)該更新DNS基礎(chǔ)結(jié)構(gòu)中的DNS記錄,以將Rancher server-url指向新的HA負(fù)載均衡器。
在您的工作站或者bastion host上
將生成的pki.bundle.tar.gz和single-node-etcd-snapshot從Rancher單節(jié)點(diǎn)實(shí)例傳輸?shù)焦ぷ髂夸浿械墓ぷ髡旧希üぷ髂夸涀詈迷染褪强盏模?br/>
Endeavor:single-node-to-ha-migration chriskim$ scp root@<RANCHER_SINGLE_NODE_HOST>:/root/pki.bundle.tar.gz .
Endeavor:single-node-to-ha-migration chriskim$ scp root@<RANCHER_SINGLE_NODE_HOST>:/root/single-node-etcd-snapshot .
生成指向您的新HA節(jié)點(diǎn)的rke集群配置文件
舉個(gè)例子,rancher-cluster.yml文件如下所示:
nodes:
- address: <RANCHER_HA_HOST_1> user: centos role: [controlplane,worker,etcd]services:
etcd:
snapshot: true
creation: 6h
retention: 24h
在所需的HA節(jié)點(diǎn)上創(chuàng)建/ opt / rke / etcd-snapshots目錄,并將single-node-etcd-snapshot和pki.bundle.tar.gz文件復(fù)制到該目錄:
Endeavor:single-node-to-ha-migration chriskim$ ssh root@<RANCHER_HA_HOST_1> "mkdir -p /opt/rke/etcd-snapshots"Endeavor:single-node-to-ha-migration chriskim$ scp pki.bundle.tar.gz root@<RANCHER_HA_HOST_1>:/opt/rke/etcd-snapshots
Endeavor:single-node-to-ha-migration chriskim$ scp single-node-etcd-snapshot root@<RANCHER_HA_HOST_1>:/opt/rke/etcd-snapshots
使用RKE將 single-node- etcd-snapshot恢復(fù)到新的HA節(jié)點(diǎn):
rke etcd snapshot-restore --name single-node-etcd-snapshot --config rancher-cluster.yml
完整命令行如下:
INFO[0000] Starting restoring snapshot on etcd hosts
INFO[0000] [dialer] Setup tunnel for host [ha-rancher01.fmt01.rancher.com]
INFO[0000] [hosts] Cleaning up host [ha-rancher01.fmt01.rancher.com]
INFO[0000] [hosts] Running cleaner container on host [ha-rancher01.fmt01.rancher.com]
INFO[0000] [kube-cleaner] Pulling image [rancher/rke-tools:v0.1.15] on host [ha-rancher01.fmt01.rancher.com]
INFO[0004] [kube-cleaner] Successfully pulled image [rancher/rke-tools:v0.1.15] on host [ha-rancher01.fmt01.rancher.com]
INFO[0004] [kube-cleaner] Successfully started [kube-cleaner] container on host [ha-rancher01.fmt01.rancher.com]
INFO[0004] [hosts] Removing cleaner container on host [ha-rancher01.fmt01.rancher.com]
INFO[0004] [hosts] Removing dead container logs on host [ha-rancher01.fmt01.rancher.com]
INFO[0005] [cleanup] Successfully started [rke-log-cleaner] container on host [ha-rancher01.fmt01.rancher.com]
INFO[0005] [remove/rke-log-cleaner] Successfully removed container on host [ha-rancher01.fmt01.rancher.com]
INFO[0005] [hosts] Successfully cleaned up host [ha-rancher01.fmt01.rancher.com]
INFO[0005] [etcd] Restoring [single-node-etcd-snapshot] snapshot on etcd host [ha-rancher01.fmt01.rancher.com]
INFO[0005] [etcd] Pulling image [rancher/coreos-etcd:v3.2.18] on host [ha-rancher01.fmt01.rancher.com]
INFO[0007] [etcd] Successfully pulled image [rancher/coreos-etcd:v3.2.18] on host [ha-rancher01.fmt01.rancher.com]
INFO[0007] [etcd] Successfully started [etcd-restore] container on host [ha-rancher01.fmt01.rancher.com]
INFO[0007] [etcd] Building up etcd plane..
INFO[0007] [etcd] Successfully started [etcd] container on host [ha-rancher01.fmt01.rancher.com]
INFO[0007] [etcd] Saving snapshot [etcd-rolling-snapshots] on host [ha-rancher01.fmt01.rancher.com]
INFO[0007] [etcd] Successfully started [etcd-rolling-snapshots] container on host [ha-rancher01.fmt01.rancher.com]
INFO[0012] [certificates] Successfully started [rke-bundle-cert] container on host [ha-rancher01.fmt01.rancher.com]
INFO[0013] [certificates] successfully saved certificate bundle [/opt/rke/etcd-snapshots//pki.bundle.tar.gz] on host [ha-rancher01.fmt01.rancher.com]
INFO[0013] [etcd] Successfully started [rke-log-linker] container on host [ha-rancher01.fmt01.rancher.com]
INFO[0013] [remove/rke-log-linker] Successfully removed container on host [ha-rancher01.fmt01.rancher.com]
INFO[0013] [etcd] Successfully started etcd plane..
INFO[0013] [certificates] Successfully started [rke-bundle-cert] container on host [ha-rancher01.fmt01.rancher.com]
INFO[0013] [certificates] successfully extracted certificate bundle on host [ha-rancher01.fmt01.rancher.com] to backup path [/etc/kubernetes/.tmp/]
INFO[0013] Finished restoring snapshot [single-node-etcd-snapshot] on all etcd hosts
此時(shí),您可以運(yùn)行rke up --config rancher-cluster.yml,并進(jìn)行其他HA安裝步驟。強(qiáng)烈建議您立即更改Rancher的DNS記錄,以便在根據(jù)HA說(shuō)明安裝后,您的用戶集群可以連接回Rancher。因此,您可能需要兩次運(yùn)行rke up --config rancher-cluster.yml以確保所有插件運(yùn)行都成功。
在成功安裝Kubernetes并將Rancher單節(jié)點(diǎn)備份恢復(fù)到您的實(shí)例后,您可以將其他HA實(shí)例添加到rancher-cluster.yml并運(yùn)行rke up --config rancher-cluster.yml以將這些節(jié)點(diǎn)添加到您的集群。
此時(shí),您可以使用此處的文檔繼續(xù)安裝Rancher:
https://rancher.com/docs/rancher/v2.x/en/installation/ha/helm-init/
清 理
遷移成功之后就可以開始進(jìn)行清理工作了。您可以從單個(gè)節(jié)點(diǎn)實(shí)例中移除Rancher容器,也可以直接完全刪除實(shí)例。
[root@single-node-rancher ~]# docker rm <RANCHER_CONTAINER_NAME>
回 滾
如果遷移不成功,可以通過(guò)以下兩個(gè)條件實(shí)現(xiàn)回滾:
將server-url的DNS條目更改回單節(jié)點(diǎn)Rancher實(shí)例;
[root@single-node-rancher ~]# docker start <RANCHER_CONTAINER_NAME>
免責(zé)聲明:本站發(fā)布的內(nèi)容(圖片、視頻和文字)以原創(chuàng)、轉(zhuǎn)載和分享為主,文章觀點(diǎn)不代表本網(wǎng)站立場(chǎng),如果涉及侵權(quán)請(qǐng)聯(lián)系站長(zhǎng)郵箱:is@yisu.com進(jìn)行舉報(bào),并提供相關(guān)證據(jù),一經(jīng)查實(shí),將立刻刪除涉嫌侵權(quán)內(nèi)容。