前言
针对生产环境无法联网的前提,离线部署Rancher + K8S 。 主要思路是
- 1、搭建本地私有仓库(nexus)
- 2、离线部署好各服务器的docker 后,指定镜像源为本地仓库(register)
- 3、上传所有rancher、rancher-rke等相关镜像(务必收集齐全)
- 4、docker pull rancher / rke工具离线部署k8s集群
官方文档:https://rancher.com/docs/rancher/v2.x/en/installation/
所有需要下载的内容,如下所示
$ tree --du -hFC -I *.rpm
.
├── [ 35M] helm*
├── [ 289] kernel-upgrade-reboot.sh
├── [ 41M] kubectl*
├── [3.3K] nginx.conf
├── [2.5K] rancher-images.txt
├── [1.1K] rancher-load-images.sh
├── [ 785] rancher-save-images.sh
├── [ 36M] rke*
├── [8.0K] rpm-ceph/
├── [ 244] rpm-jdk-docker/
├── [4.3K] rpm-kernel/
│ └── [ 289] kernel-upgrade-reboot.sh
├── [1.8G] tar/
│ ├── [200M] centos.tar
│ ├── [147M] cephfs-provisioner.tar.gz
│ ├── [3.6K] cert-manager-0.2.2.tgz
│ ├── [531M] elasticsearch.tar
│ ├── [ 12M] helm-v2.2.3-linux-amd64.tar.gz
│ ├── [555M] kibana6.2.4.tar
│ ├── [120M] nexus-3.14.0-04-unix.tar.gz
│ ├── [225M] nginx-tomcat.tar.gz
│ ├── [4.0K] rancher-2.2.2.tgz
│ └── [ 81M] tiller.tar
├── [ 35M] tiller*
├── [5.3K] tls/
│ ├── [1.3K] cacerts.pem
│ ├── [1.3K] tls.crt
│ ├── [1.1K] tls.csr
│ └── [1.6K] tls.key
└── [ 16K] yaml/
├── [4.0K] cluster.yml
├── [2.9K] elasticsearch.yaml
├── [2.6K] external-storage-cephfs-provisioner.yaml
├── [2.6K] jenkins-host.sh
├── [ 341] jenkins-svc.yaml
├── [1.9K] jenkins.yaml
└── [1.4K] kibana.yaml
$ du -h -d 1
4.4G ./tar
120M ./rpm-kernel
77M ./rpm-ceph
200M ./rpm-jdk-docker
32K ./yaml
20K ./tls
8.2G .
附单独下载地址/方法:
docker下载
wget https://yum.dockerproject.org/repo/main/centos/7/Packages/docker-engine-1.13.1-1.el7.centos.x86_64.rpm
wget https://yum.dockerproject.org/repo/main/centos/7/Packages/docker-engine-selinux-1.13.1-1.el7.centos.noarch.rpm
nexus下载
wget https://sonatype-download.global.ssl.fastly.net/repository/repositoryManager/3/nexus-3.14.0-04-unix.tar.gz
kubectl 下载
https://storage.googleapis.com/kubernetes-release/release/v1.14.1/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl
https://storage.googleapis.com/kubernetes-helm/helm-v2.2.3-linux-amd64.tar.gz
curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl
rke工具下载
wget https://github.com/rancher/rke/releases/download/v0.2.2/rke_linux-amd64
mv rke_linux-amd64 /usr/local/bin/rke
rancher镜像
官方镜像下载工具及列表:
- https://github.com/rancher/rancher/releases/download/v2.2.2/rancher-load-images.sh
- https://github.com/rancher/rancher/releases/download/v2.2.2/rancher-save-images.sh
- https://github.com/rancher/rancher/releases/download/v2.2.2/rancher-images.txt
本次使用的是v2.2.2 stable,如果以后有更新或者想使用旧版,请自行到官方GitHub更新IMAGES-LIST
用法
rancher-save-image.sh
[root@python3 images]# sh rancher-save-images.sh -h
USAGE: rancher-save-images.sh [--image-list rancher-images.txt] [--images rancher-images.tar.gz]
[-l|--images-list path] text file with list of images. 1 per line.
[-l|--images path] tar.gz generated by docker save.
[-h|--help] Usage message
rke config --system-images >> ./rancher-images.txt
sort -u rancher-images.txt -o rancher-images.txt
sh rancher-save-images.sh --image-list rancher-images.txt --images rancher-images.tar.gz
服务部署
上传解压
按照服务器功能划分,上传对应压缩包到部署服务器解压。部署对应服务:
部署nexus服务
rpm -ivh ./jdk-8u121-linux-x64.rpm
echo '
export JAVA_HOME=/usr/java/jdk1.8.0_121
export JRE_HOME=/usr/java/jdk1.8.0_121/jre
export CLASSPATH=.:$JAVA_HOME/lib:$JRE_HOME/lib:$CLASSPATH
export PATH=$JAVA_HOME/bin:$PATH
' >> /etc/profile
source /etc/profile
java -version
tar -xvf nexus-3.14.0-04-unix.tar.gz
mv ./nexus-3.14.0-04 /usr/local/nexus
mv ./sonatype-work /usr/local/
useradd nexus
echo "nexus - nofile 65536" >> /etc/security/limits.conf
echo 'run_as_user="nexus"' > /usr/local/nexus/bin/nexus.rc
chown -R nexus:nexus /usr/local/nexus /usr/local/sonatype-work
cat << EOF >> /etc/systemd/system/nexus.service
[Unit]
Description=nexus service
After=network.target
[Service]
Type=forking
LimitNOFILE=65536
ExecStart=/usr/local/nexus/bin/nexus start
ExecStop=/usr/local/nexus/bin/nexus stop
User=nexus
Restart=on-abort
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl start nexus
systemctl enable nexus
# 看配置,启动时间比较长
tail -f /usr/local/sonatype-work/nexus3/log/nexus.log
配置Nexus
使用浏览器打开http://IP:8081/,用户名密码是admin:admin123
点击配置->Repositories->选择类型docker (hosted)-> 自定义一个名字 -> 填写端口