概述
最近在玩 Rancher, 先从最基本的功能玩起, 目前有几个已经搭建好的 K8S 集群, 需要批量导入, 发现官网已经有批量导入的文档了. 根据 Rancher v2.6 进行验证微调后总结经验.
1. Rancher UI 获取创建集群参数
访问
Rancher_URL/v3/clusters/
,单击右上角“Create”,创建导入集群:在参数填写页面中,修改以下参数:
dockerRootDir
默认为/var/lib/docker
,如果 dockerroot 路径有修改,需要修改此配置路径;enableClusterAlerting
(可选) 根据需要选择是否默认开启集群告警;enableClusterMonitoring
(可选) 根据需要选择是否默认开启集群监控;name
(必填) 设置集群名称,名称具有唯一性,不能与现有集群名称相同;
配置好参数后单击
Show Request
;在弹出的窗口中,复制
API Request
中HTTP Request:
的{}
中的内容,此内容即为创建的集群的 API 参数;
#!/bin/bash
api_url='https://rancher-demo.example.com'
api_token='token-dbkgj:7pqf5rrjmlxxxxxxxxxxxxxxxxxxxxxxxtrnfljwtxh'
cluster_name=$1
create_cluster_data()
{
cat <<EOF
{
"agentEnvVars": [ ],
"aksConfig": null,
"aliyunEngineConfig": null,
"amazonElasticContainerServiceConfig": null,
"answers": null,
"azureKubernetesServiceConfig": null,
"clusterTemplateRevisionId": "",
"defaultClusterRoleForProjectMembers": "",
"defaultPodSecurityPolicyTemplateId": "",
"dockerRootDir": "/var/lib/docker",
"eksConfig": null,
"enableClusterAlerting": false,
"enableClusterMonitoring": false,
"gkeConfig": null,
"googleKubernetesEngineConfig": null,
"huaweiEngineConfig": null,
"k3sConfig": null,
"localClusterAuthEndpoint": null,
"name": "$cluster_name",
"rancherKubernetesEngineConfig": null,
"rke2Config": null,
"scheduledClusterScan": null,
"windowsPreferedCluster": false
}
EOF
}
curl -k -X POST \
-H "Authorization: Bearer ${api_token}" \
-H "Content-Type: application/json" \
-d "$(create_cluster_data)" $api_url/v3/clusters
2. 创建集群
保存以上代码为脚本文件,最后执行脚本。
./rancher_import_cluster.sh <your-cluster-name>
脚本执行完成后,集群状态如下所示,其状态为
Provisioning;
3. 创建注册命令
这一步可能不需要, 创建集群时就会自动生成 clusterregistrationtokens
这里又生成了一遍, 会导致有多条 clusterregistrationtokens
4. 获取主机注册命令
复制并保存以下内容为脚本文件,修改前三行api_url
、token
、cluster_name
,然后执行脚本。
#!/bin/bash
api_url='https://rancher-demo.example.com'
api_token='token-dbkgj:7pqf5rrjmlbgtssssssssssssssssssssssssssssnfljwtxh'
cluster_name=$1
cluster_ID=$( curl -s -k -H "Authorization: Bearer ${api_token}" $api_url/v3/clusters | jq -r ".data[] | select(.name == \"$cluster_name\") | .id" )
# nodeCommand
#curl -s -k -H "Authorization: Bearer ${api_token}" $api_url/v3/clusters/${cluster_ID}/clusterregistrationtokens | jq -r .data[].nodeCommand
# command
#curl -s -k -H "Authorization: Bearer ${api_token}" $api_url/v3/clusters/${cluster_ID}/clusterregistrationtokens | jq -r .data[].command
# insecureCommand
curl -s -k -H "Authorization: Bearer ${api_token}" $api_url/v3/clusters/${cluster_ID}/clusterregistrationtokens | jq -r .data[].insecureCommand
📝Notes:
这里看需要, 有 3 种命令:
nodeCommand
: 直接通过 docker 来执行的;command
: 通过kubectl
来执行的;insecureCommand
: 私有 CA 证书, 通过curl
结合kubectl
来执行的.这里我使用了第三种
AllInOne
#!/bin/bash
api_url='https://rancher-demo.example.com'
api_token='token-dbkgj:7pqf5rrjxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxljwtxh'
cluster_name=$1
create_cluster_data()
{
cat <<EOF
{
"agentEnvVars": [ ],
"aksConfig": null,
"aliyunEngineConfig": null,
"amazonElasticContainerServiceConfig": null,
"answers": null,
"azureKubernetesServiceConfig": null,
"clusterTemplateRevisionId": "",
"defaultClusterRoleForProjectMembers": "",
"defaultPodSecurityPolicyTemplateId": "",
"dockerRootDir": "/var/lib/docker",
"eksConfig": null,
"enableClusterAlerting": false,
"enableClusterMonitoring": false,
"gkeConfig": null,
"googleKubernetesEngineConfig": null,
"huaweiEngineConfig": null,
"k3sConfig": null,
"localClusterAuthEndpoint": null,
"name": "$cluster_name",
"rancherKubernetesEngineConfig": null,
"rke2Config": null,
"scheduledClusterScan": null,
"windowsPreferedCluster": false
}
EOF
}
curl -k -X POST \
-H "Authorization: Bearer ${api_token}" \
-H "Content-Type: application/json" \
-d "$(create_cluster_data)" $api_url/v3/clusters >/dev/null
if [ $? -eq 0 ]; then
cluster_ID=$( curl -s -k -H "Authorization: Bearer ${api_token}" $api_url/v3/clusters | jq -r ".data[] | select(.name == \"$cluster_name\") | .id" )
# insecureCommand
curl -s -k -H "Authorization: Bearer ${api_token}" $api_url/v3/clusters/${cluster_ID}/clusterregistrationtokens | jq -r .data[].insecureCommand
echo "Please execute the above command in the imported cluster to complete the process."
else
echo "Import cluster in rancher failed"
fi
./rancher_import_cluster.sh <your-cluster-name>
执行后会输出一条命令, 在被导入集群上执行如下命令:
# curl --insecure -sfL https://rancher-demo.example.com/v3/import/lzxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxqm6v4lp576c6mg_c-vwv5l.yaml | kubectl apply -f -
clusterrole.rbac.authorization.k8s.io/proxy-clusterrole-kubeapiserver created
clusterrolebinding.rbac.authorization.k8s.io/proxy-role-binding-kubernetes-master created
namespace/cattle-system created
serviceaccount/cattle created
clusterrolebinding.rbac.authorization.k8s.io/cattle-admin-binding created
secret/cattle-credentials-ec53bfa created
clusterrole.rbac.authorization.k8s.io/cattle-admin created
deployment.apps/cattle-cluster-agent created
service/cattle-cluster-agent created
即可导入成功.
🎉🎉🎉
📝TODO:
后面再把登录到对应集群的 master 机器, 并执行命令纳入脚本.
系列文章
📚️参考文档
三人行, 必有我师; 知识共享, 天下为公. 本文由东风微鸣技术博客 EWhisper.cn 编写.