1 Control Plane + etcd
3 Worker


[root@localhost ~]# rke config --name cluster.yml
[+] Cluster Level SSH Private Key Path [~/.ssh/id_rsa]: 
[+] Number of Hosts [1]: 4
[+] SSH Address of host (1) [none]:
[+] SSH Port of host (1) [22]: 
[+] SSH Private Key Path of host ( [none]: ~/.ssh/id_rsa
[+] SSH User of host ( [ubuntu]: deployer
[+] Is host ( a Control Plane host (y/n)? [y]: y
[+] Is host ( a Worker host (y/n)? [n]: n
[+] Is host ( an etcd host (y/n)? [n]: y
[+] Override Hostname of host ( [none]: k8s-cluster01-01
[+] Internal IP of host ( [none]: 
[+] Docker socket path on host ( [/var/run/docker.sock]: 
[+] SSH Address of host (2) [none]:
[+] SSH Port of host (2) [22]: 
[+] SSH Private Key Path of host ( [none]: ~/.ssh/id_rsa
[+] SSH User of host ( [ubuntu]: deployer
[+] Is host ( a Control Plane host (y/n)? [y]: n
[+] Is host ( a Worker host (y/n)? [n]: y
[+] Is host ( an etcd host (y/n)? [n]: n
[+] Override Hostname of host ( [none]: k8s-cluster01-02
[+] Internal IP of host ( [none]: 
[+] Docker socket path on host ( [/var/run/docker.sock]: 
[+] SSH Address of host (3) [none]:
[+] SSH Port of host (3) [22]: 
[+] SSH Private Key Path of host ( [none]: ~/.ssh/id_rsa
[+] SSH User of host ( [ubuntu]: deployer
[+] Is host ( a Control Plane host (y/n)? [y]: n
[+] Is host ( a Worker host (y/n)? [n]: y
[+] Is host ( an etcd host (y/n)? [n]: n
[+] Override Hostname of host ( [none]: k8s-cluster01-03
[+] Internal IP of host ( [none]: 
[+] Docker socket path on host ( [/var/run/docker.sock]: 
[+] SSH Address of host (4) [none]:
[+] SSH Port of host (4) [22]: 
[+] SSH Private Key Path of host ( [none]: ~/.ssh/id_rsa
[+] SSH User of host ( [ubuntu]: deployer
[+] Is host ( a Control Plane host (y/n)? [y]: n
[+] Is host ( a Worker host (y/n)? [n]: y
[+] Is host ( an etcd host (y/n)? [n]: n
[+] Override Hostname of host ( [none]: k8s-cluster01-04
[+] Internal IP of host ( [none]: 
[+] Docker socket path on host ( [/var/run/docker.sock]: 
[+] Network Plugin Type (flannel, calico, weave, canal, aci) [canal]: flannel
[+] Authentication Strategy [x509]: 
[+] Authorization Mode (rbac, none) [rbac]: 
[+] Kubernetes Docker image [rancher/hyperkube:v1.20.5-rancher1]: rancher/hyperkube:v1.19.9-rancher1
[+] Cluster domain [cluster.local]: 
[+] Service Cluster IP Range []: 
[+] Enable PodSecurityPolicy [n]: 
[+] Cluster Network CIDR []: 
[+] Cluster DNS Service IP []: 
[+] Add addon manifest URLs or YAML files [no]: 
[root@localhost ~]#

Rancher Kubernetes Docker image版本可选参数


New Images in v1.20.5-rancher1-1, v1.19.9-rancher1-1 and v1.18.16-rancher1-1
Updated Hyperkube Image based on k8s versions



[root@localhost ~]# cat cluster.yml
# If you intened to deploy Kubernetes in an air-gapped environment,
# please consult the documentation on how to configure custom RKE images.
- address:
  port: "22"
  internal_address: ""
  - controlplane
  - etcd
  hostname_override: k8s-cluster01-01
  user: deployer
  docker_socket: /var/run/docker.sock
  ssh_key: ""
  ssh_key_path: ~/.ssh/id_rsa
  ssh_cert: ""
  ssh_cert_path: ""
  labels: {}
  taints: []
- address:
  port: "22"
  internal_address: ""
  - worker
  hostname_override: k8s-cluster01-02
  user: deployer
  docker_socket: /var/run/docker.sock
  ssh_key: ""
  ssh_key_path: ~/.ssh/id_rsa
  ssh_cert: ""
  ssh_cert_path: ""
  labels: {}
  taints: []
- address:
  port: "22"
  internal_address: ""
  - worker
  hostname_override: k8s-cluster01-03
  user: deployer
  docker_socket: /var/run/docker.sock
  ssh_key: ""
  ssh_key_path: ~/.ssh/id_rsa
  ssh_cert: ""
  ssh_cert_path: ""
  labels: {}
  taints: []
- address:
  port: "22"
  internal_address: ""
  - worker
  hostname_override: k8s-cluster01-04
  user: deployer
  docker_socket: /var/run/docker.sock
  ssh_key: ""
  ssh_key_path: ~/.ssh/id_rsa
  ssh_cert: ""
  ssh_cert_path: ""
  labels: {}
  taints: []
    image: ""
    extra_args: {}
    extra_binds: []
    extra_env: []
    win_extra_args: {}
    win_extra_binds: []
    win_extra_env: []
    external_urls: []
    ca_cert: ""
    cert: ""
    key: ""
    path: ""
    uid: 0
    gid: 0
    snapshot: null
    retention: ""
    creation: ""
    backup_config: null
    image: ""
    extra_args: {}
    extra_binds: []
    extra_env: []
    win_extra_args: {}
    win_extra_binds: []
    win_extra_env: []
    service_node_port_range: ""
    pod_security_policy: false
    always_pull_images: false
    secrets_encryption_config: null
    audit_log: null
    admission_configuration: null
    event_rate_limit: null
    image: ""
    extra_args: {}
    extra_binds: []
    extra_env: []
    win_extra_args: {}
    win_extra_binds: []
    win_extra_env: []
    image: ""
    extra_args: {}
    extra_binds: []
    extra_env: []
    win_extra_args: {}
    win_extra_binds: []
    win_extra_env: []
    image: ""
    extra_args: {}
    extra_binds: []
    extra_env: []
    win_extra_args: {}
    win_extra_binds: []
    win_extra_env: []
    cluster_domain: cluster.local
    infra_container_image: ""
    fail_swap_on: false
    generate_serving_certificate: false
    image: ""
    extra_args: {}
    extra_binds: []
    extra_env: []
    win_extra_args: {}
    win_extra_binds: []
    win_extra_env: []
  plugin: flannel
  options: {}
  mtu: 0
  node_selector: {}
  update_strategy: null
  tolerations: []
  strategy: x509
  sans: []
  webhook: null
addons: ""
addons_include: []
  etcd: rancher/coreos-etcd:v3.4.14-rancher1
  alpine: rancher/rke-tools:v0.1.72
  nginx_proxy: rancher/rke-tools:v0.1.72
  cert_downloader: rancher/rke-tools:v0.1.72
  kubernetes_services_sidecar: rancher/rke-tools:v0.1.72
  kubedns: rancher/k8s-dns-kube-dns:1.15.10
  dnsmasq: rancher/k8s-dns-dnsmasq-nanny:1.15.10
  kubedns_sidecar: rancher/k8s-dns-sidecar:1.15.10
  kubedns_autoscaler: rancher/cluster-proportional-autoscaler:1.8.1
  coredns: rancher/coredns-coredns:1.8.0
  coredns_autoscaler: rancher/cluster-proportional-autoscaler:1.8.1
  nodelocal: rancher/k8s-dns-node-cache:1.15.13
  kubernetes: rancher/hyperkube:v1.19.9-rancher1
  flannel: rancher/coreos-flannel:v0.13.0-rancher1
  flannel_cni: rancher/flannel-cni:v0.3.0-rancher6
  calico_node: rancher/calico-node:v3.17.2
  calico_cni: rancher/calico-cni:v3.17.2
  calico_controllers: rancher/calico-kube-controllers:v3.17.2
  calico_ctl: rancher/calico-ctl:v3.17.2
  calico_flexvol: rancher/calico-pod2daemon-flexvol:v3.17.2
  canal_node: rancher/calico-node:v3.17.2
  canal_cni: rancher/calico-cni:v3.17.2
  canal_controllers: rancher/calico-kube-controllers:v3.17.2
  canal_flannel: rancher/coreos-flannel:v0.13.0-rancher1
  canal_flexvol: rancher/calico-pod2daemon-flexvol:v3.17.2
  weave_node: weaveworks/weave-kube:2.8.1
  weave_cni: weaveworks/weave-npc:2.8.1
  pod_infra_container: rancher/pause:3.2
  ingress: rancher/nginx-ingress-controller:nginx-0.43.0-rancher1
  ingress_backend: rancher/nginx-ingress-controller-defaultbackend:1.5-rancher1
  metrics_server: rancher/metrics-server:v0.4.1
  windows_pod_infra_container: rancher/kubelet-pause:v0.1.6
  aci_cni_deploy_container: noiro/cnideploy:
  aci_host_container: noiro/aci-containers-host:
  aci_opflex_container: noiro/opflex:
  aci_mcast_container: noiro/opflex:
  aci_ovs_container: noiro/openvswitch:
  aci_controller_container: noiro/aci-containers-controller:
  aci_gbp_server_container: noiro/gbp-server:
  aci_opflex_server_container: noiro/opflex-server:
ssh_key_path: ~/.ssh/id_rsa
ssh_cert_path: ""
ssh_agent_auth: false
  mode: rbac
  options: {}
ignore_docker_version: null
kubernetes_version: ""
private_registries: []
  provider: ""
  options: {}
  node_selector: {}
  extra_args: {}
  dns_policy: ""
  extra_envs: []
  extra_volumes: []
  extra_volume_mounts: []
  update_strategy: null
  http_port: 0
  https_port: 0
  network_mode: ""
  tolerations: []
  default_backend: null
  default_http_backend_priority_class_name: ""
  nginx_ingress_controller_priority_class_name: ""
cluster_name: ""
  name: ""
prefix_path: ""
win_prefix_path: ""
addon_job_timeout: 0
  address: ""
  port: ""
  user: ""
  ssh_key: ""
  ssh_key_path: ""
  ssh_cert: ""
  ssh_cert_path: ""
  provider: ""
  options: {}
  node_selector: {}
  update_strategy: null
  replicas: null
  tolerations: []
  metrics_server_priority_class_name: ""
  restore: false
  snapshot_name: ""
rotate_encryption_key: false
dns: null
[root@localhost ~]#




[root@localhost ~]# kubectl version --client
Client Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.9", GitCommit:"9dd794e454ac32d97cde41ae10be801ae98f75df", GitTreeState:"clean", BuildDate:"2021-03-18T01:09:28Z", GoVersion:"go1.15.8", Compiler:"gc", Platform:"linux/amd64"}
[root@localhost ~]# kubectl --kubeconfig kube_config_cluster.yml get nodes -o wide
k8s-cluster01-01   Ready    controlplane,etcd   33m   v1.19.9   <none>        CentOS Linux 8   4.18.0-240.el8.x86_64   docker://19.3.15
k8s-cluster01-02   Ready    worker              33m   v1.19.9   <none>        CentOS Linux 8   4.18.0-240.el8.x86_64   docker://19.3.15
k8s-cluster01-03   Ready    worker              32m   v1.19.9   <none>        CentOS Linux 8   4.18.0-240.el8.x86_64   docker://19.3.15
k8s-cluster01-04   Ready    worker              33m   v1.19.9   <none>        CentOS Linux 8   4.18.0-240.el8.x86_64   docker://19.3.15
[root@localhost ~]#


节点主机名及IP信息 rancher-01 rancher-02 rancher-03


sed -i 's/^SELINUX=enforcing$/SELINUX=disabled/' /etc/selinux/config;
echo " rancher-01">>/etc/hosts;
echo " rancher-02">>/etc/hosts;
echo " rancher-03">>/etc/hosts;
init 6


curl https://releases.rancher.com/install-docker/18.09.sh | sh;
useradd rancher;
usermod -aG docker rancher
echo "rancherpwd" | passwd --stdin rancher



[root@rancher-01 ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:sfL3YnyrNZsioS3ThuOTRME7AIyLxm4Yq396LAaeQOY root@rancher-01
The key's randomart image is:
+---[RSA 2048]----+
| o.. .           |
|. . . o          |
|o.   . o.        |
|+=    +  o       |
|Bo   ...S        |
|=E    .o.        |
|=... . *.o. o    |
|.oo + O =.=o.+   |
| oo= ..* o.==.   |
[root@rancher-01 ~]#


[root@rancher-01 ~]# ssh-copy-id -i .ssh/id_rsa.pub rancher@rancher-01
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: ".ssh/id_rsa.pub"
The authenticity of host 'rancher-01 (::1)' can't be established.
ECDSA key fingerprint is SHA256:NTaQJddPf6G3saQd2d6iQnF+Txp6YpkwhyiNuSImgNg.
ECDSA key fingerprint is MD5:ee:13:1b:70:95:ab:28:30:20:38:64:69:44:bd:1a:4a.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
rancher@rancher-01's password:

Number of key(s) added: 1

Now try logging into the machine, with: "ssh 'rancher@rancher-01'"
and check to make sure that only the key(s) you wanted were added.

[root@rancher-01 ~]# ssh-copy-id -i .ssh/id_rsa.pub rancher@rancher-02
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: ".ssh/id_rsa.pub"
The authenticity of host 'rancher-02 (' can't be established.
ECDSA key fingerprint is SHA256:bZ2ZGx9IIzSGC2fkMEtWULbau8RcAeOOCwh+4QOMU2g.
ECDSA key fingerprint is MD5:48:d9:55:3c:9e:91:8a:47:c1:1a:3e:77:c7:f2:21:a7.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
rancher@rancher-02's password:

Number of key(s) added: 1

Now try logging into the machine, with: "ssh 'rancher@rancher-02'"
and check to make sure that only the key(s) you wanted were added.

[root@rancher-01 ~]# ssh-copy-id -i .ssh/id_rsa.pub rancher@rancher-03
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: ".ssh/id_rsa.pub"
The authenticity of host 'rancher-03 (' can't be established.
ECDSA key fingerprint is SHA256:74nZvSQC34O7LrXlRzu/k0MsQzFcucn/n6c8X9CREwM.
ECDSA key fingerprint is MD5:37:2c:97:0e:d2:8e:4b:f5:7e:c5:b2:34:b5:f2:86:60.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
rancher@rancher-03's password:

Number of key(s) added: 1

Now try logging into the machine, with: "ssh 'rancher@rancher-03'"
and check to make sure that only the key(s) you wanted were added.

[root@rancher-01 ~]#

下载安装RKE(Rancher Kubernetes Engine)

[root@rancher-01 ~]# yum -y install wget
[root@rancher-01 ~]# wget https://github.com/rancher/rke/releases/download/v1.1.2/rke_linux-amd64
[root@rancher-01 ~]# ls
anaconda-ks.cfg original-ks.cfg rke_linux-arm64
[root@rancher-01 ~]# mv rke_linux-amd64 /usr/bin/rke
[root@rancher-01 ~]# chmod +x /usr/bin/rke


[root@rancher-01 ~]# rke --version
rke version v1.1.2
[root@rancher-01 ~]#

生成RKE集权配置文件(OpenSSH Server版本6.7及以上,禁止使用root用户,需指定docker socket路径/var/run/docker.sock)

[root@rancher-01 ~]# rke config --name cluster.yml
[+] Cluster Level SSH Private Key Path [~/.ssh/id_rsa]:
[+] Number of Hosts [1]: 3
[+] SSH Address of host (1) [none]:
[+] SSH Port of host (1) [22]:
[+] SSH Private Key Path of host ( [none]:
[-] You have entered empty SSH key path, trying fetch from SSH key parameter
[+] SSH Private Key of host ( [none]: ^C
[root@rancher-01 ~]# rke config --name cluster.yml
[+] Cluster Level SSH Private Key Path [~/.ssh/id_rsa]:
[+] Number of Hosts [1]: 3
[+] SSH Address of host (1) [none]:
[+] SSH Port of host (1) [22]:
[+] SSH Private Key Path of host ( [none]: ~/.ssh/id_rsa
[+] SSH User of host ( [ubuntu]: rancher
[+] Is host ( a Control Plane host (y/n)? [y]:
[+] Is host ( a Worker host (y/n)? [n]:
[+] Is host ( an etcd host (y/n)? [n]: y
[+] Override Hostname of host ( [none]: rancher-01
[+] Internal IP of host ( [none]:
[+] Docker socket path on host ( [/var/run/docker.sock]:
[+] SSH Address of host (2) [none]:
[+] SSH Port of host (2) [22]:
[+] SSH Private Key Path of host ( [none]: ~/.ssh/id_rsa
[+] SSH User of host ( [ubuntu]: rancher
[+] Is host ( a Control Plane host (y/n)? [y]: n
[+] Is host ( a Worker host (y/n)? [n]: y
[+] Is host ( an etcd host (y/n)? [n]:
[+] Override Hostname of host ( [none]: rancher-02
[+] Internal IP of host ( [none]:
[+] Docker socket path on host ( [/var/run/docker.sock]:
[+] SSH Address of host (3) [none]:
[+] SSH Port of host (3) [22]:
[+] SSH Private Key Path of host ( [none]: ~/.ssh/id_rsa
[+] SSH User of host ( [ubuntu]: rancher
[+] Is host ( a Control Plane host (y/n)? [y]: n
[+] Is host ( a Worker host (y/n)? [n]: y
[+] Is host ( an etcd host (y/n)? [n]:
[+] Override Hostname of host ( [none]: rancher-03
[+] Internal IP of host ( [none]:
[+] Docker socket path on host ( [/var/run/docker.sock]:
[+] Network Plugin Type (flannel, calico, weave, canal) [canal]:
[+] Authentication Strategy [x509]:
[+] Authorization Mode (rbac, none) [rbac]:
[+] Kubernetes Docker image [rancher/hyperkube:v1.17.6-rancher2]:
[+] Cluster domain [cluster.local]:
[+] Service Cluster IP Range []:
[+] Enable PodSecurityPolicy [n]:
[+] Cluster Network CIDR []:
[+] Cluster DNS Service IP []:
[+] Add addon manifest URLs or YAML files [no]:
[root@rancher-01 ~]#


[root@rancher-01 ~]# cat cluster.yml
# If you intened to deploy Kubernetes in an air-gapped environment,
# please consult the documentation on how to configure custom RKE images.
- address:
  port: "22"
  - controlplane
  - etcd
  hostname_override: rancher-01
  user: rancher
  docker_socket: /var/run/docker.sock
  ssh_key: ""
  ssh_key_path: ~/.ssh/id_rsa
  ssh_cert: ""
  ssh_cert_path: ""
  labels: {}
  taints: []
- address:
  port: "22"
  - worker
  hostname_override: rancher-02
  user: rancher
  docker_socket: /var/run/docker.sock
  ssh_key: ""
  ssh_key_path: ~/.ssh/id_rsa
  ssh_cert: ""
  ssh_cert_path: ""
  labels: {}
  taints: []
- address:
  port: "22"
  - worker
  hostname_override: rancher-03
  user: rancher
  docker_socket: /var/run/docker.sock
  ssh_key: ""
  ssh_key_path: ~/.ssh/id_rsa
  ssh_cert: ""
  ssh_cert_path: ""
  labels: {}
  taints: []
    image: ""
    extra_args: {}
    extra_binds: []
    extra_env: []
    external_urls: []
    ca_cert: ""
    cert: ""
    key: ""
    path: ""
    uid: 0
    gid: 0
    snapshot: null
    retention: ""
    creation: ""
    backup_config: null
    image: ""
    extra_args: {}
    extra_binds: []
    extra_env: []
    service_node_port_range: ""
    pod_security_policy: false
    always_pull_images: false
    secrets_encryption_config: null
    audit_log: null
    admission_configuration: null
    event_rate_limit: null
    image: ""
    extra_args: {}
    extra_binds: []
    extra_env: []
    image: ""
    extra_args: {}
    extra_binds: []
    extra_env: []
    image: ""
    extra_args: {}
    extra_binds: []
    extra_env: []
    cluster_domain: cluster.local
    infra_container_image: ""
    fail_swap_on: false
    generate_serving_certificate: false
    image: ""
    extra_args: {}
    extra_binds: []
    extra_env: []
  plugin: canal
  options: {}
  mtu: 0
  node_selector: {}
  update_strategy: null
  strategy: x509
  sans: []
  webhook: null
addons: ""
addons_include: []
  etcd: rancher/coreos-etcd:v3.4.3-rancher1
  alpine: rancher/rke-tools:v0.1.56
  nginx_proxy: rancher/rke-tools:v0.1.56
  cert_downloader: rancher/rke-tools:v0.1.56
  kubernetes_services_sidecar: rancher/rke-tools:v0.1.56
  kubedns: rancher/k8s-dns-kube-dns:1.15.0
  dnsmasq: rancher/k8s-dns-dnsmasq-nanny:1.15.0
  kubedns_sidecar: rancher/k8s-dns-sidecar:1.15.0
  kubedns_autoscaler: rancher/cluster-proportional-autoscaler:1.7.1
  coredns: rancher/coredns-coredns:1.6.5
  coredns_autoscaler: rancher/cluster-proportional-autoscaler:1.7.1
  nodelocal: rancher/k8s-dns-node-cache:1.15.7
  kubernetes: rancher/hyperkube:v1.17.6-rancher2
  flannel: rancher/coreos-flannel:v0.11.0-rancher1
  flannel_cni: rancher/flannel-cni:v0.3.0-rancher6
  calico_node: rancher/calico-node:v3.13.4
  calico_cni: rancher/calico-cni:v3.13.4
  calico_controllers: rancher/calico-kube-controllers:v3.13.4
  calico_ctl: rancher/calico-ctl:v3.13.4
  calico_flexvol: rancher/calico-pod2daemon-flexvol:v3.13.4
  canal_node: rancher/calico-node:v3.13.4
  canal_cni: rancher/calico-cni:v3.13.4
  canal_flannel: rancher/coreos-flannel:v0.11.0
  canal_flexvol: rancher/calico-pod2daemon-flexvol:v3.13.4
  weave_node: weaveworks/weave-kube:2.6.4
  weave_cni: weaveworks/weave-npc:2.6.4
  pod_infra_container: rancher/pause:3.1
  ingress: rancher/nginx-ingress-controller:nginx-0.32.0-rancher1
  ingress_backend: rancher/nginx-ingress-controller-defaultbackend:1.5-rancher1
  metrics_server: rancher/metrics-server:v0.3.6
  windows_pod_infra_container: rancher/kubelet-pause:v0.1.3
ssh_key_path: ~/.ssh/id_rsa
ssh_cert_path: ""
ssh_agent_auth: false
  mode: rbac
  options: {}
ignore_docker_version: false
kubernetes_version: ""
private_registries: []
  provider: ""
  options: {}
  node_selector: {}
  extra_args: {}
  dns_policy: ""
  extra_envs: []
  extra_volumes: []
  extra_volume_mounts: []
  update_strategy: null
cluster_name: ""
  name: ""
prefix_path: ""
addon_job_timeout: 0
  address: ""
  port: ""
  user: ""
  ssh_key: ""
  ssh_key_path: ""
  ssh_cert: ""
  ssh_cert_path: ""
  provider: ""
  options: {}
  node_selector: {}
  update_strategy: null
  replicas: null
  restore: false
  snapshot_name: ""
dns: null
[root@rancher-01 ~]#


[root@rancher-01 ~]# rke up --config cluster.yml
INFO[0000] Running RKE version: v1.1.2
INFO[0000] Initiating Kubernetes cluster
INFO[0000] [dialer] Setup tunnel for host []
INFO[0000] [dialer] Setup tunnel for host []
INFO[0000] [dialer] Setup tunnel for host []
INFO[0000] Checking if container [cluster-state-deployer] is running on host [], try #1
INFO[0000] Pulling image [rancher/rke-tools:v0.1.56] on host [], try #1
INFO[0005] Image [rancher/rke-tools:v0.1.56] exists on host []
INFO[0005] Starting container [cluster-state-deployer] on host [], try #1
INFO[0005] [state] Successfully started [cluster-state-deployer] container on host []
INFO[0006] Checking if container [cluster-state-deployer] is running on host [], try #1
INFO[0006] Pulling image [rancher/rke-tools:v0.1.56] on host [], try #1
INFO[0012] Image [rancher/rke-tools:v0.1.56] exists on host []
INFO[0012] Starting container [cluster-state-deployer] on host [], try #1
INFO[0012] [state] Successfully started [cluster-state-deployer] container on host []
INFO[0012] Checking if container [cluster-state-deployer] is running on host [], try #1
INFO[0012] Pulling image [rancher/rke-tools:v0.1.56] on host [], try #1
INFO[0020] Image [rancher/rke-tools:v0.1.56] exists on host []
INFO[0020] Starting container [cluster-state-deployer] on host [], try #1
INFO[0021] [state] Successfully started [cluster-state-deployer] container on host []
INFO[0021] [certificates] Generating CA kubernetes certificates
INFO[0021] [certificates] Generating Kubernetes API server aggregation layer requestheader client CA certificates
INFO[0021] [certificates] GenerateServingCertificate is disabled, checking if there are unused kubelet certificates
INFO[0021] [certificates] Generating Kubernetes API server certificates
INFO[0022] [certificates] Generating Service account token key
INFO[0022] [certificates] Generating Kube Controller certificates
INFO[0022] [certificates] Generating Kube Scheduler certificates
INFO[0022] [certificates] Generating Kube Proxy certificates
INFO[0022] [certificates] Generating Node certificate
INFO[0022] [certificates] Generating admin certificates and kubeconfig
INFO[0022] [certificates] Generating Kubernetes API server proxy client certificates
INFO[0023] [certificates] Generating kube-etcd-10-138-218-141 certificate and key
INFO[0023] Successfully Deployed state file at [./cluster.rkestate]
INFO[0023] Building Kubernetes cluster
INFO[0023] [dialer] Setup tunnel for host []
INFO[0023] [dialer] Setup tunnel for host []
INFO[0023] [dialer] Setup tunnel for host []
INFO[0023] [network] Deploying port listener containers
INFO[0023] Image [rancher/rke-tools:v0.1.56] exists on host []
INFO[0023] Starting container [rke-etcd-port-listener] on host [], try #1
INFO[0024] [network] Successfully started [rke-etcd-port-listener] container on host []
INFO[0024] Image [rancher/rke-tools:v0.1.56] exists on host []
INFO[0024] Starting container [rke-cp-port-listener] on host [], try #1
INFO[0024] [network] Successfully started [rke-cp-port-listener] container on host []
INFO[0024] Image [rancher/rke-tools:v0.1.56] exists on host []
INFO[0024] Image [rancher/rke-tools:v0.1.56] exists on host []
INFO[0024] Starting container [rke-worker-port-listener] on host [], try #1
INFO[0024] Starting container [rke-worker-port-listener] on host [], try #1
INFO[0024] [network] Successfully started [rke-worker-port-listener] container on host []
INFO[0024] [network] Successfully started [rke-worker-port-listener] container on host []
INFO[0024] [network] Port listener containers deployed successfully
INFO[0024] [network] Running control plane -> etcd port checks
INFO[0024] Image [rancher/rke-tools:v0.1.56] exists on host []
INFO[0024] Starting container [rke-port-checker] on host [], try #1
INFO[0025] [network] Successfully started [rke-port-checker] container on host []
INFO[0025] Removing container [rke-port-checker] on host [], try #1
INFO[0025] [network] Running control plane -> worker port checks
INFO[0025] Image [rancher/rke-tools:v0.1.56] exists on host []
INFO[0025] Starting container [rke-port-checker] on host [], try #1
INFO[0025] [network] Successfully started [rke-port-checker] container on host []
INFO[0025] Removing container [rke-port-checker] on host [], try #1
INFO[0025] [network] Running workers -> control plane port checks
INFO[0025] Image [rancher/rke-tools:v0.1.56] exists on host []
INFO[0025] Image [rancher/rke-tools:v0.1.56] exists on host []
INFO[0025] Starting container [rke-port-checker] on host [], try #1
INFO[0025] Starting container [rke-port-checker] on host [], try #1
INFO[0025] [network] Successfully started [rke-port-checker] container on host []
INFO[0025] Removing container [rke-port-checker] on host [], try #1
INFO[0026] [network] Successfully started [rke-port-checker] container on host []
INFO[0026] Removing container [rke-port-checker] on host [], try #1
INFO[0026] [network] Checking KubeAPI port Control Plane hosts
INFO[0026] [network] Removing port listener containers
INFO[0026] Removing container [rke-etcd-port-listener] on host [], try #1
INFO[0026] [remove/rke-etcd-port-listener] Successfully removed container on host []
INFO[0026] Removing container [rke-cp-port-listener] on host [], try #1
INFO[0026] [remove/rke-cp-port-listener] Successfully removed container on host []
INFO[0026] Removing container [rke-worker-port-listener] on host [], try #1
INFO[0026] Removing container [rke-worker-port-listener] on host [], try #1
INFO[0026] [remove/rke-worker-port-listener] Successfully removed container on host []
INFO[0026] [remove/rke-worker-port-listener] Successfully removed container on host []
INFO[0026] [network] Port listener containers removed successfully
INFO[0026] [certificates] Deploying kubernetes certificates to Cluster nodes
INFO[0026] Checking if container [cert-deployer] is running on host [], try #1
INFO[0026] Checking if container [cert-deployer] is running on host [], try #1
INFO[0026] Checking if container [cert-deployer] is running on host [], try #1
INFO[0026] Image [rancher/rke-tools:v0.1.56] exists on host []
INFO[0026] Image [rancher/rke-tools:v0.1.56] exists on host []
INFO[0026] Image [rancher/rke-tools:v0.1.56] exists on host []
INFO[0026] Starting container [cert-deployer] on host [], try #1
INFO[0026] Starting container [cert-deployer] on host [], try #1
INFO[0026] Starting container [cert-deployer] on host [], try #1
INFO[0027] Checking if container [cert-deployer] is running on host [], try #1
INFO[0027] Checking if container [cert-deployer] is running on host [], try #1
INFO[0027] Checking if container [cert-deployer] is running on host [], try #1
INFO[0032] Checking if container [cert-deployer] is running on host [], try #1
INFO[0032] Removing container [cert-deployer] on host [], try #1
INFO[0032] Checking if container [cert-deployer] is running on host [], try #1
INFO[0032] Removing container [cert-deployer] on host [], try #1
INFO[0032] Checking if container [cert-deployer] is running on host [], try #1
INFO[0032] Removing container [cert-deployer] on host [], try #1
INFO[0032] [reconcile] Rebuilding and updating local kube config
INFO[0032] Successfully Deployed local admin kubeconfig at [./kube_config_cluster.yml]
INFO[0032] [certificates] Successfully deployed kubernetes certificates to Cluster nodes
INFO[0032] [file-deploy] Deploying file [/etc/kubernetes/audit-policy.yaml] to node []
INFO[0032] Image [rancher/rke-tools:v0.1.56] exists on host []
INFO[0032] Starting container [file-deployer] on host [], try #1
INFO[0032] Successfully started [file-deployer] container on host []
INFO[0032] Waiting for [file-deployer] container to exit on host []
INFO[0032] Waiting for [file-deployer] container to exit on host []
INFO[0032] Container [file-deployer] is still running on host []
INFO[0033] Waiting for [file-deployer] container to exit on host []
INFO[0033] Removing container [file-deployer] on host [], try #1
INFO[0033] [remove/file-deployer] Successfully removed container on host []
INFO[0033] [/etc/kubernetes/audit-policy.yaml] Successfully deployed audit policy file to Cluster control nodes
INFO[0033] [reconcile] Reconciling cluster state
INFO[0033] [reconcile] This is newly generated cluster
INFO[0033] Pre-pulling kubernetes images
INFO[0033] Pulling image [rancher/hyperkube:v1.17.6-rancher2] on host [], try #1
INFO[0033] Pulling image [rancher/hyperkube:v1.17.6-rancher2] on host [], try #1
INFO[0033] Pulling image [rancher/hyperkube:v1.17.6-rancher2] on host [], try #1
INFO[0065] Image [rancher/hyperkube:v1.17.6-rancher2] exists on host []
INFO[0071] Image [rancher/hyperkube:v1.17.6-rancher2] exists on host []
INFO[0080] Image [rancher/hyperkube:v1.17.6-rancher2] exists on host []
INFO[0080] Kubernetes images pulled successfully
INFO[0080] [etcd] Building up etcd plane..
INFO[0080] Image [rancher/rke-tools:v0.1.56] exists on host []
INFO[0080] Starting container [etcd-fix-perm] on host [], try #1
INFO[0081] Successfully started [etcd-fix-perm] container on host []
INFO[0081] Waiting for [etcd-fix-perm] container to exit on host []
INFO[0081] Waiting for [etcd-fix-perm] container to exit on host []
INFO[0081] Container [etcd-fix-perm] is still running on host []
INFO[0082] Waiting for [etcd-fix-perm] container to exit on host []
INFO[0082] Removing container [etcd-fix-perm] on host [], try #1
INFO[0082] [remove/etcd-fix-perm] Successfully removed container on host []
INFO[0082] Pulling image [rancher/coreos-etcd:v3.4.3-rancher1] on host [], try #1
INFO[0085] Image [rancher/coreos-etcd:v3.4.3-rancher1] exists on host []
INFO[0085] Starting container [etcd] on host [], try #1
INFO[0086] [etcd] Successfully started [etcd] container on host []
INFO[0086] [etcd] Running rolling snapshot container [etcd-snapshot-once] on host []
INFO[0086] Image [rancher/rke-tools:v0.1.56] exists on host []
INFO[0086] Starting container [etcd-rolling-snapshots] on host [], try #1
INFO[0086] [etcd] Successfully started [etcd-rolling-snapshots] container on host []
INFO[0091] Image [rancher/rke-tools:v0.1.56] exists on host []
INFO[0091] Starting container [rke-bundle-cert] on host [], try #1
INFO[0091] [certificates] Successfully started [rke-bundle-cert] container on host []
INFO[0091] Waiting for [rke-bundle-cert] container to exit on host []
INFO[0091] Container [rke-bundle-cert] is still running on host []
INFO[0092] Waiting for [rke-bundle-cert] container to exit on host []
INFO[0092] [certificates] successfully saved certificate bundle [/opt/rke/etcd-snapshots//pki.bundle.tar.gz] on host []
INFO[0092] Removing container [rke-bundle-cert] on host [], try #1
INFO[0092] Image [rancher/rke-tools:v0.1.56] exists on host []
INFO[0092] Starting container [rke-log-linker] on host [], try #1
INFO[0093] [etcd] Successfully started [rke-log-linker] container on host []
INFO[0093] Removing container [rke-log-linker] on host [], try #1
INFO[0093] [remove/rke-log-linker] Successfully removed container on host []
INFO[0093] [etcd] Successfully started etcd plane.. Checking etcd cluster health
INFO[0093] [controlplane] Building up Controller Plane..
INFO[0093] Checking if container [service-sidekick] is running on host [], try #1
INFO[0093] Image [rancher/rke-tools:v0.1.56] exists on host []
INFO[0093] Image [rancher/hyperkube:v1.17.6-rancher2] exists on host []
INFO[0093] Starting container [kube-apiserver] on host [], try #1
INFO[0093] [controlplane] Successfully started [kube-apiserver] container on host []
INFO[0093] [healthcheck] Start Healthcheck on service [kube-apiserver] on host []
INFO[0098] [healthcheck] service [kube-apiserver] on host [] is healthy
INFO[0098] Image [rancher/rke-tools:v0.1.56] exists on host []
INFO[0098] Starting container [rke-log-linker] on host [], try #1
INFO[0099] [controlplane] Successfully started [rke-log-linker] container on host []
INFO[0099] Removing container [rke-log-linker] on host [], try #1
INFO[0099] [remove/rke-log-linker] Successfully removed container on host []
INFO[0099] Image [rancher/hyperkube:v1.17.6-rancher2] exists on host []
INFO[0099] Starting container [kube-controller-manager] on host [], try #1
INFO[0099] [controlplane] Successfully started [kube-controller-manager] container on host []
INFO[0099] [healthcheck] Start Healthcheck on service [kube-controller-manager] on host []
INFO[0104] [healthcheck] service [kube-controller-manager] on host [] is healthy
INFO[0104] Image [rancher/rke-tools:v0.1.56] exists on host []
INFO[0104] Starting container [rke-log-linker] on host [], try #1
INFO[0104] [controlplane] Successfully started [rke-log-linker] container on host []
INFO[0104] Removing container [rke-log-linker] on host [], try #1
INFO[0105] [remove/rke-log-linker] Successfully removed container on host []
INFO[0105] Image [rancher/hyperkube:v1.17.6-rancher2] exists on host []
INFO[0105] Starting container [kube-scheduler] on host [], try #1
INFO[0105] [controlplane] Successfully started [kube-scheduler] container on host []
INFO[0105] [healthcheck] Start Healthcheck on service [kube-scheduler] on host []
INFO[0110] [healthcheck] service [kube-scheduler] on host [] is healthy
INFO[0110] Image [rancher/rke-tools:v0.1.56] exists on host []
INFO[0110] Starting container [rke-log-linker] on host [], try #1
INFO[0110] [controlplane] Successfully started [rke-log-linker] container on host []
INFO[0110] Removing container [rke-log-linker] on host [], try #1
INFO[0110] [remove/rke-log-linker] Successfully removed container on host []
INFO[0110] [controlplane] Successfully started Controller Plane..
INFO[0110] [authz] Creating rke-job-deployer ServiceAccount
INFO[0110] [authz] rke-job-deployer ServiceAccount created successfully
INFO[0110] [authz] Creating system:node ClusterRoleBinding
INFO[0110] [authz] system:node ClusterRoleBinding created successfully
INFO[0110] [authz] Creating kube-apiserver proxy ClusterRole and ClusterRoleBinding
INFO[0110] [authz] kube-apiserver proxy ClusterRole and ClusterRoleBinding created successfully
INFO[0110] Successfully Deployed state file at [./cluster.rkestate]
INFO[0110] [state] Saving full cluster state to Kubernetes
INFO[0111] [state] Successfully Saved full cluster state to Kubernetes ConfigMap: full-cluster-state
INFO[0111] [worker] Building up Worker Plane..
INFO[0111] Checking if container [service-sidekick] is running on host [], try #1
INFO[0111] Image [rancher/rke-tools:v0.1.56] exists on host []
INFO[0111] Image [rancher/rke-tools:v0.1.56] exists on host []
INFO[0111] [sidekick] Sidekick container already created on host []
INFO[0111] Image [rancher/hyperkube:v1.17.6-rancher2] exists on host []
INFO[0111] Starting container [kubelet] on host [], try #1
INFO[0111] Starting container [nginx-proxy] on host [], try #1
INFO[0111] Starting container [nginx-proxy] on host [], try #1
INFO[0111] [worker] Successfully started [kubelet] container on host []
INFO[0111] [healthcheck] Start Healthcheck on service [kubelet] on host []
INFO[0111] [worker] Successfully started [nginx-proxy] container on host []
INFO[0111] Image [rancher/rke-tools:v0.1.56] exists on host []
INFO[0111] [worker] Successfully started [nginx-proxy] container on host []
INFO[0111] Image [rancher/rke-tools:v0.1.56] exists on host []
INFO[0111] Starting container [rke-log-linker] on host [], try #1
INFO[0111] Starting container [rke-log-linker] on host [], try #1
INFO[0111] [worker] Successfully started [rke-log-linker] container on host []
INFO[0111] Removing container [rke-log-linker] on host [], try #1
INFO[0111] [worker] Successfully started [rke-log-linker] container on host []
INFO[0111] Removing container [rke-log-linker] on host [], try #1
INFO[0111] [remove/rke-log-linker] Successfully removed container on host []
INFO[0111] Checking if container [service-sidekick] is running on host [], try #1
INFO[0111] Image [rancher/rke-tools:v0.1.56] exists on host []
INFO[0111] Image [rancher/hyperkube:v1.17.6-rancher2] exists on host []
INFO[0112] [remove/rke-log-linker] Successfully removed container on host []
INFO[0112] Checking if container [service-sidekick] is running on host [], try #1
INFO[0112] Image [rancher/rke-tools:v0.1.56] exists on host []
INFO[0112] Starting container [kubelet] on host [], try #1
INFO[0112] Image [rancher/hyperkube:v1.17.6-rancher2] exists on host []
INFO[0112] Starting container [kubelet] on host [], try #1
INFO[0112] [worker] Successfully started [kubelet] container on host []
INFO[0112] [healthcheck] Start Healthcheck on service [kubelet] on host []
INFO[0112] [worker] Successfully started [kubelet] container on host []
INFO[0112] [healthcheck] Start Healthcheck on service [kubelet] on host []
INFO[0116] [healthcheck] service [kubelet] on host [] is healthy
INFO[0116] Image [rancher/rke-tools:v0.1.56] exists on host []
INFO[0116] Starting container [rke-log-linker] on host [], try #1
INFO[0116] [worker] Successfully started [rke-log-linker] container on host []
INFO[0116] Removing container [rke-log-linker] on host [], try #1
INFO[0116] [remove/rke-log-linker] Successfully removed container on host []
INFO[0116] Image [rancher/hyperkube:v1.17.6-rancher2] exists on host []
INFO[0116] Starting container [kube-proxy] on host [], try #1
INFO[0117] [worker] Successfully started [kube-proxy] container on host []
INFO[0117] [healthcheck] Start Healthcheck on service [kube-proxy] on host []
INFO[0117] [healthcheck] service [kubelet] on host [] is healthy
INFO[0117] Image [rancher/rke-tools:v0.1.56] exists on host []
INFO[0117] [healthcheck] service [kubelet] on host [] is healthy
INFO[0117] Starting container [rke-log-linker] on host [], try #1
INFO[0117] Image [rancher/rke-tools:v0.1.56] exists on host []
INFO[0117] Starting container [rke-log-linker] on host [], try #1
INFO[0117] [worker] Successfully started [rke-log-linker] container on host []
INFO[0117] Removing container [rke-log-linker] on host [], try #1
INFO[0117] [worker] Successfully started [rke-log-linker] container on host []
INFO[0117] Removing container [rke-log-linker] on host [], try #1
INFO[0118] [remove/rke-log-linker] Successfully removed container on host []
INFO[0118] Image [rancher/hyperkube:v1.17.6-rancher2] exists on host []
INFO[0118] Starting container [kube-proxy] on host [], try #1
INFO[0118] [remove/rke-log-linker] Successfully removed container on host []
INFO[0118] Image [rancher/hyperkube:v1.17.6-rancher2] exists on host []
INFO[0118] Starting container [kube-proxy] on host [], try #1
INFO[0118] [worker] Successfully started [kube-proxy] container on host []
INFO[0118] [healthcheck] Start Healthcheck on service [kube-proxy] on host []
INFO[0118] [worker] Successfully started [kube-proxy] container on host []
INFO[0118] [healthcheck] Start Healthcheck on service [kube-proxy] on host []
INFO[0122] [healthcheck] service [kube-proxy] on host [] is healthy
INFO[0122] Image [rancher/rke-tools:v0.1.56] exists on host []
INFO[0122] Starting container [rke-log-linker] on host [], try #1
INFO[0122] [worker] Successfully started [rke-log-linker] container on host []
INFO[0122] Removing container [rke-log-linker] on host [], try #1
INFO[0122] [remove/rke-log-linker] Successfully removed container on host []
INFO[0123] [healthcheck] service [kube-proxy] on host [] is healthy
INFO[0123] Image [rancher/rke-tools:v0.1.56] exists on host []
INFO[0123] Starting container [rke-log-linker] on host [], try #1
INFO[0123] [healthcheck] service [kube-proxy] on host [] is healthy
INFO[0123] Image [rancher/rke-tools:v0.1.56] exists on host []
INFO[0123] Starting container [rke-log-linker] on host [], try #1
INFO[0123] [worker] Successfully started [rke-log-linker] container on host []
INFO[0123] Removing container [rke-log-linker] on host [], try #1
INFO[0124] [remove/rke-log-linker] Successfully removed container on host []
INFO[0124] [worker] Successfully started [rke-log-linker] container on host []
INFO[0124] Removing container [rke-log-linker] on host [], try #1
INFO[0124] [remove/rke-log-linker] Successfully removed container on host []
INFO[0124] [worker] Successfully started Worker Plane..
INFO[0124] Image [rancher/rke-tools:v0.1.56] exists on host []
INFO[0124] Image [rancher/rke-tools:v0.1.56] exists on host []
INFO[0124] Image [rancher/rke-tools:v0.1.56] exists on host []
INFO[0124] Starting container [rke-log-cleaner] on host [], try #1
INFO[0124] Starting container [rke-log-cleaner] on host [], try #1
INFO[0124] Starting container [rke-log-cleaner] on host [], try #1
INFO[0124] [cleanup] Successfully started [rke-log-cleaner] container on host []
INFO[0124] Removing container [rke-log-cleaner] on host [], try #1
INFO[0124] [cleanup] Successfully started [rke-log-cleaner] container on host []
INFO[0124] Removing container [rke-log-cleaner] on host [], try #1
INFO[0125] [remove/rke-log-cleaner] Successfully removed container on host []
INFO[0125] [cleanup] Successfully started [rke-log-cleaner] container on host []
INFO[0125] Removing container [rke-log-cleaner] on host [], try #1
INFO[0125] [remove/rke-log-cleaner] Successfully removed container on host []
INFO[0125] [remove/rke-log-cleaner] Successfully removed container on host []
INFO[0125] [sync] Syncing nodes Labels and Taints
INFO[0125] [sync] Successfully synced nodes Labels and Taints
INFO[0125] [network] Setting up network plugin: canal
INFO[0125] [addons] Saving ConfigMap for addon rke-network-plugin to Kubernetes
INFO[0125] [addons] Successfully saved ConfigMap for addon rke-network-plugin to Kubernetes
INFO[0125] [addons] Executing deploy job rke-network-plugin
INFO[0130] [addons] Setting up coredns
INFO[0130] [addons] Saving ConfigMap for addon rke-coredns-addon to Kubernetes
INFO[0130] [addons] Successfully saved ConfigMap for addon rke-coredns-addon to Kubernetes
INFO[0130] [addons] Executing deploy job rke-coredns-addon
INFO[0135] [addons] CoreDNS deployed successfully
INFO[0135] [dns] DNS provider coredns deployed successfully
INFO[0135] [addons] Setting up Metrics Server
INFO[0135] [addons] Saving ConfigMap for addon rke-metrics-addon to Kubernetes
INFO[0135] [addons] Successfully saved ConfigMap for addon rke-metrics-addon to Kubernetes
INFO[0135] [addons] Executing deploy job rke-metrics-addon
INFO[0140] [addons] Metrics Server deployed successfully
INFO[0140] [ingress] Setting up nginx ingress controller
INFO[0140] [addons] Saving ConfigMap for addon rke-ingress-controller to Kubernetes
INFO[0140] [addons] Successfully saved ConfigMap for addon rke-ingress-controller to Kubernetes
INFO[0140] [addons] Executing deploy job rke-ingress-controller
INFO[0145] [ingress] ingress controller nginx deployed successfully
INFO[0145] [addons] Setting up user addons
INFO[0145] [addons] no user addons defined
INFO[0145] Finished building Kubernetes cluster successfully
[root@rancher-01 ~]#


[root@rancher-01 ~]# cat kube_config_cluster.yml
apiVersion: v1
kind: Config
- cluster:
    api-version: v1
    server: ""
  name: "local"
- context:
    cluster: "local"
    user: "kube-admin-local"
  name: "local"
current-context: "local"
- name: "kube-admin-local"


cat <<EOF > /etc/yum.repos.d/kubernetes.repo
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
yum install -y kubectl-1.17.6


[root@rancher-01 ~]# kubectl version --client
Client Version: version.Info{Major:"1", Minor:"17", GitVersion:"v1.17.6", GitCommit:"d32e40e20d167e103faf894261614c5b45c44198", GitTreeState:"clean", BuildDate:"2020-05-20T13:16:24Z", GoVersion:"go1.13.9", Compiler:"gc", Platform:"linux/amd64"}
[root@rancher-01 ~]#


[root@rancher-01 ~]# kubectl --kubeconfig kube_config_cluster.yml get nodes -o wide
rancher-01   Ready    controlplane,etcd   12m   v1.17.6   <none>        CentOS Linux 7 (Core)   3.10.0-957.27.2.el7.x86_64   docker://18.9.9
rancher-02   Ready    worker              12m   v1.17.6   <none>        CentOS Linux 7 (Core)   3.10.0-957.27.2.el7.x86_64   docker://18.9.9
rancher-03   Ready    worker              12m   v1.17.6   <none>        CentOS Linux 7 (Core)   3.10.0-957.27.2.el7.x86_64   docker://18.9.9
[root@rancher-01 ~]#


[root@rancher-01 ~]# kubectl --kubeconfig kube_config_cluster.yml get cs
NAME                 STATUS    MESSAGE             ERROR
controller-manager   Healthy   ok
scheduler            Healthy   ok
etcd-0               Healthy   {"health":"true"}
[root@rancher-01 ~]#


[root@rancher-01 ~]# kubectl --kubeconfig kube_config_cluster.yml get namespace
NAME              STATUS   AGE
default           Active   16m
ingress-nginx     Active   15m
kube-node-lease   Active   16m
kube-public       Active   16m
kube-system       Active   16m
[root@rancher-01 ~]#


[root@rancher-01 ~]# kubectl --kubeconfig kube_config_cluster.yml get pods --namespace=kube-system -o wide
NAME                                      READY   STATUS      RESTARTS   AGE   IP               NODE         NOMINATED NODE   READINESS GATES
canal-dgt4n                               2/2     Running     0          17m   rancher-03   <none>           <none>
canal-v9pkx                               2/2     Running     0          17m   rancher-01   <none>           <none>
canal-xdg2l                               2/2     Running     0          17m   rancher-02   <none>           <none>
coredns-7c5566588d-d9pvd                  1/1     Running     0          17m        rancher-03   <none>           <none>
coredns-7c5566588d-tzkvn                  1/1     Running     0          16m        rancher-02   <none>           <none>
coredns-autoscaler-65bfc8d47d-8drw8       1/1     Running     0          17m        rancher-02   <none>           <none>
metrics-server-6b55c64f86-tmbpr           1/1     Running     0          16m        rancher-02   <none>           <none>
rke-coredns-addon-deploy-job-nt4pd        0/1     Completed   0          17m   rancher-01   <none>           <none>
rke-ingress-controller-deploy-job-tnbqq   0/1     Completed   0          16m   rancher-01   <none>           <none>
rke-metrics-addon-deploy-job-t4jrv        0/1     Completed   0          17m   rancher-01   <none>           <none>
rke-network-plugin-deploy-job-fk8tc       0/1     Completed   0          17m   rancher-01   <none>           <none>
[root@rancher-01 ~]#
Rancher关于Kubernetes 集群节点的角色定义



具有etcd角色的节点运行etcd,这是一个用于存储Kubernetes集群配置数据,具有一致性且高可用的键值存储服务。 etcd将数据复制到每个节点。


具有controlplane角色的节点运行Kubernetes主组件(不包括etcd,因为它是单独的角色)。 有关组件包括kube-apiserver,kube-scheduler,kube-controller-manager和cloud-controller-manager。


具有worker角色的节点运行Kubernetes节点组件。 有关组件包括kubelet,kube-proxy,Container runtime。

Rancher is a complete software stack for teams adopting containers. It addresses the operational and security challenges of managing multiple Kubernetes clusters across any infrastructure, while providing DevOps teams with integrated tools for running containerized workloads.

Rancher是供采用容器的团队使用的完整软件堆栈。 它解决了在任何基础架构上管理多个Kubernetes集群的运营和安全挑战,同时为DevOps团队提供了用于运行容器化工作负载的集成工具。


[root@rancher ~]# sed -i 's/^SELINUX=enforcing$/SELINUX=disabled/' /etc/selinux/config
[root@rancher ~]# setenforce 0
[root@rancher ~]# getenforce 
[root@rancher ~]#


[root@rancher ~]# curl https://releases.rancher.com/install-docker/18.09.sh | sh
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 15521  100 15521    0     0  92374      0 --:--:-- --:--:-- --:--:-- 92940
+ '[' centos = redhat ']'
+ sh -c 'yum install -y -q yum-utils'
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
warning: /var/cache/yum/x86_64/7/updates/packages/yum-utils-1.1.31-54.el7_8.noarch.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
Public key for yum-utils-1.1.31-54.el7_8.noarch.rpm is not installed
Importing GPG key 0xF4A80EB5:
 Userid     : "CentOS-7 Key (CentOS 7 Official Signing Key) <security@centos.org>"
 Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5
 Package    : centos-release-7-6.1810.2.el7.centos.x86_64 (installed)
 From       : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
+ sh -c 'yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo'
Loaded plugins: fastestmirror
adding repo from: https://download.docker.com/linux/centos/docker-ce.repo
grabbing file https://download.docker.com/linux/centos/docker-ce.repo to /etc/yum.repos.d/docker-ce.repo
repo saved to /etc/yum.repos.d/docker-ce.repo
+ '[' stable '!=' stable ']'
+ sh -c 'yum makecache fast'
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirror.keystealth.org
 * extras: mirror.fileplanet.com
 * updates: mirror.web-ster.com
base                                                                                                                                                     | 3.6 kB  00:00:00     
docker-ce-stable                                                                                                                                         | 3.5 kB  00:00:00     
extras                                                                                                                                                   | 2.9 kB  00:00:00     
updates                                                                                                                                                  | 2.9 kB  00:00:00     
(1/2): docker-ce-stable/x86_64/updateinfo                                                                                                                |   55 B  00:00:00     
(2/2): docker-ce-stable/x86_64/primary_db                                                                                                                |  44 kB  00:00:00     
Metadata Cache Created
+ sh -c 'yum install -y -q docker-ce-18.09.9 docker-ce-cli-18.09.9'
warning: /var/cache/yum/x86_64/7/docker-ce-stable/packages/containerd.io-1.2.13-3.2.el7.x86_64.rpm: Header V4 RSA/SHA512 Signature, key ID 621e9f35: NOKEY
Public key for containerd.io-1.2.13-3.2.el7.x86_64.rpm is not installed
Importing GPG key 0x621E9F35:
 Userid     : "Docker Release (CE rpm) <docker@docker.com>"
 Fingerprint: 060a 61c5 1b55 8a7f 742b 77aa c52f eb6b 621e 9f35
 From       : https://download.docker.com/linux/centos/gpg
setsebool:  SELinux is disabled.
+ '[' -d /run/systemd/system ']'
+ sh -c 'service docker start'
Redirecting to /bin/systemctl start docker.service
+ sh -c 'docker version'
 Version:           18.09.9
 API version:       1.39
 Go version:        go1.11.13
 Git commit:        039a7df9ba
 Built:             Wed Sep  4 16:51:21 2019
 OS/Arch:           linux/amd64
 Experimental:      false

Server: Docker Engine - Community
  Version:          18.09.9
  API version:      1.39 (minimum version 1.12)
  Go version:       go1.11.13
  Git commit:       039a7df
  Built:            Wed Sep  4 16:22:32 2019
  OS/Arch:          linux/amd64
  Experimental:     false

If you would like to use Docker as a non-root user, you should now consider
adding your user to the "docker" group with something like:

  sudo usermod -aG docker your-user

Remember that you will have to log out and back in for this to take effect!

WARNING: Adding a user to the "docker" group will grant the ability to run
         containers which can be used to obtain root privileges on the
         docker host.
         Refer to https://docs.docker.com/engine/security/security/#docker-daemon-attack-surface
         for more information.

[root@rancher ~]#




rancher.bcoc.site ---->

安装Rancher并配置持久化存储和Let’s Encrypt证书

docker run -d --restart=unless-stopped \
  -p 80:80 -p 443:443 \
  -v /opt/rancher:/var/lib/rancher \
  rancher/rancher:latest \
  --acme-domain rancher.bcoc.site
[root@rancher ~]# docker image ls
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
[root@rancher ~]# docker container ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
[root@rancher ~]# 
[root@rancher ~]# docker run -d --restart=unless-stopped \
>   -p 80:80 -p 443:443 \
>   -v /opt/rancher:/var/lib/rancher \
>   rancher/rancher:latest \
>   --acme-domain rancher.bcoc.site
Unable to find image 'rancher/rancher:latest' locally
latest: Pulling from rancher/rancher
23884877105a: Pull complete 
bc38caa0f5b9: Pull complete 
2910811b6c42: Pull complete 
36505266dcc6: Pull complete 
99447ff7670f: Pull complete 
879c87dc86fd: Pull complete 
5b954e5aebf8: Pull complete 
664e1faf26b5: Pull complete 
bf7ac75d932b: Pull complete 
7e972d16ff5b: Pull complete 
08314b1e671c: Pull complete 
d5ce20b3d070: Pull complete 
20e75cd9c8e9: Pull complete 
80daa2770be8: Pull complete 
7fb927855713: Pull complete 
af20d79674f1: Pull complete 
d6a9086242eb: Pull complete 
887a8f050cee: Pull complete 
834df47e622f: Pull complete 
Digest: sha256:25ab51f5366ee7b7add66bc41203eac4b8654386630432ac4f334f69f8baf706
Status: Downloaded newer image for rancher/rancher:latest
[root@rancher ~]#


[root@rancher ~]# docker container ps
CONTAINER ID        IMAGE                    COMMAND                  CREATED             STATUS              PORTS                                      NAMES
7b54dbd54965        rancher/rancher:latest   "entrypoint.sh --acm…"   20 seconds ago      Up 19 seconds>80/tcp,>443/tcp   recursing_joliot
[root@rancher ~]#









sudo docker run -d --privileged --restart=unless-stopped --net=host \
-v /etc/kubernetes:/etc/kubernetes -v /var/run:/var/run rancher/rancher-agent:v2.4.4 \
--server https://rancher.bcoc.site --token 7lmgztttzn7z2l8w6t4xhdz9gz2l7rpks6x7gc8222pjddt2mxlwcp \
--etcd --controlplane --worker

[root@rancher-01 ~]# sudo docker run -d --privileged --restart=unless-stopped --net=host \
> -v /etc/kubernetes:/etc/kubernetes -v /var/run:/var/run rancher/rancher-agent:v2.4.4 \
> --server https://rancher.bcoc.site --token 7lmgztttzn7z2l8w6t4xhdz9gz2l7rpks6x7gc8222pjddt2mxlwcp \
> --etcd --controlplane --worker
Unable to find image 'rancher/rancher-agent:v2.4.4' locally
v2.4.4: Pulling from rancher/rancher-agent
23884877105a: Pull complete 
bc38caa0f5b9: Pull complete 
2910811b6c42: Pull complete 
36505266dcc6: Pull complete 
839286d9c3a6: Pull complete 
8a1ba646e5a3: Pull complete 
4917caa38753: Pull complete 
b56094248bdf: Pull complete 
77f08dadb4eb: Pull complete 
d925a4b78308: Pull complete 
Digest: sha256:a6b416d7e5f89d28f8f8a54472cabe656378bc8c1903d08e1c2e9e453cdab1ff
Status: Downloaded newer image for rancher/rancher-agent:v2.4.4
[root@rancher-01 ~]#


[root@rancher-02 ~]# sudo docker run -d --privileged --restart=unless-stopped --net=host \
> -v /etc/kubernetes:/etc/kubernetes -v /var/run:/var/run rancher/rancher-agent:v2.4.4 \
> --server https://rancher.bcoc.site --token 7lmgztttzn7z2l8w6t4xhdz9gz2l7rpks6x7gc8222pjddt2mxlwcp \
> --etcd --controlplane --worker
Unable to find image 'rancher/rancher-agent:v2.4.4' locally
v2.4.4: Pulling from rancher/rancher-agent
23884877105a: Pull complete 
bc38caa0f5b9: Pull complete 
2910811b6c42: Pull complete 
36505266dcc6: Pull complete 
839286d9c3a6: Pull complete 
8a1ba646e5a3: Pull complete 
4917caa38753: Pull complete 
b56094248bdf: Pull complete 
77f08dadb4eb: Pull complete 
d925a4b78308: Pull complete 
Digest: sha256:a6b416d7e5f89d28f8f8a54472cabe656378bc8c1903d08e1c2e9e453cdab1ff
Status: Downloaded newer image for rancher/rancher-agent:v2.4.4
[root@rancher-02 ~]#

