rke 설치 환경 준비
RKE runs on almost any Linux OS with Docker installed. Most of the development and testing of RKE occurred on Ubuntu 16.04. However, some OS's have restrictions and specific requirements.
docker
group on the node: usermod -aG docker
See Manage Docker as a non-root user to see how you can configure access to Docker without using the root
user. RedHat Enterprise Linux (RHEL)/CentOS
If using RedHat Enterprise Linux or CentOS, you cannot use the
root
user as [SSH user]({{< baseurl >}}/rke/v0.1.x/en/config-options/nodes/#ssh-user) due to Bugzilla 1527565. Please follow the instructions below how to setup Docker correctly, based on the way you installed Docker on the node. Using upstream Docker
If you are using upstream Docker, the package name is
docker-ce
or docker-ee
. You can check the installed package by executing: rpm -q docker-ce
When using the upstream Docker packages, please follow Manage Docker as a non-root user.
Using RHEL/CentOS packaged Docker
If you are using the Docker Docker package supplied by RedHat/CentOS, the package name is
docker
. You can check the installed package by executing: rpm -q docker
If you are using the Docker package supplied by RedHat/CentOS, the
dockerroot
group is automatically added to the system. You will need to edit (or create) /etc/docker/daemon.json
to include the following: {
"group": "dockerroot"
}
Restart Docker after editing or creating the file. After restarting Docker, you can check the group permission of the Docker socket (
/var/run/docker.sock
), which should show dockerroot
as group: srw-rw----. 1 root dockerroot 0 Jul 4 09:57 /var/run/docker.sock
Add the SSH user you want to use to this group, this can't be the
root
user. usermod -aG dockerroot
To verify that the user is correctly configured, log out of the node and login with your SSH user, and execute
docker ps
: ssh @node
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
Software
Kubernetes Version
Docker 1.12.6
Docker 1.13.1
Docker 17.03.2
v1.10.x
X
X
X
v1.9.x
X
X
X
v1.8.x
X
X
X
You can either follow the Docker installation instructions or use one of Rancher's install scripts to install Docker.
Docker Version
Install Script
17.03.2
curl https://releases.rancher.com/install-docker/17.03.sh
sh
1.13.1
curl https://releases.rancher.com/install-docker/1.13.sh
sh
1.12.6
curl https://releases.rancher.com/install-docker/1.12.sh
sh
Confirm that a Kubernetes supported version of Docker is installed on your machine, by running
docker version
. $ docker version
Client:
Version: 17.03.2-ce
API version: 1.27
Go version: go1.7.5
Git commit: f5ec1e2
Built: Tue Jun 27 03:35:14 2017
OS/Arch: linux/amd64
Server:
Version: 17.03.2-ce
API version: 1.27 (minimum version 1.12)
Go version: go1.7.5
Git commit: f5ec1e2
Built: Tue Jun 27 03:35:14 2017
OS/Arch: linux/amd64
Experimental: false
Ports
{{< requirements_ports_rke >}}
If you are using an external firewall, make sure you have this port opened between the machine you are using to run
rke
and the nodes that you are going to use in the cluster. Opening port TCP/6443 using `iptables``
# Open TCP/6443 for all
iptables -A INPUT -p tcp --dport 6443 -j ACCEPT
# Open TCP/6443 for one specific IP
iptables -A INPUT -p tcp -s your_ip_here --dport 6443 -j ACCEPT
Opening port TCP/6443 using
firewalld
# Open TCP/6443 for all
firewall-cmd --zone=public --add-port=6443/tcp --permanent
firewall-cmd --reload
# Open TCP/6443 for one specific IP
firewall-cmd --permanent --zone=public --add-rich-rule='
rule family="ipv4"
source address="your_ip_here/32"
port protocol="tcp" port="6443" accept'
firewall-cmd --reload
Notes about Atomic Nodes
Before trying to use RKE with Atomic nodes, there are a couple of updates to the OS that need to occur in order to get RKE working.
Container Volumes
In RKE, most of the volumes are mounted with option
z
, but there are some container volumes that may have some issues in Atomic due to SELinux. Before running RKE, users will need to run the following commands to make some additional directories:
# mkdir /opt/cni /etc/cni
# chcon -Rt svirt_sandbox_file_t /etc/cni
# chcon -Rt svirt_sandbox_file_t /opt/cni
OpenSSH version
By default, Atomic hosts ship with OpenSSH 6.4, which doesn't support SSH tunneling, which is a core RKE requirement. If you upgrade to the latest version of OpenSSH supported by Atomic, it will correct the SSH issue.
Creating a Docker Group
By default, Atomic hosts do not come with a Docker group. You can update the ownership of the Docker socket by enabling the specific user in order to launch RKE.
# chown /var/run/docker.sock
이 내용에 흥미가 있습니까?
현재 기사가 여러분의 문제를 해결하지 못하는 경우 AI 엔진은 머신러닝 분석(스마트 모델이 방금 만들어져 부정확한 경우가 있을 수 있음)을 통해 가장 유사한 기사를 추천합니다:
다양한 언어의 JSONJSON은 Javascript 표기법을 사용하여 데이터 구조를 레이아웃하는 데이터 형식입니다. 그러나 Javascript가 코드에서 이러한 구조를 나타낼 수 있는 유일한 언어는 아닙니다. 저는 일반적으로 '객체'{}...
텍스트를 자유롭게 공유하거나 복사할 수 있습니다.하지만 이 문서의 URL은 참조 URL로 남겨 두십시오.
CC BY-SA 2.5, CC BY-SA 3.0 및 CC BY-SA 4.0에 따라 라이센스가 부여됩니다.