rke 설치 환경 준비

6162 단어
Operating System Requirements
RKE runs on almost any Linux OS with Docker installed. Most of the development and testing of RKE occurred on Ubuntu 16.04. However, some OS's have restrictions and specific requirements.
  • [SSH user]({{< baseurl >}}/rke/v0.1.x/en/config-options/nodes/#ssh-user) - The SSH user used for node access must be a member of the docker group on the node:
    usermod -aG docker 
    See Manage Docker as a non-root user to see how you can configure access to Docker without using the root user.
  • Swap should be disabled on any worker nodes

  • RedHat Enterprise Linux (RHEL)/CentOS
    If using RedHat Enterprise Linux or CentOS, you cannot use the root user as [SSH user]({{< baseurl >}}/rke/v0.1.x/en/config-options/nodes/#ssh-user) due to Bugzilla 1527565. Please follow the instructions below how to setup Docker correctly, based on the way you installed Docker on the node.
    Using upstream Docker
    If you are using upstream Docker, the package name is docker-ce or docker-ee . You can check the installed package by executing:
    rpm -q docker-ce

    When using the upstream Docker packages, please follow Manage Docker as a non-root user.
    Using RHEL/CentOS packaged Docker
    If you are using the Docker Docker package supplied by RedHat/CentOS, the package name is docker . You can check the installed package by executing:
    rpm -q docker

    If you are using the Docker package supplied by RedHat/CentOS, the dockerroot group is automatically added to the system. You will need to edit (or create) /etc/docker/daemon.json to include the following:
    {
        "group": "dockerroot"
    }

    Restart Docker after editing or creating the file. After restarting Docker, you can check the group permission of the Docker socket ( /var/run/docker.sock ), which should show dockerroot as group:
    srw-rw----. 1 root dockerroot 0 Jul  4 09:57 /var/run/docker.sock

    Add the SSH user you want to use to this group, this can't be the root user.
    usermod -aG dockerroot 

    To verify that the user is correctly configured, log out of the node and login with your SSH user, and execute docker ps :
    ssh @node
    $ docker ps
    CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES

    Software
  • Docker - Each Kubernetes version supports different Docker versions.

  • Kubernetes Version
    Docker 1.12.6
    Docker 1.13.1
    Docker 17.03.2
    v1.10.x
    X
    X
    X
    v1.9.x
    X
    X
    X
    v1.8.x
    X
    X
    X
    You can either follow the Docker installation instructions or use one of Rancher's install scripts to install Docker.
    Docker Version
    Install Script
    17.03.2 curl https://releases.rancher.com/install-docker/17.03.sh
    sh
    1.13.1 curl https://releases.rancher.com/install-docker/1.13.sh
    sh
    1.12.6 curl https://releases.rancher.com/install-docker/1.12.sh
    sh
    Confirm that a Kubernetes supported version of Docker is installed on your machine, by running docker version .
    $ docker version
    Client:
     Version:      17.03.2-ce
     API version:  1.27
     Go version:   go1.7.5
     Git commit:   f5ec1e2
     Built:        Tue Jun 27 03:35:14 2017
     OS/Arch:      linux/amd64
    
    Server:
     Version:      17.03.2-ce
     API version:  1.27 (minimum version 1.12)
     Go version:   go1.7.5
     Git commit:   f5ec1e2
     Built:        Tue Jun 27 03:35:14 2017
     OS/Arch:      linux/amd64
     Experimental: false
  • OpenSSH 7.0+ - In order to SSH into each node, OpenSSH must be installed on each node.

  • Ports
    {{< requirements_ports_rke >}}
    If you are using an external firewall, make sure you have this port opened between the machine you are using to run rke and the nodes that you are going to use in the cluster.
    Opening port TCP/6443 using `iptables``
    # Open TCP/6443 for all
    iptables -A INPUT -p tcp --dport 6443 -j ACCEPT
    
    # Open TCP/6443 for one specific IP
    iptables -A INPUT -p tcp -s your_ip_here --dport 6443 -j ACCEPT

    Opening port TCP/6443 using firewalld
    # Open TCP/6443 for all
    firewall-cmd --zone=public --add-port=6443/tcp --permanent
    firewall-cmd --reload
    
    # Open TCP/6443 for one specific IP
    firewall-cmd --permanent --zone=public --add-rich-rule='
      rule family="ipv4"
      source address="your_ip_here/32"
      port protocol="tcp" port="6443" accept'
    firewall-cmd --reload

    Notes about Atomic Nodes
    Before trying to use RKE with Atomic nodes, there are a couple of updates to the OS that need to occur in order to get RKE working.
    Container Volumes
    In RKE, most of the volumes are mounted with option z , but there are some container volumes that may have some issues in Atomic due to SELinux.
    Before running RKE, users will need to run the following commands to make some additional directories:
    # mkdir /opt/cni /etc/cni
    # chcon -Rt svirt_sandbox_file_t /etc/cni
    # chcon -Rt svirt_sandbox_file_t /opt/cni

    OpenSSH version
    By default, Atomic hosts ship with OpenSSH 6.4, which doesn't support SSH tunneling, which is a core RKE requirement. If you upgrade to the latest version of OpenSSH supported by Atomic, it will correct the SSH issue.
    Creating a Docker Group
    By default, Atomic hosts do not come with a Docker group. You can update the ownership of the Docker socket by enabling the specific user in order to launch RKE.
    # chown  /var/run/docker.sock

    좋은 웹페이지 즐겨찾기