一、导入任意的k8s集群¶
1、依次点击【集群管理】-【集群】-【导入已有集群】
2、点击【通用】
3、定义集群名称:test,集群描述:测试环境后,点击【创建】
4、在k8s集群中master节点(具有kubectl命令)进行注册
(1)外网环境操作
因为证书由未知机构签名,所以需要复制下面内容在k8s集群中master节点(具有kubectl命令)进行注册
[root@master01 ~]# curl --insecure -sfL https://10.0.0.10/v3/import/4z5h8b7m7jxcbfh86fk9kstfpxjr7nc28gfhhb8wz66mrfbcrjnp92_c-m-7s9zjz9w.yaml | kubectl apply -f -
注意:以上只适合有外网人员操作
(2)非外网环境操作
#编写yaml文件
[root@master01 ~]# vim rancher-agent.yaml
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: proxy-clusterrole-kubeapiserver
rules:
- apiGroups: [""]
resources:
- nodes/metrics
- nodes/proxy
- nodes/stats
- nodes/log
- nodes/spec
verbs: ["get", "list", "watch", "create"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: proxy-role-binding-kubernetes-master
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: proxy-clusterrole-kubeapiserver
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: User
name: kube-apiserver
---
apiVersion: v1
kind: Namespace
metadata:
name: cattle-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: cattle
namespace: cattle-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: cattle-admin-binding
namespace: cattle-system
labels:
cattle.io/creator: "norman"
subjects:
- kind: ServiceAccount
name: cattle
namespace: cattle-system
roleRef:
kind: ClusterRole
name: cattle-admin
apiGroup: rbac.authorization.k8s.io
---
apiVersion: v1
kind: Secret
metadata:
name: cattle-credentials-f4d7a5d
namespace: cattle-system
type: Opaque
data:
url: "aHR0cHM6Ly8xMC4wLjAuMTA="
token: "NHo1aDhiN203anhjYmZoODZmazlrc3RmcHhqcjduYzI4Z2ZoaGI4d3o2Nm1yZmJjcmpucDky"
namespace: ""
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: cattle-admin
labels:
cattle.io/creator: "norman"
rules:
- apiGroups:
- '*'
resources:
- '*'
verbs:
- '*'
- nonResourceURLs:
- '*'
verbs:
- '*'
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: cattle-cluster-agent
namespace: cattle-system
annotations:
management.cattle.io/scale-available: "2"
spec:
selector:
matchLabels:
app: cattle-cluster-agent
template:
metadata:
labels:
app: cattle-cluster-agent
spec:
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- preference:
matchExpressions:
- key: node-role.kubernetes.io/controlplane
operator: In
values:
- "true"
weight: 100
- preference:
matchExpressions:
- key: node-role.kubernetes.io/control-plane
operator: In
values:
- "true"
weight: 100
- preference:
matchExpressions:
- key: node-role.kubernetes.io/master
operator: In
values:
- "true"
weight: 100
- preference:
matchExpressions:
- key: cattle.io/cluster-agent
operator: In
values:
- "true"
weight: 1
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: beta.kubernetes.io/os
operator: NotIn
values:
- windows
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchExpressions:
- key: app
operator: In
values:
- cattle-cluster-agent
topologyKey: kubernetes.io/hostname
weight: 100
serviceAccountName: cattle
tolerations:
# No taints or no controlplane nodes found, added defaults
- effect: NoSchedule
key: node-role.kubernetes.io/controlplane
value: "true"
- effect: NoSchedule
key: "node-role.kubernetes.io/control-plane"
operator: "Exists"
- effect: NoSchedule
key: "node-role.kubernetes.io/master"
operator: "Exists"
containers:
- name: cluster-register
imagePullPolicy: IfNotPresent
env:
- name: CATTLE_IS_RKE
value: "false"
- name: CATTLE_SERVER
value: "https://10.0.0.10"
- name: CATTLE_CA_CHECKSUM
value: "8bdef32fe741496f3d3a410584cde160f9f486510962679a68648db067756646"
- name: CATTLE_CLUSTER
value: "true"
- name: CATTLE_K8S_MANAGED
value: "true"
- name: CATTLE_CLUSTER_REGISTRY
value: ""
- name: CATTLE_SERVER_VERSION
value: v2.8.2
- name: CATTLE_INSTALL_UUID
value: 52bba67d-5b53-4508-bf55-a64537d20c62
- name: CATTLE_INGRESS_IP_DOMAIN
value: sslip.io
image: registry.cn-hangzhou.aliyuncs.com/abroad_images/rancher-agent:v2.8.2
volumeMounts:
- name: cattle-credentials
mountPath: /cattle-credentials
readOnly: true
volumes:
- name: cattle-credentials
secret:
secretName: cattle-credentials-f4d7a5d
defaultMode: 320
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 0
maxSurge: 1
---
apiVersion: v1
kind: Service
metadata:
name: cattle-cluster-agent
namespace: cattle-system
spec:
ports:
- port: 80
targetPort: 80
protocol: TCP
name: http
- port: 443
targetPort: 444
protocol: TCP
name: https-internal
selector:
app: cattle-cluster-agent
#执行此yaml文件
[root@master01 ~]# kubectl apply -f rancher-agent.yaml
#启动第二个cattle-cluster-agent会再次拉取国外镜像,所以需要edit修改为国内镜像
[root@master01 ~]# kubectl edit deploy cattle-cluster-agent -n cattle-system
...
...
image: rancher/rancher-agent:v2.8.2
imagePullPolicy: IfNotPresent
...
...
#查看pod启动情况
[root@master01 ~]# kubectl get po -n cattle-system
NAME READY STATUS RESTARTS AGE
cattle-cluster-agent-749dd4c994-8txwx 1/1 Running 0 26m
cattle-cluster-agent-76b8797f4b-86vfk 1/1 Running 0 24m
...
...
补充:
如果操作错误想删除,可以操作下面语句进行删除
[root@master01 ~]# curl --insecure -sfL https://10.0.0.10/v3/import/4z5h8b7m7jxcbfh86fk9kstfpxjr7nc28gfhhb8wz66mrfbcrjnp92_c-m-7s9zjz9w.yaml | kubectl delete -f -
二、查看导入任意的k8s集群¶
1、再次返回rancher访问界面,查看集群已导入
2、查看节点
依次点击【TEST】-【节点】
3、查看事件
依次点击【TEST】-【事件】
4、查看工作负载
依次点击【TEST】-【工作负载】-【Deployment】
