Shulou(Shulou.com)05/31 Report--

This article will explain in detail how to add custom nodes to the Rancher 2.0 TP2 Kubernetes cluster. Xiaobian thinks it is quite practical, so share it with you as a reference. I hope you can gain something after reading this article.

Rancher is an open source, full-stack, enterprise-class container management platform. Users can complete the docking and deployment of all container infrastructures (network, storage, Load Balancer, etc.) with one click on the Rancher visual interface, ensuring that containers run seamlessly on any infrastructure (public and private clouds, virtual machines, physical machines, etc.). Everything you need to do to use containers in a production environment is simple and intuitive.

** Starting with Rancher 2.0, every cluster in Rancher will be based on Kubernetes. ** Users can take full advantage of Kubernetes 'powerful capabilities and rapidly growing ecosystem, and Rancher 2.0 will accelerate Kubernetes adoption in the enterprise through a simple and intuitive Kubernetes-based user experience on the Rancher platform.

Tech Preview 2, the second milestone release of Rancher 2.0 released in February 2018, supports ** users to add custom nodes when creating RKE clusters. ** Users can start the rancher/agent container by running the generated docker run command, or add custom nodes (nodes already configured with Linux OS and Docker) by connecting SSH to the node. In this article, we will demonstrate how to use the docker run command to automatically generate commands to add nodes.

Note: Rancher 2.0 is currently released as a technical preview and is not yet suitable for use in a production environment. It is recommended that you do not place your production workload on it.

requirements

› Hosts running Linux and Docker › JSON utility jq installed to parse API responses ›sha256sum binary file used to compute CA certificate checksums

Start Rancher Server

Before doing anything, we first need to start the rancher / server container. The mirror of Rancher 2.0 Tech Preview 2 is rancher/server:preview. One change from 1.6 to 2.0 is that we no longer expose port 8080. Instead, we expose ports 80 and 443, where 80 redirects to 443 by default. You can start the container as follows:

docker run -d -p 80:80 -p 443:443 rancher/server:preview

If you want the data for this setup to persist, you can mount the host volume to/ var / lib / rancher as follows:

docker run -d -p 80:80 -p 443:443 -v /data:/var/lib/rancher/server:preview Log in and create API keys

In Rancher 1.x, authentication is not enabled by default. Once the rancher/server container is started, users can access the API / UI without any credentials. In Rancher 2.0, we enable authentication with default username and password management. After logging in, we get an anonymous token that we can use to change our password. After changing the password, we create an API key to perform other requests. The API key is also an anonymous token, which we call automation for automation purposes.

login

# LoginLOGINRESPONSE=`curl -s 'https://127.0.0.1/v3-public/localProviders/local? action=login' -H 'content-type: application/json' --data-binary '{"username":"admin","password":"admin"}' --insecure`LOGINTOKEN=`echo $LOGINRESPONSE | jq -r .token`

Change password (change password to thisyournewpassword)

# Change passwordcurl -s 'https://127.0.0.1/v3/users? action=changepassword' -H 'content-type: application/json' -H "Authorization: Bearer $LOGINTOKEN" --data-binary '{"currentPassword":"admin","newPassword":"thisisyournewpassword"}' --insecure

create an API key

# Create API keyAPIRESPONSE=`curl -s 'https://127.0.0.1/v3/token' -H 'content-type: application/json' -H "Authorization: Bearer $LOGINTOKEN" --data-binary '{"type":"token","description":"automation"}' --insecure`# Extract and store tokenAPITOKEN=`echo $APIRESPONSE |jq -r .token`Create cluster

After generating the API secret key, you can start creating clusters. When creating a cluster, you have three options:

Start a cloud cluster (Google Kubernetes Engine/GKE)

› Create a cluster (with our own Kubernetes installer, Rancher Kubernetes Engine)

› Import an existing cluster (if you already have a Kubernetes cluster, you can import by inserting a kubeconfig file from that cluster)

For this article, we will create a cluster using Rancher Kubernetes Engine (rke). When you create a cluster, you can choose to create new nodes directly when you create the cluster (by creating nodes from cloud providers like DigitalOcean / Amazon) or use existing nodes and have Rancher connect to them with SSH credentials. The method we discussed in this article (adding nodes by running the docker run command) is available only after the cluster has been created.

You can create a cluster (your new cluster) using the following command. As you can see, only the parameter ignoreDockerVersion is included here (ignoring Docker versions that are not supported by Kubernetes). The rest will be default, which we will discuss in a later article. Before that, you could discover configurable options through the UI.

# Create clusterCLUSTERRESPONSE=`curl -s 'https://127.0.0.1/v3/cluster' -H 'content-type: application/json' -H "Authorization: Bearer $APITOKEN" --data-binary '{"type":"cluster","nodes":[],"rancherKubernetesEngineConfig":{"ignoreDockerVersion":true},"name":"yournewcluster"}' --insecure`# Extract clusterid to use for generating the docker run commandCLUSTERID=`echo $CLUSTERRESPONSE | jq -r .id`

After running this code, you should see your new cluster in the UI. Since no nodes have been added, the cluster state will be "waiting for node configuration or waiting for valid configuration."

Assemble docker run command to start rancher/agent

The final part of adding nodes is to start the rancher/agent container, which adds nodes to the cluster. To do this, we need:

› Proxy mirrors coupled to Rancher versions › Nodes (etcd and/or control panel and/or staff) › Addresses where rancher/server containers can be reached › Cluster tokens used by proxies to join clusters › Checksums for CA certificates

Proxy images can be retrieved from the API's settings endpoint:

AGENTIMAGE=`curl -s -H "Authorization: Bearer $APITOKEN" https://127.0.0.1/v3/settings/agent-image --insecure | jq -r .value`

The role of the node is up to you. (In this example, we will use all three roles):

ROLEFLAGS="--etcd --controlplane --worker"

The address where the rancher/server container can be reached should be self-resolving, and rancher/agent will connect to that endpoint.

RANCHERSERVER="https://rancher_server_address"

Cluster tokens can be retrieved from clusters created. We saved the clusterid we created in CLUSTERID, which we can then use to generate a token.

# Generate token (clusterRegistrationToken)AGENTTOKEN=`curl -s 'https://127.0.0.1/v3/clusterregistrationtoken' -H 'content-type: application/json' -H "Authorization: Bearer $APITOKEN" --data-binary '{"type":"clusterRegistrationToken","clusterId":"'$CLUSTERID'"}' --insecure | jq -r .token`

The generated CA certificate is also stored in the API and can be retrieved as follows, in which case sha256sum can be added to generate the checksum we need to join the cluster.

# Retrieve CA certificate and generate checksumCACHECKSUM=`curl -s -H "Authorization: Bearer $APITOKEN" https://127.0.0.1/v3/settings/cacerts --insecure | jq -r .value | sha256sum | awk '{ print $1 }'`

All the data needed to join the cluster is now available, we just need to assemble the command.

# Assemble the docker run commandAGENTCOMMAND="docker run -d --restart=unless-stopped -v /var/run/docker.sock:/var/run/docker.sock --net=host $AGENTIMAGE $ROLEFLAGS --server $RANCHERSERVER --token $AGENTTOKEN --ca-checksum $CACHECKSUM"# Show the commandecho $AGENTCOMMAND

The last command (echo $AGENTCOMMAND) should look something like this.

docker run -d --restart=unless-stopped -v /var/run/docker.sock:/var/run/docker.sock --net=host rancher/agent:v2.0.2 --etcd --controlplane --worker --server https://rancher_server_address --token xg2hdr8rwljjbv8r94qhrbzpwbbfnkhphq5vjjs4dfxgmb4wrt9rpq --ca-checksum 3d6f14b44763184519a98697d4a5cc169a409e8dde143edeca38aebc1512c31d

After running this command on the node, you should see it joined the cluster and configured by Rancher.

Protip: These tokens can also be used directly as basic authentication, for example:

curl -u $APITOKEN https://127.0.0.1/v3/settings--insecure About "How to add custom nodes in Rancher 2.0 TP2 Kubernetes cluster" This article is shared here, I hope the above content can be of some help to everyone, so that you can learn more knowledge, if you think the article is good, please share it to let more people see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.