在上篇《國產化信創開源雲原生平臺》文章中,我們介紹了 Rainbond 作為可能是國內首個開源國產化信創平臺,在支援國產化和信創方面的能力,並簡要介紹瞭如何在國產化信創環境中線上部署 Kubernetes 和 Rainbond。
然而,對於大多數國產化信創環境,如銀行、政府等機構,離線部署的需求更為普遍。值得注意的是,Rainbond 官網文件目前僅提供了在已有 Kubernetes 環境中離線部署 Rainbond 的指南。那麼,為什麼我們不提供離線部署 Kubernetes 的文件呢?Rainbond 開源社群與其他開源社群不同,Rainbond 始終對每一位開源使用者提出的問題負責,並積極幫助解決問題。然而,這無疑會為社群支援團隊帶來額外的工作負擔,特別是在處理本不屬於 Rainbond 範疇的問題時。
因此,本篇文章將詳細介紹如何在國產化信創環境下部署 Kubernetes 以及 Rainbond,希望能夠為使用者提供實用的指導,減少在部署過程中的困擾。
準備離線映象和安裝包
在有網的 Arm 環境中準備以下映象和安裝包。
Docker 離線包
下載 Docker 離線安裝包和離線安裝指令碼。
wget https://pkg.rainbond.com/offline/docker/docker-arm-20.10.9.tgz
wget https://get.rainbond.com/install_docker_offline.sh
Kubernetes 離線包
本次部署 K8s 版本為 v1.23.10,採用 Rancher Kubernetes Engine 簡稱 RKE,是一個經過 CNCF 認證的 Kubernetes 安裝程式。
在 Arm 環境中獲取以下離線包。
# Kubectl和 Helm 二進位制檔案
wget https://pkg.goodrain.com/pkg/kubectl/v1.23.10/kubectl-arm -O kubectl
wget https://pkg.goodrain.com/pkg/helm/v3.10.1/helm-arm64 -O helm
# RKE安裝二進位制檔案
wget https://pkg.goodrain.com/pkg/rke/v1.3.15/rke-arm -O rke
#!/bin/bash
# RKE Docker映象
image_list="registry.cn-hangzhou.aliyuncs.com/goodrain/mirrored-coreos-etcd:v3.5.3
registry.cn-hangzhou.aliyuncs.com/goodrain/rke-tools:v0.1.87
registry.cn-hangzhou.aliyuncs.com/goodrain/rke-tools:v0.1.87
registry.cn-hangzhou.aliyuncs.com/goodrain/rke-tools:v0.1.87
registry.cn-hangzhou.aliyuncs.com/goodrain/rke-tools:v0.1.87
registry.cn-hangzhou.aliyuncs.com/goodrain/mirrored-k8s-dns-kube-dns:1.21.1
registry.cn-hangzhou.aliyuncs.com/goodrain/mirrored-k8s-dns-dnsmasq-nanny:1.21.1
registry.cn-hangzhou.aliyuncs.com/goodrain/mirrored-k8s-dns-sidecar:1.21.1
registry.cn-hangzhou.aliyuncs.com/goodrain/cluster-proportional-autoscaler:1.8.1
registry.cn-hangzhou.aliyuncs.com/goodrain/mirrored-coredns-coredns:1.10.1
registry.cn-hangzhou.aliyuncs.com/goodrain/cluster-proportional-autoscaler:1.8.1
registry.cn-hangzhou.aliyuncs.com/goodrain/mirrored-k8s-dns-node-cache:1.21.1
registry.cn-hangzhou.aliyuncs.com/goodrain/hyperkube:v1.23.10-rancher1
registry.cn-hangzhou.aliyuncs.com/goodrain/mirrored-coreos-flannel:v0.15.1
registry.cn-hangzhou.aliyuncs.com/goodrain/flannel-cni:v0.3.0-rancher6
registry.cn-hangzhou.aliyuncs.com/goodrain/mirrored-pause:3.6
registry.cn-hangzhou.aliyuncs.com/goodrain/mirrored-metrics-server:v0.6.1"
for image in ${image_list}; do
docker pull "${image}"
done
docker save -o rke-images.tar ${image_list}
Rainbond 離線包
在有網路的環境下提前準備好 Rainbond 所需的映象。
#!/bin/bash
VERSION=${VERSION:-'v5.17.3-release'}
image_list="registry.cn-hangzhou.aliyuncs.com/goodrain/kubernetes-dashboard:v2.6.1
registry.cn-hangzhou.aliyuncs.com/goodrain/registry:2.6.2
registry.cn-hangzhou.aliyuncs.com/goodrain/metrics-server:v0.4.1
registry.cn-hangzhou.aliyuncs.com/goodrain/etcd:v3.3.18
registry.cn-hangzhou.aliyuncs.com/goodrain/metrics-scraper:v1.0.4
registry.cn-hangzhou.aliyuncs.com/goodrain/rainbond:${VERSION}-allinone
registry.cn-hangzhou.aliyuncs.com/goodrain/rbd-mesh-data-panel:${VERSION}
registry.cn-hangzhou.aliyuncs.com/goodrain/rbd-webcli:${VERSION}
registry.cn-hangzhou.aliyuncs.com/goodrain/rbd-eventlog:${VERSION}
registry.cn-hangzhou.aliyuncs.com/goodrain/rbd-init-probe:${VERSION}
registry.cn-hangzhou.aliyuncs.com/goodrain/rbd-chaos:${VERSION}
registry.cn-hangzhou.aliyuncs.com/goodrain/rbd-mq:${VERSION}
registry.cn-hangzhou.aliyuncs.com/goodrain/rainbond-operator:${VERSION}
registry.cn-hangzhou.aliyuncs.com/goodrain/rbd-worker:${VERSION}
registry.cn-hangzhou.aliyuncs.com/goodrain/rbd-node:${VERSION}
registry.cn-hangzhou.aliyuncs.com/goodrain/rbd-monitor:${VERSION}
registry.cn-hangzhou.aliyuncs.com/goodrain/rbd-gateway:${VERSION}
registry.cn-hangzhou.aliyuncs.com/goodrain/rbd-api:${VERSION}
registry.cn-hangzhou.aliyuncs.com/goodrain/rbd-db:8.0.19
registry.cn-hangzhou.aliyuncs.com/goodrain/mysqld-exporter:latest
registry.cn-hangzhou.aliyuncs.com/goodrain/nfs-provisioner:latest"
for image in ${image_list}; do
docker pull "${image}"
done
docker save -o rainbond-"${VERSION}".tar ${image_list}
獲取 Rainbond Helm Chart 安裝包
git clone --depth=1 https://github.com/goodrain/rainbond-chart
開始部署 Kubernetes
前提要求
在開始安裝 K8s 之前請閱讀 RKE 安裝要求,該文件講述了 RKE 對作業系統、軟體、埠和 SSH 配置的要求,安裝前,請檢查您的節點是否滿足這些要求。
部署 Docker
匯入 Docker 離線包到所有節點,執行指令碼安裝 Docker。
$ ls
docker-arm-20.10.9.tgz install_docker_offline.sh
$ bash ./install_docker_offline.sh
匯入 K8s 相關的離線包和 Docker 映象到所有節點。
配置Docker使用者
RKE 要求使用一個免密的使用者用於後續的叢集安裝,該使用者需有執行 Docker 的許可權。
# 建立使用者並加入 root 組
adduser -g root docker && echo "docker:password" | chpasswd
# 生成 ssh 金鑰,一直回車全預設即可
ssh-keygen
# 配置免密登入
ssh-copy-id docker@xxxx
使用 Docker 使用者登入檢查是否有 Docker 執行許可權。
$ ssh docker@xxxx
$ docker ps
編輯cluster.yml檔案
使用 RKE 安裝 K8s 叢集需要使用 RKE 生成的配置檔案,以下是我的示例,更多請參閱RKE配置檔案說明。
需要我們修改的只有 nodes 欄位,如果匯入映象的映象倉庫地址不變則 yml 也無需修改,如有改動需修改 system_images 欄位下所有映象地址。
nodes:
- address: 192.168.0.138
port: "22"
internal_address: 192.168.0.138
role:
- etcd
- controlplane
- worker
hostname_override: ""
user: docker
docker_socket: ""
ssh_key: ""
ssh_key_path: ~/.ssh/id_rsa
ssh_cert: ""
ssh_cert_path: ""
labels: {}
taints: []
services:
etcd:
image: ""
extra_args: {}
extra_args_array: {}
extra_binds: []
extra_env:
- ETCD_AUTO_COMPACTION_RETENTION=1
win_extra_args: {}
win_extra_args_array: {}
win_extra_binds: []
win_extra_env: []
external_urls: []
ca_cert: ""
cert: ""
key: ""
path: ""
uid: 0
gid: 0
snapshot: null
retention: ""
creation: ""
backup_config: null
kube-api:
image: ""
extra_args: {}
extra_args_array: {}
extra_binds: []
extra_env: []
win_extra_args: {}
win_extra_args_array: {}
win_extra_binds: []
win_extra_env: []
service_cluster_ip_range: 10.43.0.0/16
service_node_port_range: ""
pod_security_policy: false
always_pull_images: false
secrets_encryption_config: null
audit_log: null
admission_configuration: null
event_rate_limit: null
kube-controller:
image: ""
extra_args: {}
extra_args_array: {}
extra_binds: []
extra_env: []
win_extra_args: {}
win_extra_args_array: {}
win_extra_binds: []
win_extra_env: []
cluster_cidr: 10.42.0.0/16
service_cluster_ip_range: 10.43.0.0/16
scheduler:
image: ""
extra_args: {}
extra_args_array: {}
extra_binds: []
extra_env: []
win_extra_args: {}
win_extra_args_array: {}
win_extra_binds: []
win_extra_env: []
kubelet:
image: ""
extra_args: {}
extra_args_array: {}
extra_binds:
- /grlocaldata:/grlocaldata:rw,z
- /cache:/cache:rw,z
extra_env: []
win_extra_args: {}
win_extra_args_array: {}
win_extra_binds: []
win_extra_env: []
cluster_domain: cluster.local
infra_container_image: ""
cluster_dns_server: 10.43.0.10
fail_swap_on: false
generate_serving_certificate: false
kubeproxy:
image: ""
extra_args: {}
extra_args_array: {}
extra_binds: []
extra_env: []
win_extra_args: {}
win_extra_args_array: {}
win_extra_binds: []
win_extra_env: []
network:
plugin: flannel # calico
options: {}
mtu: 0
node_selector: {}
update_strategy: null
tolerations: []
authentication:
strategy: x509
sans: []
webhook: null
addons: ""
addons_include: []
system_images:
etcd: registry.cn-hangzhou.aliyuncs.com/goodrain/mirrored-coreos-etcd:v3.5.3
alpine: registry.cn-hangzhou.aliyuncs.com/goodrain/rke-tools:v0.1.87
nginx_proxy: registry.cn-hangzhou.aliyuncs.com/goodrain/rke-tools:v0.1.87
cert_downloader: registry.cn-hangzhou.aliyuncs.com/goodrain/rke-tools:v0.1.87
kubernetes_services_sidecar: registry.cn-hangzhou.aliyuncs.com/goodrain/rke-tools:v0.1.87
kubedns: registry.cn-hangzhou.aliyuncs.com/goodrain/mirrored-k8s-dns-kube-dns:1.21.1
dnsmasq: registry.cn-hangzhou.aliyuncs.com/goodrain/mirrored-k8s-dns-dnsmasq-nanny:1.21.1
kubedns_sidecar: registry.cn-hangzhou.aliyuncs.com/goodrain/mirrored-k8s-dns-sidecar:1.21.1
kubedns_autoscaler: registry.cn-hangzhou.aliyuncs.com/goodrain/cluster-proportional-autoscaler:1.8.1
coredns: registry.cn-hangzhou.aliyuncs.com/goodrain/mirrored-coredns-coredns:1.10.1
coredns_autoscaler: registry.cn-hangzhou.aliyuncs.com/goodrain/cluster-proportional-autoscaler:1.8.1
nodelocal: registry.cn-hangzhou.aliyuncs.com/goodrain/mirrored-k8s-dns-node-cache:1.21.1
kubernetes: registry.cn-hangzhou.aliyuncs.com/goodrain/hyperkube:v1.23.10-rancher1
flannel: registry.cn-hangzhou.aliyuncs.com/goodrain/mirrored-coreos-flannel:v0.15.1
flannel_cni: registry.cn-hangzhou.aliyuncs.com/goodrain/flannel-cni:v0.3.0-rancher6
calico_node: registry.cn-hangzhou.aliyuncs.com/goodrain/mirrored-calico-node:v3.22.0
calico_cni: registry.cn-hangzhou.aliyuncs.com/goodrain/calico-cni:v3.22.0-rancher1
calico_controllers: registry.cn-hangzhou.aliyuncs.com/goodrain/mirrored-calico-kube-controllers:v3.22.0
calico_ctl: registry.cn-hangzhou.aliyuncs.com/goodrain/mirrored-calico-ctl:v3.22.0
calico_flexvol: registry.cn-hangzhou.aliyuncs.com/goodrain/mirrored-calico-pod2daemon-flexvol:v3.22.0
canal_node: registry.cn-hangzhou.aliyuncs.com/goodrain/mirrored-calico-node:v3.22.0
canal_cni: ""
canal_controllers: ""
canal_flannel: ""
canal_flexvol: ""
weave_node: ""
weave_cni: ""
pod_infra_container: registry.cn-hangzhou.aliyuncs.com/goodrain/mirrored-pause:3.6
ingress: ""
ingress_backend: ""
ingress_webhook: ""
metrics_server: registry.cn-hangzhou.aliyuncs.com/goodrain/mirrored-metrics-server:v0.6.1
windows_pod_infra_container: ""
aci_cni_deploy_container: ""
aci_host_container: ""
aci_opflex_container: ""
aci_mcast_container: ""
aci_ovs_container: ""
aci_controller_container: ""
aci_gbp_server_container: ""
aci_opflex_server_container: ""
ssh_key_path: ""
ssh_cert_path: ""
ssh_agent_auth: false
authorization:
mode: rbac
options: {}
ignore_docker_version: null
enable_cri_dockerd: null
kubernetes_version: ""
private_registries: []
ingress:
provider: none
options: {}
node_selector: {}
extra_args: {}
dns_policy: ""
extra_envs: []
extra_volumes: []
extra_volume_mounts: []
update_strategy: null
http_port: 0
https_port: 0
network_mode: ""
tolerations: []
default_backend: null
default_http_backend_priority_class_name: ""
nginx_ingress_controller_priority_class_name: ""
default_ingress_class: null
cluster_name: ""
cloud_provider:
name: ""
prefix_path: ""
win_prefix_path: ""
addon_job_timeout: 300
bastion_host:
address: ""
port: ""
user: ""
ssh_key: ""
ssh_key_path: ""
ssh_cert: ""
ssh_cert_path: ""
ignore_proxy_env_vars: false
monitoring:
provider: none
options: {}
node_selector: {}
update_strategy: null
replicas: null
tolerations: []
metrics_server_priority_class_name: ""
restore:
restore: false
snapshot_name: ""
rotate_encryption_key: false
dns: null
執行安裝
執行以下命令開始安裝 K8s。經驗證麒麟V10必須 SSH 配置 AllowTcpForwarding yes,不然就會報錯,參閱 RKE SSH配置。
./rke up
如果安裝過程中遇到錯誤需要清理叢集可使用以下指令碼進行清理。
curl -sfL https://get.rainbond.com/clean-rke | bash
叢集安裝成功後需要將 kubeconfig 檔案複製到預設路徑下。
mkdir /root/.kube && cp kube_config_cluster.yml /root/.kube/config
執行以下命令確認安裝結果
kubectl get node
開始部署 Rainbond
前提要求
每個節點都需要安裝 nfs-utils 包,這裡就不詳細說明了,網上教程很多,大概就是掛載 DVD 映象,然後做個本地映象源,直接 yum install 就可以。
匯入映象包
docker load -i rainbond-v5.17.3-release.tar
安裝 Rainbond
複製準備節點 Git 克隆的 Helm Chart。
使用 Helm Chart 安裝 Rainbond。
- 建立名稱空間
kubectl create namespace rbd-system
- 編寫 Helm values.yml,更多 Chart 引數請參閱 Chart 安裝選項。
operator:
image:
name: registry.cn-hangzhou.aliyuncs.com/goodrain/rainbond-operator
tag: v5.17.3-release
Cluster:
enableEnvCheck: false
gatewayIngressIPs: 192.168.0.138
nodesForChaos:
- name: 192.168.0.138
nodesForGateway:
- externalIP: 192.168.0.138
internalIP: 192.168.0.138
name: 192.168.0.138
rainbondImageRepository: registry.cn-hangzhou.aliyuncs.com/goodrain
installVersion: v5.17.3-release
Component:
rbd_app_ui:
enable: true
env:
DISABLE_DEFAULT_APP_MARKET: true
- 執行 Helm 安裝命令
helm install rainbond ./rainbond-chart -n rbd-system -f value.yml
安裝進度查詢
執行完安裝命令後,在叢集中執行以下命令檢視安裝狀態。
watch kubectl get po -n rbd-system
當名稱包含 rbd-app-ui 的 Pod 為 Running 狀態時即安裝成功。
訪問平臺
複製如下命令,在叢集中執行,可以獲取到平臺訪問地址。如果有多個閘道器節點,則任意一個地址均可訪問到控制檯。
kubectl get rainbondcluster rainbondcluster -n rbd-system -o go-template --template='{{range.spec.gatewayIngressIPs}}{{.}}:7070{{printf "\n"}}{{end}}'
離線環境原始碼構建(可選)
如果你需要在離線環境下進行原始碼構建,請參閱Rainbond離線原始碼構建文件進行配置。
最後
透過本文的指導,希望您能順利完成在鯤鵬ARM和麒麟V10環境下的 Kubernetes 和 Rainbond 的離線部署。在國產化信創環境中,離線部署的需求越來越普遍,我們提供的詳細步驟和示例,幫助您減少部署過程中的不確定性和挑戰。未來,我們還將繼續更新更多相關教程和文件,以更好地服務於國產化信創領域的需求。