Rancher系列文章-Rancher v2.6使用指令碼實現匯入叢集

概述

最近在玩 Rancher, 先從最基本的功能玩起, 目前有幾個已經搭建好的 K8S 叢集, 需要批次匯入, 發現官網已經有批次匯入的文件了. 根據 Rancher v2.6 進行驗證微調後總結經驗.

1. Rancher UI 獲取建立叢集引數

1. 訪問Rancher_URL/v3/clusters/，單擊右上角“Create”，建立匯入叢集：

   

2. 在引數填寫頁面中，修改以下引數:

   • dockerRootDir 預設為/var/lib/docker,如果 dockerroot 路徑有修改，需要修改此配置路徑；
   • enableClusterAlerting(可選) 根據需要選擇是否預設開啟叢集告警；
   • enableClusterMonitoring(可選) 根據需要選擇是否預設開啟叢集監控；
   • name(必填) 設定叢集名稱，名稱具有唯一性，不能與現有叢集名稱相同；

3. 配置好引數後單擊Show Request；

4. 在彈出的視窗中，複製API Request中HTTP Request:的{}中的內容，此內容即為建立的叢集的 API 引數；

#!/bin/bash

api_url='https://rancher-demo.example.com'
api_token='token-dbkgj:7pqf5rrjmlxxxxxxxxxxxxxxxxxxxxxxxtrnfljwtxh'
cluster_name=$1

create_cluster_data()
{
  cat <<EOF
{
 "agentEnvVars": [ ],
 "aksConfig": null,
 "aliyunEngineConfig": null,
 "amazonElasticContainerServiceConfig": null,
 "answers": null,
 "azureKubernetesServiceConfig": null,
 "clusterTemplateRevisionId": "",
 "defaultClusterRoleForProjectMembers": "",
 "defaultPodSecurityPolicyTemplateId": "",
 "dockerRootDir": "/var/lib/docker",
 "eksConfig": null,
 "enableClusterAlerting": false,
 "enableClusterMonitoring": false,
 "gkeConfig": null,
 "googleKubernetesEngineConfig": null,
 "huaweiEngineConfig": null,
 "k3sConfig": null,
 "localClusterAuthEndpoint": null,
 "name": "$cluster_name",
 "rancherKubernetesEngineConfig": null,
 "rke2Config": null,
 "scheduledClusterScan": null,
 "windowsPreferedCluster": false
}
EOF
}

curl -k -X POST \
    -H "Authorization: Bearer ${api_token}" \
    -H "Content-Type: application/json" \
    -d "$(create_cluster_data)" $api_url/v3/clusters

2. 建立叢集

1. 儲存以上程式碼為指令碼檔案，最後執行指令碼。

   ./rancher_import_cluster.sh <your-cluster-name>
   

2. 指令碼執行完成後，叢集狀態如下所示，其狀態為Provisioning;

   

3. 建立註冊命令

這一步可能不需要, 建立叢集時就會自動生成 clusterregistrationtokens

這裡又生成了一遍, 會導致有多條 clusterregistrationtokens

4. 獲取主機註冊命令

複製並儲存以下內容為指令碼檔案，修改前三行api_url、token、cluster_name，然後執行指令碼。

#!/bin/bash

api_url='https://rancher-demo.example.com'
api_token='token-dbkgj:7pqf5rrjmlbgtssssssssssssssssssssssssssssnfljwtxh'
cluster_name=$1

cluster_ID=$( curl -s -k -H "Authorization: Bearer ${api_token}" $api_url/v3/clusters | jq -r ".data[] | select(.name == \"$cluster_name\") | .id" )

# nodeCommand
#curl -s -k -H "Authorization: Bearer ${api_token}" $api_url/v3/clusters/${cluster_ID}/clusterregistrationtokens | jq -r .data[].nodeCommand

# command
#curl -s -k -H "Authorization: Bearer ${api_token}" $api_url/v3/clusters/${cluster_ID}/clusterregistrationtokens | jq -r .data[].command

# insecureCommand
curl -s -k -H "Authorization: Bearer ${api_token}" $api_url/v3/clusters/${cluster_ID}/clusterregistrationtokens | jq -r .data[].insecureCommand

?Notes:

這裡看需要, 有 3 種命令:

1. nodeCommand: 直接透過 docker 來執行的;
2. command: 透過kubectl 來執行的;
3. insecureCommand: 私有 CA 證書, 透過 curl 結合 kubectl 來執行的.

這裡我使用了第三種

AllInOne

#!/bin/bash

api_url='https://rancher-demo.example.com'
api_token='token-dbkgj:7pqf5rrjxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxljwtxh'
cluster_name=$1

create_cluster_data()
{
  cat <<EOF
{
 "agentEnvVars": [ ],
 "aksConfig": null,
 "aliyunEngineConfig": null,
 "amazonElasticContainerServiceConfig": null,
 "answers": null,
 "azureKubernetesServiceConfig": null,
 "clusterTemplateRevisionId": "",
 "defaultClusterRoleForProjectMembers": "",
 "defaultPodSecurityPolicyTemplateId": "",
 "dockerRootDir": "/var/lib/docker",
 "eksConfig": null,
 "enableClusterAlerting": false,
 "enableClusterMonitoring": false,
 "gkeConfig": null,
 "googleKubernetesEngineConfig": null,
 "huaweiEngineConfig": null,
 "k3sConfig": null,
 "localClusterAuthEndpoint": null,
 "name": "$cluster_name",
 "rancherKubernetesEngineConfig": null,
 "rke2Config": null,
 "scheduledClusterScan": null,
 "windowsPreferedCluster": false
}
EOF
}

curl -k -X POST \
    -H "Authorization: Bearer ${api_token}" \
    -H "Content-Type: application/json" \
    -d "$(create_cluster_data)" $api_url/v3/clusters >/dev/null

if [ $? -eq 0 ]; then
    cluster_ID=$( curl -s -k -H "Authorization: Bearer ${api_token}" $api_url/v3/clusters | jq -r ".data[] | select(.name == \"$cluster_name\") | .id" )
    # insecureCommand
    curl -s -k -H "Authorization: Bearer ${api_token}" $api_url/v3/clusters/${cluster_ID}/clusterregistrationtokens | jq -r .data[].insecureCommand
    echo "Please execute the above command in the imported cluster to complete the process."
else
    echo "Import cluster in rancher failed"
fi

./rancher_import_cluster.sh <your-cluster-name>

執行後會輸出一條命令, 在被匯入叢集上執行如下命令:

# curl --insecure -sfL https://rancher-demo.example.com/v3/import/lzxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxqm6v4lp576c6mg_c-vwv5l.yaml | kubectl apply -f -
clusterrole.rbac.authorization.k8s.io/proxy-clusterrole-kubeapiserver created
clusterrolebinding.rbac.authorization.k8s.io/proxy-role-binding-kubernetes-master created
namespace/cattle-system created
serviceaccount/cattle created
clusterrolebinding.rbac.authorization.k8s.io/cattle-admin-binding created
secret/cattle-credentials-ec53bfa created
clusterrole.rbac.authorization.k8s.io/cattle-admin created
deployment.apps/cattle-cluster-agent created
service/cattle-cluster-agent created

即可匯入成功.

???

?TODO:

後面再把登入到對應叢集的 master 機器, 並執行命令納入指令碼.

系列文章

• Rancher 系列文章

?️參考文件

• 使用指令碼建立匯入叢集 | Rancher文件

三人行, 必有我師; 知識共享, 天下為公. 本文由東風微鳴技術部落格 EWhisper.cn 編寫.