4 min read rancher

Rancher(rke2) Test

Rancher(rke2) Test

🀠 Rancher & RKE2 Cluster ꡬ좕 κ°€μ΄λ“œ

Base OS: Ubuntu 22.04 LTS (OpenStack VMs)

1. RKE2 Master Node ꡬ성 (Node 01)

λŒ€μƒ: rancher-01 (172.16.16.238) μ—­ν• : Control Plane + Etcd + Worker

# 1. RKE2 μ„€μΉ˜ 슀크립트 μ‹€ν–‰
curl -sfL <https://get.rke2.io> | sh -

# 2. μ„€μ • 디렉토리 생성
mkdir -p /etc/rancher/rke2

# 3. μ„€μ • 파일 μž‘μ„± (Etcd ν™œμ„±ν™” - Master)
cat <<EOF > /etc/rancher/rke2/config.yaml
token: PoCpassword
tls-san:
  - rancher-01
  - 172.16.16.238
node-ip: 172.16.16.238
node-external-ip: 172.16.16.238
EOF

# 4. μ„œλΉ„μŠ€ μ‹œμž‘
systemctl enable rke2-server
systemctl start rke2-server

# 5. kubectl ν™˜κ²½ μ„€μ •
ln -s /var/lib/rancher/rke2/bin/kubectl /usr/local/bin/kubectl
echo "export KUBECONFIG=/etc/rancher/rke2/rke2.yaml" >> ~/.bashrc
source ~/.bashrc

# 6. λ…Έλ“œ μƒνƒœ 확인
kubectl get nodes -o wide

# nodeκ°€ μ •μƒμ μœΌλ‘œ μ˜¬λΌμ˜€μ§€ μ•Šμ„ 경우, imageκ°€ μ •μƒμ μœΌλ‘œ λ‹€μš΄λ‘œλ“œ λ˜μ§€ μ•Šμ•˜μ„ 수 있음.
# RKE2 λŸ°νƒ€μž„ 이미지 Pull
# Pulling image
sudo /var/lib/rancher/rke2/bin/ctr -a /run/k3s/containerd/containerd.sock -n k8s.io images pull docker.io/rancher/rke2-runtime:v1.33.6-rke2r1
sudo /var/lib/rancher/rke2/bin/ctr -a /run/k3s/containerd/containerd.sock -n k8s.io images ls | grep runtime
sudo systemctl restart rke2-server
kubectl get nodes -o wide

# 7. (μ€‘μš”) Full Token 확인
# 이 토큰값(K10...)을 λ³΅μ‚¬ν•΄μ„œ 02, 03번 λ…Έλ“œ 섀정에 λ„£μ–΄μ•Ό 함
sudo cat /var/lib/rancher/rke2/server/node-token
# μ˜ˆμ‹œ: K10ab36d6ffae95ccf7932f4267ec5a78b3ba678b921e115aeafb48544dc36ff6ef::server:PoCpassword

2. RKE2 Member Node ꡬ성 (Node 02, 03)

λŒ€μƒ: rancher-02, rancher-03μ—­ν• : Control Plane + Worker (Etcd μ œμ™Έ)

2-1. Rancher-02 ꡬ성

# 1. μ„€μΉ˜ 슀크립트
curl -sfL <https://get.rke2.io> | sh -
mkdir -p /etc/rancher/rke2

# 2. μ„€μ • 파일 μž‘μ„± (disable-etcd: true)
# tokenμ—λŠ” 1번 λ…Έλ“œμ—μ„œ ν™•μΈν•œ K10... 전체 λ¬Έμžμ—΄ μž…λ ₯
cat <<EOF > /etc/rancher/rke2/config.yaml
server: <https://172.16.16.238:9345>
token: K10ab36d6ffae95ccf7932f4267ec5a78b3ba678b921e115aeafb48544dc36ff6ef::server:PoCpassword
disable-etcd: true
tls-san:
  - rancher-02
  - 172.16.16.239
node-ip: 172.16.16.239
node-external-ip: 172.16.16.239
EOF

# 3. μ„œλΉ„μŠ€ μ‹œμž‘
systemctl enable rke2-server
systemctl start rke2-server

2-2. Rancher-03 ꡬ성

# 1. μ„€μΉ˜ 슀크립트
curl -sfL <https://get.rke2.io> | sh -
mkdir -p /etc/rancher/rke2

# 2. μ„€μ • 파일 μž‘μ„± (disable-etcd: true)
cat <<EOF > /etc/rancher/rke2/config.yaml
server: <https://172.16.16.238:9345>
token: K10ab36d6ffae95ccf7932f4267ec5a78b3ba678b921e115aeafb48544dc36ff6ef::server:PoCpassword
disable-etcd: true
tls-san:
  - rancher-03
  - 172.16.16.240
node-ip: 172.16.16.240
node-external-ip: 172.16.16.240
EOF

# 3. μ„œλΉ„μŠ€ μ‹œμž‘
systemctl enable rke2-server
systemctl start rke2-server

3. 이미지 μˆ˜λ™ λ‹€μš΄λ‘œλ“œ (νŠΉμ • 이미지가 λ‹€μš΄λ‘œλ“œ λ˜μ§€ μ•Šμ•˜μ„ 경우)

λŒ€μƒ: 02, 03 λ…Έλ“œ 인터넷 속도가 느렀 Podκ°€ NotReady μƒνƒœμ— 빠질 경우 μˆ˜λ™μœΌλ‘œ μ‹€ν–‰

# Image 버전 확인(Node 01)
sudo /var/lib/rancher/rke2/bin/ctr -a /run/k3s/containerd/containerd.sock -n k8s.io images ls | grep -E "calico|flannel"

# CNI(λ„€νŠΈμ›Œν¬) 이미지 Pull (버전은 1번 λ…Έλ“œμ—μ„œ 확인 ν•„μš”)
sudo /var/lib/rancher/rke2/bin/ctr -a /run/k3s/containerd/containerd.sock -n k8s.io images pull docker.io/rancher/hardened-calico:v3.27.3-build20240422
sudo /var/lib/rancher/rke2/bin/ctr -a /run/k3s/containerd/containerd.sock -n k8s.io images pull docker.io/rancher/hardened-flannel:v0.25.1-build20240422

# μ„œλΉ„μŠ€ μž¬μ‹œμž‘
sudo systemctl restart rke2-server

4. Rancher μ›Ή UI μ„€μΉ˜ (Helm)

λŒ€μƒ: rancher-01

# 1. Helm μ„€μΉ˜
curl <https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3> | bash

# helm version 확인(정상 μ„€μΉ˜ λ˜μ—ˆλŠ”μ§€ 확인 κ²Έ)
helm version

# 2. Cert-Manager μ„€μΉ˜ (HTTPS μΈμ¦μ„œ 관리)
helm repo add jetstack <https://charts.jetstack.io>
helm repo update
helm install cert-manager jetstack/cert-manager \\
  --namespace cert-manager \\
  --create-namespace \\
  --set crds.enabled=true

# 3. Hosts 파일 μ„€μ • (사섀 도메인 맀핑)
cat << EOF >> /etc/hosts
211.239.112.38 dhp.rancher.com
EOF

# 4. Rancher μ„€μΉ˜
helm repo add rancher-stable <https://releases.rancher.com/server-charts/stable>
helm repo update
helm install rancher rancher-stable/rancher \\
  --namespace cattle-system \\
  --create-namespace \\
  --set hostname=dhp.rancher.com \\
  --set bootstrapPassword=admin

5. 🚨 νŠΈλŸ¬λΈ”μŠˆνŒ… (DNS & Timeout)

λŒ€μƒ: rancher-01사섀 도메인(dhp.rancher.com)을 μ‚¬μš©ν•˜κ³ , 초기 λΆ€νŒ…μ΄ 느릴 경우 λ°œμƒν•˜λŠ” λ¬΄ν•œ μž¬μ‹œμž‘ 였λ₯˜ μˆ˜μ •

5-1. DNS ν•΄κ²° (HostAliases μΆ”κ°€) & λΆ€νŒ… μ‹œκ°„ μ—°μž₯ (StartupProbe)

kubectl edit deployment rancher -n cattle-system λͺ…λ ΉμœΌλ‘œ μ•„λž˜ λ‚΄μš©μ„ μˆ˜μ •ν•˜κ±°λ‚˜, 패치 λͺ…λ Ήμ–΄λ₯Ό μ‚¬μš©ν•©λ‹ˆλ‹€.

μˆ˜μ • 포인트:

  1. hostAliases: νŒŒλ“œ 내뢀에 /etc/hosts κ°•μ œ μ£Όμž…
  2. startupProbe: 초기 ꡬ동 λŒ€κΈ° μ‹œκ°„μ„ 600초(10λΆ„)둜 μ—°μž₯
# (참고용) μˆ˜μ • ν›„ λ°˜μ˜λ˜μ–΄μ•Ό ν•  YAML ꡬ쑰
spec:
  template:
    spec:
      hostAliases:
      - ip: "211.239.112.38"
        hostnames:
        - "dhp.rancher.com"
      containers:
      - name: rancher
        startupProbe:
          failureThreshold: 60     # (κΈ°μ‘΄ 12 -> 60)
          periodSeconds: 10
          initialDelaySeconds: 60  # (μΆ”κ°€)

You might also like...

04
2μ›”
Linux λ§ˆμΈν¬λž˜ν”„νŠΈ μ„œλ²„ ꡬ동기(μ΅œμ ν™”)

Linux λ§ˆμΈν¬λž˜ν”„νŠΈ μ„œλ²„ ꡬ동기(μ΅œμ ν™”)

μΉœκ΅¬λ“€μ΄ μ„œλ²„ μ’€ 열어달라고 ν•΄μ„œ... 마침 심심해진김에 μ„œλ²„λ₯Ό ν•˜λ‚˜ μ—΄κΈ°λ‘œ ν–ˆλ‹€. λ‚¨λŠ” μ„œλ²„λ‘œ. μ„œλ²„ ν™˜κ²½: Xeon E5-2620 v4, 64GB RAM,
4 min read
27
1μ›”
[OpenStack] RabbitMQ ν΄λŸ¬μŠ€ν„° νŒŒν‹°μ…˜ λ°œμƒ 및 DB 컀λ„₯μ…˜ 이슈

[OpenStack] RabbitMQ ν΄λŸ¬μŠ€ν„° νŒŒν‹°μ…˜ λ°œμƒ 및 DB 컀λ„₯μ…˜ 이슈

λ…Έλ“œλ₯Ό μ¦μ„€ν•˜κ±°λ‚˜ λ„€νŠΈμ›Œν¬ ν”Œλž©(Flapping)이 λ°œμƒν–ˆμ„ λ•Œ, OpenStack μ„œλΉ„μŠ€λ“€μ΄ κ°„ν—μ μœΌλ‘œ λ©ˆμΆ”κ±°λ‚˜ λ‘œκ·Έμ— AMQP server on ... is unreachable μ—λŸ¬κ°€ λ„λ°°λ˜λŠ”
2 min read
27
1μ›”
Kolla-Ansible ν™˜κ²½μ—μ„œ Policy(RBAC) μ»€μŠ€ν…€ 및 μ΅œμ ν™”

Kolla-Ansible ν™˜κ²½μ—μ„œ Policy(RBAC) μ»€μŠ€ν…€ 및 μ΅œμ ν™”

OpenStack을 프라이빗 ν΄λΌμš°λ“œλ‘œ μš΄μ˜ν•˜λ‹€ 보면 κΈ°λ³Έ μ •μ±…(Default Policy)λ§ŒμœΌλ‘œλŠ” λ³΄μ•ˆ μš”κ΅¬μ‚¬ν•­μ„ μΆ©μ‘±ν•˜κΈ° μ–΄λ €μšΈ λ•Œκ°€ λ§Žλ‹€. 예λ₯Ό λ“€μ–΄, 일반 μ‚¬μš©μžκ°€
4 min read
27
1μ›”
Docker μ»¨ν…Œμ΄λ„ˆ λ‚΄ μ’€λΉ„ ν”„λ‘œμ„ΈμŠ€ λ°œμƒ 원인과 ν•΄κ²° (tini)

Docker μ»¨ν…Œμ΄λ„ˆ λ‚΄ μ’€λΉ„ ν”„λ‘œμ„ΈμŠ€ λ°œμƒ 원인과 ν•΄κ²° (tini)

Docker μ»¨ν…Œμ΄λ„ˆλ₯Ό μš΄μ˜ν•˜λ‹€ 보면 λΆ„λͺ… ν”„λ‘œμ„ΈμŠ€λŠ” μ’…λ£Œλ˜μ—ˆλŠ”λ° <defunct> μƒνƒœλ‘œ 남아 λ¦¬μ†ŒμŠ€λ₯Ό μ μœ ν•˜λŠ” **μ’€λΉ„ ν”„λ‘œμ„ΈμŠ€(Zombie Process)**λ₯Ό λͺ©κ²©ν• 
4 min read
27
1μ›”
sudoers μ„€μ • 였λ₯˜λ‘œ 인해 sudo κΆŒν•œ 취득 λΆˆκ°€ν•  경우

sudoers μ„€μ • 였λ₯˜λ‘œ 인해 sudo κΆŒν•œ 취득 λΆˆκ°€ν•  경우

root νŒ¨μŠ€μ›Œλ“œλ₯Ό λͺ¨λ₯΄κ³ , sudoers 파일이 λ§κ°€μ Έμ„œ sudo λͺ…λ Ήμ–΄λ₯Ό μˆ˜ν–‰ ν•˜μ§€ λͺ»ν•  경우, ν•˜κΈ°μ™€ 같이 쑰치 κ°€λŠ₯ν•˜λ‹€. Β  1. 일반 κ³„μ •μœΌλ‘œ μ„Έμ…˜μ„
2 min read