ラズパイにk3sでRancher構築
※2024/2/18追記
新しいバージョンで構築したので、最新はこちら
をご確認ください。
こちら に手順があったのでやってみます。
ラズパイ1台を使ってシングルノードで構築します。
Raspberry Pi ImagerでUbuntu server 20.04をインストールします。
ubuntu@rancher:~$ cat /etc/os-release
NAME="Ubuntu"
VERSION="20.04.5 LTS (Focal Fossa)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 20.04.5 LTS"
VERSION_ID="20.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=focal
UBUNTU_CODENAME=focal
OSの設定をします。
rancher.tsuchinokometal.comでアクセスしようと思います。
ubuntu@ubuntu:~$ sudo apt update && sudo apt -y upgrade
ubuntu@ubuntu:~$ sudo hostnamectl set-hostname rancher
ubuntu@ubuntu:~$ cat << _EOF_ | sudo tee -a /etc/hosts
192.168.10.202 rancher.tsuchinokometal.com
_EOF_
ubuntu@ubuntu:~$ sudo reboot
Rancherのインストールのためにhelmをインストールします。
スクリプトから
インストールしました。
ubuntu@rancher:~$ curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
ubuntu@rancher:~$ chmod 700 get_helm.sh
ubuntu@rancher:~$ ./get_helm.sh
Downloading https://get.helm.sh/helm-v3.9.4-linux-arm64.tar.gz
Verifying checksum... Done.
Preparing to install helm into /usr/local/bin
helm installed into /usr/local/bin/helm
k3sをインストールしますが、失敗しました。
しっかり対処法を表示してくれてますね。
ubuntu@rancher:~$ curl -sfL https://get.k3s.io | sh -
[INFO] Finding release for channel stable
[INFO] Using v1.24.4+k3s1 as release
[INFO] Downloading hash https://github.com/k3s-io/k3s/releases/download/v1.24.4+k3s1/sha256sum-arm64.txt
[INFO] Downloading binary https://github.com/k3s-io/k3s/releases/download/v1.24.4+k3s1/k3s-arm64
[INFO] Verifying binary download
[INFO] Installing k3s to /usr/local/bin/k3s
[INFO] Skipping installation of SELinux RPM
[INFO] Creating /usr/local/bin/kubectl symlink to k3s
[INFO] Creating /usr/local/bin/crictl symlink to k3s
[INFO] Creating /usr/local/bin/ctr symlink to k3s
[INFO] Creating killall script /usr/local/bin/k3s-killall.sh
[INFO] Creating uninstall script /usr/local/bin/k3s-uninstall.sh
[INFO] env: Creating environment file /etc/systemd/system/k3s.service.env
[INFO] systemd: Creating service file /etc/systemd/system/k3s.service
[INFO] Failed to find memory cgroup, you may need to add "cgroup_memory=1 cgroup_enable=memory" to your linux cmdline (/boot/cmdline.txt on a Raspberry Pi)
[INFO] systemd: Enabling k3s unit
Created symlink /etc/systemd/system/multi-user.target.wants/k3s.service → /etc/systemd/system/k3s.service.
[INFO] systemd: Starting k3s
Job for k3s.service failed because the control process exited with error code.
See "systemctl status k3s.service" and "journalctl -xe" for details.
cgroupを有効化します。
cgroup_enable=cpuset cgroup_memory=1 cgroup_enable=memoryを追記して、再起動しました。
ubuntu@rancher:~$ sudo vi /boot/firmware/cmdline.txt
ubuntu@rancher:~$ cat /boot/firmware/cmdline.txt
elevator=deadline net.ifnames=0 console=serial0,115200 dwc_otg.lpm_enable=0 console=tty1 root=LABEL=writable rootfstype=ext4 rootwait fixrtc quiet splash cgroup_enable=cpuset cgroup_memory=1 cgroup_enable=memory
ubuntu@rancher:~$ sudo reboot
もう一回やってみます。
無事インストールできました。
ubuntu@rancher:~$ curl -sfL https://get.k3s.io | sh -
[INFO] Finding release for channel stable
[INFO] Using v1.24.4+k3s1 as release
[INFO] Downloading hash https://github.com/k3s-io/k3s/releases/download/v1.24.4+k3s1/sha256sum-arm64.txt
[INFO] Skipping binary downloaded, installed k3s matches hash
[INFO] Skipping installation of SELinux RPM
[INFO] Skipping /usr/local/bin/kubectl symlink to k3s, already exists
[INFO] Skipping /usr/local/bin/crictl symlink to k3s, already exists
[INFO] Skipping /usr/local/bin/ctr symlink to k3s, already exists
[INFO] Creating killall script /usr/local/bin/k3s-killall.sh
[INFO] Creating uninstall script /usr/local/bin/k3s-uninstall.sh
[INFO] env: Creating environment file /etc/systemd/system/k3s.service.env
[INFO] systemd: Creating service file /etc/systemd/system/k3s.service
[INFO] systemd: Enabling k3s unit
Created symlink /etc/systemd/system/multi-user.target.wants/k3s.service → /etc/systemd/system/k3s.service.
[INFO] No change detected so skipping service start
kubeconfigを準備します。
ubuntu@rancher:~$ mkdir -p $HOME/.kube
ubuntu@rancher:~$ sudo cp -i /etc/rancher/k3s/k3s.yaml $HOME/.kube/config
ubuntu@rancher:~$ sudo chown $(id -u):$(id -g) $HOME/.kube/config
ubuntu@rancher:~$ echo "export KUBECONFIG=$HOME/.kube/config" >> .bashrc
ubuntu@rancher:~$ source .bashrc
ubuntu@rancher:~$ kubectl get nodes
NAME STATUS ROLES AGE VERSION
rancher Ready control-plane,master 21m v1.24.4+k3s1
RancherをHelmでインストールします。
ここはドキュメント
そのまんまですね。
ubuntu@rancher:~$ helm repo add rancher-latest https://releases.rancher.com/server-charts/latest
"rancher-latest" has been added to your repositories
ubuntu@rancher:~$ kubectl create namespace cattle-system
namespace/cattle-system created
ubuntu@rancher:~$ kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.7.1/cert-manager.crds.yaml
customresourcedefinition.apiextensions.k8s.io/certificaterequests.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/certificates.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/challenges.acme.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/clusterissuers.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/issuers.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/orders.acme.cert-manager.io created
ubuntu@rancher:~$ helm repo add jetstack https://charts.jetstack.io
"jetstack" has been added to your repositories
ubuntu@rancher:~$ helm repo update
Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "jetstack" chart repository
...Successfully got an update from the "rancher-latest" chart repository
Update Complete. ⎈Happy Helming!⎈
ubuntu@rancher:~$ helm install cert-manager jetstack/cert-manager \
> --namespace cert-manager \
> --create-namespace \
> --version v1.7.1
NAME: cert-manager
LAST DEPLOYED: Sun Aug 28 12:52:19 2022
NAMESPACE: cert-manager
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
cert-manager v1.7.1 has been deployed successfully!
In order to begin issuing certificates, you will need to set up a ClusterIssuer
or Issuer resource (for example, by creating a 'letsencrypt-staging' issuer).
More information on the different types of issuers and how to configure them
can be found in our documentation:
https://cert-manager.io/docs/configuration/
For information on how to configure cert-manager to automatically provision
Certificates for Ingress resources, take a look at the `ingress-shim`
documentation:
https://cert-manager.io/docs/usage/ingress/
ホスト名とパスワードを自分の環境に変更して実行します。
ubuntu@rancher:~$ helm install rancher rancher-latest/rancher \
> --namespace cattle-system \
> --set hostname=rancher.tsuchinokometal.com \
> --set replicas=1 \
> --set bootstrapPassword=P@ssw0rd
NAME: rancher
LAST DEPLOYED: Sun Aug 28 12:54:34 2022
NAMESPACE: cattle-system
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
Rancher Server has been installed.
NOTE: Rancher may take several minutes to fully initialize. Please standby while Certificates are being issued, Containers are started and the Ingress rule comes up.
Check out our docs at https://rancher.com/docs/
If you provided your own bootstrap password during installation, browse to https://rancher.tsuchinokometal.com to get started.
If this is the first time you installed Rancher, get started by running this command and clicking the URL it generates:
echo https://rancher.tsuchinokometal.com/dashboard/?setup=$(kubectl get secret --namespace cattle-system bootstrap-secret -o go-template='{{.data.bootstrapPassword|base64decode}}')
To get just the bootstrap password on its own, run:
kubectl get secret --namespace cattle-system bootstrap-secret -o go-template='{{.data.bootstrapPassword|base64decode}}{{ "\n" }}'
Happy Containering!
ubuntu@rancher:~$ kubectl get secret --namespace cattle-system bootstrap-secret -o go-template='{{.data.bootstrapPassword|base64decode}}{{ "\n" }}'
P@ssw0rd
5分ほどで起動しました。
ubuntu@rancher:~$ kubectl get pod -n cattle-system -w
NAME READY STATUS RESTARTS AGE
rancher-7875d97579-5n494 0/1 ContainerCreating 0 37s
rancher-7875d97579-5n494 0/1 Running 0 3m27s
rancher-7875d97579-5n494 1/1 Running 0 4m54s
リソースはこんな感じに作成されました。
ubuntu@rancher:~$ kubectl get pod,svc,ingress -A
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system pod/coredns-b96499967-4sg5h 1/1 Running 0 125m
kube-system pod/local-path-provisioner-7b7dc8d6f5-v82st 1/1 Running 0 125m
kube-system pod/metrics-server-668d979685-mk22v 1/1 Running 0 125m
kube-system pod/helm-install-traefik-crd-j2wv8 0/1 Completed 0 125m
kube-system pod/helm-install-traefik-nk8xx 0/1 Completed 1 125m
kube-system pod/svclb-traefik-a4ed1428-mj9v9 2/2 Running 0 124m
kube-system pod/traefik-7cd4fcff68-bxj6n 1/1 Running 0 124m
cert-manager pod/cert-manager-646c67487-zkqtj 1/1 Running 0 103m
cert-manager pod/cert-manager-cainjector-7cb8669d6b-dfmv6 1/1 Running 0 103m
cert-manager pod/cert-manager-webhook-696c5db7ff-xjnsk 1/1 Running 0 103m
cattle-system pod/rancher-7875d97579-5n494 1/1 Running 0 101m
cattle-fleet-system pod/fleet-controller-76f56b4568-nvlwx 1/1 Running 0 94m
cattle-fleet-system pod/gitjob-8ccfb5499-qzdrg 1/1 Running 0 94m
cattle-fleet-local-system pod/fleet-agent-5744768557-gh475 1/1 Running 0 92m
cattle-system pod/rancher-webhook-576c5b6859-5zkzc 1/1 Running 0 92m
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
default service/kubernetes ClusterIP 10.43.0.1 <none> 443/TCP 126m
kube-system service/kube-dns ClusterIP 10.43.0.10 <none> 53/UDP,53/TCP,9153/TCP 126m
kube-system service/metrics-server ClusterIP 10.43.250.150 <none> 443/TCP 126m
cert-manager service/cert-manager-webhook ClusterIP 10.43.13.25 <none> 443/TCP 103m
cert-manager service/cert-manager ClusterIP 10.43.133.25 <none> 9402/TCP 103m
cattle-system service/rancher ClusterIP 10.43.56.50 <none> 80/TCP,443/TCP 101m
kube-system service/traefik LoadBalancer 10.43.83.191 192.168.10.202 80:31781/TCP,443:31489/TCP 124m
cattle-fleet-system service/gitjob ClusterIP 10.43.15.17 <none> 80/TCP 94m
cattle-system service/webhook-service ClusterIP 10.43.125.110 <none> 443/TCP 92m
cattle-system service/rancher-webhook ClusterIP 10.43.143.100 <none> 443/TCP 92m
NAMESPACE NAME CLASS HOSTS ADDRESS PORTS AGE
cattle-system ingress.networking.k8s.io/rancher <none> rancher.tsuchinokometal.com 192.168.10.202 80, 443 101m
Webコンソールにアクセスしてみます。
クライアント側にhosts書くなどして名前解決できるようにしておいてください。
パスワードはhelmで指定したパスワードを入力します。
チェック入れて進めます。
良さそうですね。
2.6.7がインストールされました。
クラスタ構築編は長くなったので別で書きました。
Rancherでラズパイk8sクラスタ構築
名前解決ができずカタログの取得に失敗していた
Rancher Podのログを見たら以下のエラーが発生していました。
2022/09/03 08:09:19 [ERROR] error syncing 'library': handler catalog: Clone failed: Cloning into 'management-state/catalog-cache/xxx'...
fatal: unable to access 'https://git.rancher.io/charts/': Could not resolve host: git.rancher.io
こちらは外部のDNSで名前解決が失敗しているようで、
CoreDNSのforward設定を8.8.8.8 8.8.4.4に変更することで解消しました。
ubuntu@rancher:~$ kubectl get configmap -n kube-system coredns -o yaml
apiVersion: v1
data:
Corefile: |
.:53 {
errors
health
ready
kubernetes cluster.local in-addr.arpa ip6.arpa {
pods insecure
fallthrough in-addr.arpa ip6.arpa
}
hosts /etc/coredns/NodeHosts {
ttl 60
reload 15s
fallthrough
}
prometheus :9153
#forward . /etc/resolv.conf
forward . 8.8.8.8 8.8.4.4
cache 30
loop
reload
loadbalance
}
import /etc/coredns/custom/*.server
NodeHosts: |
192.168.10.202 rancher
...
無事カタログのアップデート完了したようです。
2022/09/03 08:09:19 [ERROR] error syncing 'system-library': handler catalog: Clone failed: Cloning into 'management-state/catalog-cache/xxx'...
fatal: unable to access 'https://git.rancher.io/system-charts/': Could not resolve host: git.rancher.io
: exit status 128, requeuing
2022/09/03 08:11:21 [INFO] Updating global catalog helm3-library
2022/09/03 08:11:22 [INFO] Helm icon error: open management-state/catalog-cache/xxx/charts/mariadb/mariadb-stack-220x234.png: no such file or directory
2022/09/03 08:11:22 [INFO] Catalog sync done. 11 templates created, 0 templates updated, 0 templates deleted, 0 templates failed
2022/09/03 08:11:23 [INFO] Updating global catalog system-library
2022/09/03 08:11:26 [INFO] Updating global catalog library
2022/09/03 08:11:28 [INFO] Catalog sync done. 7 templates created, 0 templates updated, 0 templates deleted, 0 templates failed
2022/09/03 08:11:39 [INFO] Catalog sync done. 63 templates created, 0 templates updated, 0 templates deleted, 0 templates failed