ラズパイにk3sでRancher構築
久しぶりに再構築したら前回2022年に試したとき とは少し変わっていたので再度書きます。
前回はUbuntu 20.04でRancher 2.6.7を構築しましたが、
今回はUbuntu 22.04でRancher 2.8.2を構築します。
k3sインストール
前回と同じくラズパイ1台を使ってシングルノードで構築します。
Raspberry Pi ImagerでUbuntu server 22.04をインストールします。
root@rancher:~# cat /etc/os-release
PRETTY_NAME="Ubuntu 22.04.4 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04.4 LTS (Jammy Jellyfish)"
VERSION_CODENAME=jammy
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=jammy
OSの設定をします。
rancher.tsuchinokometal.comでアクセスしようと思います。
root@ubuntu:~# vi /etc/netplan/99_config.yaml
root@ubuntu:~# cat /etc/netplan/99_config.yaml
network:
version: 2
renderer: networkd
ethernets:
eth0:
dhcp4: false
dhcp6: false
addresses:
- 192.168.0.202/24
nameservers:
addresses: [192.168.0.254]
routes:
- to: default
via: 192.168.0.254
root@ubuntu:~$ hostnamectl set-hostname rancher
root@ubuntu:~$ cat << _EOF_ | sudo tee -a /etc/hosts
192.168.0.202 rancher.tsuchinokometal.com
_EOF_
root@ubuntu:~$ reboot
k3sをインストールします。
バージョン未指定だとv1.28.6+k3s2がインストールされましたが、
Rancherインストール時に以下のメッセージが出たのでバージョン指定して再インストールしました。
Error: INSTALLATION FAILED: chart requires kubeVersion: < 1.28.0-0 which is incompatible with Kubernetes v1.28.6+k3s2
root@rancher:~# curl -sfL https://get.k3s.io | INSTALL_K3S_VERSION="v1.27.10+k3s2" sh -s - server --cluster-init
[INFO] Using v1.27.10+k3s2 as release
[INFO] Downloading hash https://github.com/k3s-io/k3s/releases/download/v1.27.10+k3s2/sha256sum-arm64.txt
[INFO] Downloading binary https://github.com/k3s-io/k3s/releases/download/v1.27.10+k3s2/k3s-arm64
[INFO] Verifying binary download
[INFO] Installing k3s to /usr/local/bin/k3s
[INFO] Skipping installation of SELinux RPM
[INFO] Creating /usr/local/bin/kubectl symlink to k3s
[INFO] Creating /usr/local/bin/crictl symlink to k3s
[INFO] Creating /usr/local/bin/ctr symlink to k3s
[INFO] Creating killall script /usr/local/bin/k3s-killall.sh
[INFO] Creating uninstall script /usr/local/bin/k3s-uninstall.sh
[INFO] env: Creating environment file /etc/systemd/system/k3s.service.env
[INFO] systemd: Creating service file /etc/systemd/system/k3s.service
[INFO] systemd: Enabling k3s unit
Created symlink /etc/systemd/system/multi-user.target.wants/k3s.service → /etc/systemd/system/k3s.service.
[INFO] systemd: Starting k3s
root@rancher:~# mkdir -p $HOME/.kube
root@rancher:~# cp -i /etc/rancher/k3s/k3s.yaml $HOME/.kube/config
root@rancher:~# kubectl get node -o wide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
rancher Ready control-plane,etcd,master 102s v1.27.10+k3s2 192.168.0.202 <none> Ubuntu 22.04.4 LTS 5.15.0-1046-raspi containerd://1.7.11-k3s2.27
ちなみに前回はcgroupを有効化しましたが、今回は不要でした。
cmdline.txtは以下の状態です。
root@rancher:~# cat /boot/firmware/cmdline.txt
console=serial0,115200 dwc_otg.lpm_enable=0 console=tty1 root=LABEL=writable rootfstype=ext4 rootwait fixrtc quiet splash
また、Ubuntu22.04なのでcgroupはv2を使っていると思います。
確認方法はこちら
root@rancher:~# stat -fc %T /sys/fs/cgroup/
cgroup2fs
Podは以下の状態となると思います。
root@rancher:~# kubectl get pod -A
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system coredns-77ccd57875-tgzzz 1/1 Running 0 2m24s
kube-system helm-install-traefik-crd-5r9bd 0/1 Completed 0 2m24s
kube-system helm-install-traefik-hsdrq 0/1 Completed 2 2m24s
kube-system local-path-provisioner-957fdf8bc-878m8 1/1 Running 0 2m24s
kube-system metrics-server-648b5df564-zqj2d 1/1 Running 0 2m24s
kube-system svclb-traefik-9cb54e31-bmt7d 2/2 Running 0 37s
kube-system traefik-768bdcdcdd-kb6dl 1/1 Running 0 37s
Rancherインストール
スクリプトから Helmをインストールしました。
root@rancher:~# curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
root@rancher:~# chmod 700 get_helm.sh
root@rancher:~# ./get_helm.sh
Downloading https://get.helm.sh/helm-v3.14.1-linux-arm64.tar.gz
Verifying checksum... Done.
Preparing to install helm into /usr/local/bin
helm installed into /usr/local/bin/helm
root@rancher:~# helm version --short
v3.14.1+ge8858f8
こちら を参考にcert-managerをインストールします。
root@rancher:~# helm repo add rancher-stable https://releases.rancher.com/server-charts/stable
"rancher-stable" has been added to your repositories
root@rancher:~# kubectl create namespace cattle-system
namespace/cattle-system created
root@rancher:~# kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.14.2/cert-manager.crds.yaml
customresourcedefinition.apiextensions.k8s.io/certificaterequests.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/certificates.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/challenges.acme.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/clusterissuers.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/issuers.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/orders.acme.cert-manager.io created
root@rancher:~# helm repo add jetstack https://charts.jetstack.io
"jetstack" has been added to your repositories
root@rancher:~# helm repo update
Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "jetstack" chart repository
...Successfully got an update from the "rancher-stable" chart repository
Update Complete. ⎈Happy Helming!⎈
root@rancher:~# helm install cert-manager jetstack/cert-manager --namespace cert-manager --create-namespace
NAME: cert-manager
LAST DEPLOYED: Sun Feb 18 18:21:28 2024
NAMESPACE: cert-manager
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
cert-manager v1.14.2 has been deployed successfully!
In order to begin issuing certificates, you will need to set up a ClusterIssuer
or Issuer resource (for example, by creating a 'letsencrypt-staging' issuer).
More information on the different types of issuers and how to configure them
can be found in our documentation:
https://cert-manager.io/docs/configuration/
For information on how to configure cert-manager to automatically provision
Certificates for Ingress resources, take a look at the `ingress-shim`
documentation:
https://cert-manager.io/docs/usage/ingress/
root@rancher:~# helm list -A
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
cert-manager cert-manager 1 2024-02-18 18:21:28.154987659 +0900 JST deployed cert-manager-v1.14.2 v1.14.2
traefik kube-system 1 2024-02-18 09:15:33.052409967 +0000 UTC deployed traefik-25.0.2+up25.0.0 v2.10.5
traefik-crd kube-system 1 2024-02-18 09:15:13.821702317 +0000 UTC deployed traefik-crd-25.0.2+up25.0.0 v2.10.5
root@rancher:~# kubectl get pod -A
NAMESPACE NAME READY STATUS RESTARTS AGE
cert-manager cert-manager-5dcc4c9b74-6gpvt 1/1 Running 0 67s
cert-manager cert-manager-cainjector-644bff8d57-ftm5j 1/1 Running 0 67s
cert-manager cert-manager-webhook-7f6b4fbd47-wfvjz 1/1 Running 0 67s
kube-system coredns-77ccd57875-tgzzz 1/1 Running 0 8m46s
kube-system helm-install-traefik-crd-5r9bd 0/1 Completed 0 8m46s
kube-system helm-install-traefik-hsdrq 0/1 Completed 2 8m46s
kube-system local-path-provisioner-957fdf8bc-878m8 1/1 Running 0 8m46s
kube-system metrics-server-648b5df564-zqj2d 1/1 Running 0 8m46s
kube-system svclb-traefik-9cb54e31-bmt7d 2/2 Running 0 6m59s
kube-system traefik-768bdcdcdd-kb6dl 1/1 Running 0 6m59s
ホスト名とパスワードを自分の環境に変更してRancherをインストールします。
root@rancher:~# helm install rancher rancher-stable/rancher --namespace cattle-system --set hostname=rancher.tsuchinokometal.com --set replicas=1 --set bootstrapPassword=password
NAME: rancher
LAST DEPLOYED: Sun Feb 18 18:43:42 2024
NAMESPACE: cattle-system
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
Rancher Server has been installed.
NOTE: Rancher may take several minutes to fully initialize. Please standby while Certificates are being issued, Containers are started and the Ingress rule comes up.
Check out our docs at https://rancher.com/docs/
If you provided your own bootstrap password during installation, browse to https://rancher.tsuchinokometal.com to get started.
If this is the first time you installed Rancher, get started by running this command and clicking the URL it generates:
echo https://rancher.tsuchinokometal.com/dashboard/?setup=$(kubectl get secret --namespace cattle-system bootstrap-secret -o go-template='{{.data.bootstrapPassword|base64decode}}')
To get just the bootstrap password on its own, run:
kubectl get secret --namespace cattle-system bootstrap-secret -o go-template='{{.data.bootstrapPassword|base64decode}}{{ "\n" }}'
Happy Containering!
無事起動したようです。
root@rancher:~# kubectl get pod -A
NAMESPACE NAME READY STATUS RESTARTS AGE
cattle-fleet-system fleet-controller-6fc8c65685-knrh4 1/1 Running 0 15m
cattle-fleet-system gitjob-6c8875d84d-xp855 1/1 Running 0 15m
cattle-provisioning-capi-system capi-controller-manager-79ddf9b9d8-2c5mj 1/1 Running 0 8m34s
cattle-system helm-operation-8pmhh 0/2 Completed 0 8m45s
cattle-system helm-operation-lx8lm 0/2 Completed 0 9m42s
cattle-system helm-operation-v7hfn 1/2 Unknown 0 16m
cattle-system helm-operation-zbp69 1/2 Unknown 0 15m
cattle-system rancher-7bcd45c474-n4n2v 1/1 Running 1 (14m ago) 26m
cattle-system rancher-webhook-7476c74c6c-77nf5 1/1 Running 0 9m30s
cert-manager cert-manager-5dcc4c9b74-6gpvt 1/1 Running 1 (14m ago) 48m
cert-manager cert-manager-cainjector-644bff8d57-ftm5j 1/1 Running 0 48m
cert-manager cert-manager-webhook-7f6b4fbd47-wfvjz 1/1 Running 0 48m
kube-system coredns-77ccd57875-tgzzz 1/1 Running 0 56m
kube-system helm-install-traefik-crd-5r9bd 0/1 Completed 0 56m
kube-system helm-install-traefik-hsdrq 0/1 Completed 2 56m
kube-system local-path-provisioner-957fdf8bc-878m8 1/1 Running 0 56m
kube-system metrics-server-648b5df564-zqj2d 1/1 Running 0 56m
kube-system svclb-traefik-9cb54e31-bmt7d 2/2 Running 0 54m
kube-system traefik-768bdcdcdd-kb6dl 1/1 Running 0 54m
root@rancher:~# helm list -A
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
cert-manager cert-manager 1 2024-02-18 18:21:28.154987659 +0900 JST deployed cert-manager-v1.14.2 v1.14.2
fleet-crd cattle-fleet-system 1 2024-02-18 09:54:34.674778396 +0000 UTC deployed fleet-crd-103.1.0+up0.9.0 0.9.0
rancher cattle-system 1 2024-02-18 18:43:42.332848325 +0900 JST deployed rancher-2.8.2 v2.8.2
rancher-provisioning-capi cattle-provisioning-capi-system 1 2024-02-18 10:01:24.317831353 +0000 UTC deployed rancher-provisioning-capi-103.0.0+up0.0.1 1.4.4
rancher-webhook cattle-system 1 2024-02-18 10:00:29.202208867 +0000 UTC deployed rancher-webhook-103.0.1+up0.4.2 0.4.2
traefik kube-system 1 2024-02-18 09:15:33.052409967 +0000 UTC deployed traefik-25.0.2+up25.0.0 v2.10.5
traefik-crd kube-system 1 2024-02-18 09:15:13.821702317 +0000 UTC deployed traefik-crd-25.0.2+up25.0.0 v2.10.5
Webコンソールにアクセスしてみます。
クライアント側にhosts書くなどして名前解決できるようにしておいてください。
パスワードはhelmで指定したパスワードを入力します。
チェック入れて進めます。
良さそうですね。
2.8.2がインストールされました。
