参考文档 Helm安装Rancher
Rancher简介 Rancher是一套容器管理平台,它可以帮助组织在生产环境中轻松快捷的部署和管理容器。 Rancher可以轻松地管理各种环境的Kubernetes,满足IT需求并为DevOps团队提供支持。 Kubernetes不仅已经成为的容器编排标准,它也正在迅速成为各类云和虚拟化厂商提供的标准基础架构。Rancher用户可以选择使用Rancher Kubernetes Engine(RKE)创建Kubernetes集群,也可以使用GKE,AKS和EKS等云Kubernetes服务。 Rancher用户还可以导入和管理现有的Kubernetes集群。 Rancher支持各类集中式身份验证系统来管理Kubernetes集群。例如,大型企业的员工可以使用其公司Active Directory凭证访问GKE中的Kubernetes集群。IT管理员可以在用户,组,项目,集群和云中设置访问控制和安全策略。 IT管理员可以在单个页面对所有Kubernetes集群的健康状况和容量进行监控。 Rancher为DevOps工程师提供了一个直观的用户界面来管理他们的服务容器,用户不需要深入了解Kubernetes概念就可以开始使用Rancher。 Rancher包含应用商店,支持一键式部署Helm和Compose模板。Rancher通过各种云、本地生态系统产品认证,其中包括安全工具,监控系统,容器仓库以及存储和网络驱动程序。下图说明了Rancher在IT和DevOps组织中扮演的角色。每个团队都会在他们选择的公共云或私有云上部署应用程序。
集群环境
1 2 3 4 [root@elasticsearch01 ~]# kubectl get nodes NAME STATUS ROLES AGE VERSION 10.2.8.34 Ready <none> 615d v1.13.1 10.2.8.65 Ready <none> 615d v1.13.1
Helm环境
1 2 3 [root@elasticsearch01 yaml]# helm version Client: &version.Version{SemVer:"v2.12.3", GitCommit:"eecf22f77df5f65c823aacd2dbd30ae6c65f186e", GitTreeState:"clean"} Server: &version.Version{SemVer:"v2.12.3", GitCommit:"eecf22f77df5f65c823aacd2dbd30ae6c65f186e", GitTreeState:"clean"}
添加Chart仓库地址
1 2 [root@elasticsearch01 yaml]# helm repo add rancher-stable https://releases.rancher.com/server-charts/stable "rancher-stable" has been added to your repositories
通过Helm安装Rancher 注意:这里指定了hostname=rancher.minminmsn.com,必须使用域名访问才行。 注意:rancher默认使用https访问,因此,需要有一个公网的SSL才行,可以使用之前ingress-secret2021。
1 2 [root@elasticsearch01 yaml]# kubectl get secret|grep 2021 ingress-secret2021 kubernetes.io/tls 2 47d
注意:其中有几个参数需要特别注意,如果不注意后续再修改服务配置也可,比如namespace、hostname、ingress等,下面正式helm部署rancher
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 [root@elasticsearch01 yaml]# helm install rancher-stable/rancher --name rancher --set hostname=rancher.minminmsn.com --set ingress.tls.source=ingress-secret2021 NAME: rancher LAST DEPLOYED: Mon Aug 31 15:21:33 2020 NAMESPACE: default STATUS: DEPLOYED RESOURCES: ==> v1/ServiceAccount NAME SECRETS AGE rancher 1 0s ==> v1/ClusterRoleBinding NAME AGE rancher 0s ==> v1/Service NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE rancher ClusterIP 10.254.185.214 <none> 80/TCP 0s ==> v1/Deployment NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE rancher 3 3 3 0 0s ==> v1beta1/Ingress NAME HOSTS ADDRESS PORTS AGE rancher rancher.minminmsn.com 80, 443 0s ==> v1/Pod(related) NAME READY STATUS RESTARTS AGE rancher-cf8d8f9dd-2m2pc 0/1 ContainerCreating 0 0s rancher-cf8d8f9dd-462t6 0/1 ContainerCreating 0 0s rancher-cf8d8f9dd-twcjf 0/1 ContainerCreating 0 0s NOTES: Rancher Server has been installed. NOTE: Rancher may take several minutes to fully initialize. Please standby while Certificates are being issued and Ingress comes up. Check out our docs at https://rancher.com/docs/rancher/v2.x/en/ Browse to https://rancher.minminmsn.com Happy Containering! [root@elasticsearch01 yaml]# helm ls --all rancher NAME REVISION UPDATED STATUS CHART APP VERSION NAMESPACE rancher 1 Mon Aug 31 15:21:33 2020 DEPLOYED rancher-2.4.6 v2.4.6 default [root@elasticsearch01 yaml]# kubectl get pods |grep rancher rancher-cf8d8f9dd-2m2pc 0/1 ContainerCreating 0 69s rancher-cf8d8f9dd-462t6 0/1 ContainerCreating 0 69s rancher-cf8d8f9dd-twcjf 0/1 ContainerCreating 0 69s
发现默认是3节点rancher集群,测试k8s集群只有2个节点,所以有1个pod没有启动,这里需要修改deploy中的replicas为2
1 2 3 4 5 6 7 8 [root@elasticsearch01 yaml]# kubectl get pods |grep rancher rancher-cf8d8f9dd-2m2pc 1/1 Running 0 5m48s rancher-cf8d8f9dd-462t6 1/1 Running 0 5m48s rancher-cf8d8f9dd-twcjf 0/1 ContainerCreating 0 5m48s [root@elasticsearch01 yaml]# kubectl get deploy NAME READY UP-TO-DATE AVAILABLE AGE rancher 2/3 3 2 5m48s
修改其中replicas由2变为2
1 2 3 4 spec: progressDeadlineSeconds: 600 replicas: 3
全部内容如下
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 [root@elasticsearch01 yaml]# kubectl edit deploy rancher # Please edit the object below. Lines beginning with a '#' will be ignored, # and an empty file will abort the edit. If an error occurs while saving this file will be # reopened with the relevant failures. # apiVersion: extensions/v1beta1 kind: Deployment metadata: annotations: deployment.kubernetes.io/revision: "1" creationTimestamp: "2020-08-31T07:21:34Z" generation: 1 labels: app: rancher chart: rancher-2.4.6 heritage: Tiller release: rancher name: rancher namespace: default resourceVersion: "99595282" selfLink: /apis/extensions/v1beta1/namespaces/default/deployments/rancher uid: 995f7aaf-eb5a-11ea-9386-52540089b2b6 # Please edit the object below. Lines beginning with a '#' will be ignored, # and an empty file will abort the edit. If an error occurs while saving this file will be # reopened with the relevant failures. # apiVersion: extensions/v1beta1 kind: Deployment metadata: annotations: deployment.kubernetes.io/revision: "1" creationTimestamp: "2020-08-31T07:21:34Z" generation: 1 labels: app: rancher chart: rancher-2.4.6 heritage: Tiller release: rancher name: rancher namespace: default resourceVersion: "99595282" selfLink: /apis/extensions/v1beta1/namespaces/default/deployments/rancher uid: 995f7aaf-eb5a-11ea-9386-52540089b2b6 spec: progressDeadlineSeconds: 600 replicas: 3 revisionHistoryLimit: 10 selector: matchLabels: app: rancher strategy: rollingUpdate: maxSurge: 1 maxUnavailable: 1 type: RollingUpdate template: metadata: creationTimestamp: null labels: app: rancher release: rancher spec: affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - podAffinityTerm: labelSelector: matchExpressions: - key: app operator: In values: - rancher topologyKey: kubernetes.io/hostname weight: 100 containers: - args: - --no-cacerts - --http-listen-port=80 - --https-listen-port=443 - --add-local=auto env: - name: CATTLE_NAMESPACE value: default - name: CATTLE_PEER_SERVICE value: rancher image: rancher/rancher:v2.4.6 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 httpGet: path: /healthz port: 80 scheme: HTTP initialDelaySeconds: 60 periodSeconds: 30 successThreshold: 1 timeoutSeconds: 1 name: rancher ports: - containerPort: 80 protocol: TCP readinessProbe: failureThreshold: 3 httpGet: path: /healthz port: 80 scheme: HTTP initialDelaySeconds: 5 periodSeconds: 30 successThreshold: 1 timeoutSeconds: 1 resources: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: File dnsPolicy: ClusterFirst restartPolicy: Always schedulerName: default-scheduler securityContext: {} serviceAccount: rancher serviceAccountName: rancher terminationGracePeriodSeconds: 30 status: availableReplicas: 2 conditions: - lastTransitionTime: "2020-08-31T07:26:36Z" lastUpdateTime: "2020-08-31T07:26:36Z" message: Deployment has minimum availability. reason: MinimumReplicasAvailable status: "True" type: Available - lastTransitionTime: "2020-08-31T07:21:34Z" lastUpdateTime: "2020-08-31T07:26:36Z" message: ReplicaSet "rancher-cf8d8f9dd" is progressing. reason: ReplicaSetUpdated status: "True" type: Progressing observedGeneration: 1 readyReplicas: 2 replicas: 3 unavailableReplicas: 1 updatedReplicas: 3 [root@elasticsearch01 yaml]# kubectl edit deploy rancher deployment.extensions/rancher edited [root@elasticsearch01 yaml]# kubectl get pods|grep rancher rancher-cf8d8f9dd-2m2pc 1/1 Running 0 11m rancher-cf8d8f9dd-462t6 1/1 Running 0 11m [root@elasticsearch01 yaml]# kubectl get deploy NAME READY UP-TO-DATE AVAILABLE AGE rancher 2/2 2 2 11m
修改ingress证书 需要修改rancher默认ingress的secretName由tls-rancher-ingress变更为ingress-secret2021
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 [root@elasticsearch01 yaml]# kubectl edit ingress rancher # Please edit the object below. Lines beginning with a '#' will be ignored, # and an empty file will abort the edit. If an error occurs while saving this file will be # reopened with the relevant failures. # apiVersion: extensions/v1beta1 kind: Ingress metadata: annotations: certmanager.k8s.io/issuer: rancher nginx.ingress.kubernetes.io/proxy-connect-timeout: "30" nginx.ingress.kubernetes.io/proxy-read-timeout: "1800" nginx.ingress.kubernetes.io/proxy-send-timeout: "1800" creationTimestamp: "2020-08-31T07:21:34Z" generation: 1 labels: app: rancher chart: rancher-2.4.6 heritage: Tiller release: rancher name: rancher namespace: default resourceVersion: "99593839" selfLink: /apis/extensions/v1beta1/namespaces/default/ingresses/rancher uid: 996153bf-eb5a-11ea-9386-52540089b2b6 spec: rules: - host: rancher.minminmsn.com http: paths: - backend: serviceName: rancher servicePort: 80 tls: - hosts: - rancher.minminmsn.com secretName: tls-rancher-ingress status: loadBalancer: {} ~
登陆rancher设置环境 默认密码为admin需要设置复杂密码,默认语言为英文可以改为中文,默认管理本地k8s集群
添加TKE集群 创建ptech集群并导入,需要在ptech集群上执行如下
1 2 3 4 5 6 7 8 9 10 11 [root@VM_0_65_centos ~]# kubectl apply -f https://rancher.minminmsn.com/v3/import/lvkfcctjfm4w52llbwng5cq7q8wwmzvqt9cm9825w8gzvkkp5748mg.yaml clusterrole.rbac.authorization.k8s.io/proxy-clusterrole-kubeapiserver unchanged clusterrolebinding.rbac.authorization.k8s.io/proxy-role-binding-kubernetes-master unchanged namespace/cattle-system unchanged serviceaccount/cattle unchanged clusterrolebinding.rbac.authorization.k8s.io/cattle-admin-binding unchanged secret/cattle-credentials-943258c created clusterrole.rbac.authorization.k8s.io/cattle-admin unchanged deployment.apps/cattle-cluster-agent configured daemonset.apps/cattle-node-agent configured You have new mail in /var/spool/mail/root
创建enterprise集群并导入,需要在enterprise集群上执行如下
1 2 3 4 5 6 7 8 9 10 [root@VM_8_15_centos ~]# kubectl apply -f https://rancher.minminmsn.com/v3/import/xv4psldq5jsbxrj2h6pfmf22dfrcj5vzpk2tts9xjvlmnnmtbnd9rl.yaml clusterrole.rbac.authorization.k8s.io/proxy-clusterrole-kubeapiserver unchanged clusterrolebinding.rbac.authorization.k8s.io/proxy-role-binding-kubernetes-master unchanged namespace/cattle-system unchanged serviceaccount/cattle unchanged clusterrolebinding.rbac.authorization.k8s.io/cattle-admin-binding unchanged secret/cattle-credentials-edbe822 created clusterrole.rbac.authorization.k8s.io/cattle-admin unchanged deployment.apps/cattle-cluster-agent configured daemonset.apps/cattle-node-agent configured
最终效果如下