Home | 简体中文 | 繁体中文 | 杂文 | Github | 知乎专栏 | 51CTO学院 | CSDN程序员研修院 | OSChina 博客 | 腾讯云社区 | 阿里云栖社区 | Facebook | Linkedin | Youtube | 打赏(Donations) | About
知乎专栏多维度架构

第 3 章 Rancher - Multi-Cluster Kubernetes Management

Rancher is open-source software for delivering Kubernetes-as-a-Service.

目录

3.1. 安装 Rancher
3.1.1. Rancher Server
3.1.2. Rancher Kubernetes Engine (RKE) 2
3.1.3. Rancher Kubernetes Engine (RKE) 1
3.1.4. Rancher CLI
3.1.5. rancher-compose
3.2. 快速入门
3.2.1. API
3.3. Rancher Compose
3.3.1. Rancher Compose 命令
3.3.2. 操作演示
3.4. Rancher CLI
3.4.1. 登陆 Rancher
3.4.2. 查看集群
3.4.3. 查看节点
3.4.4. catalog
3.4.5. 查看设置
3.4.6. rancher kubectl
3.5. K3s
3.5.1. AutoK3s
3.5.2. 安装 K3s(Docker 模式)
3.5.3. 安装 K3s(VM 模式)
3.5.4. k3d
3.5.5. TLS 证书
3.5.6. 创建 Token
3.5.7. FAQ
3.6. Rancher Demo
3.6.1. Rancher 部署 Nginx
3.6.2. local-path-provisioner
3.7. Longhorn
3.7.1. 安装 Longhorn
3.7.2. 选择磁盘类型
3.7.3. 节点选择
3.7.4. FAQ
3.8. FAQ
3.8.1. 调试 Rancher 查看日志
3.8.2. [network] Host [rancher.netkiller.cn] is not able to connect to the following ports: [rancher.netkiller.cn:2379]. Please check network policies and firewall rules
3.8.3. cgroups v2

3.1. 安装 Rancher

3.1.1. Rancher Server

3.1.1.1. Docker 安装

如果只是学习,可以安装最新版

		
docker run -d --privileged --restart=unless-stopped -p 80:80 -p 443:443 --name=rancher rancher/rancher:latest
		
			

稳定版

		
docker run -d --privileged --restart=unless-stopped -p 80:80 -p 443:443 -v /var/lib/rancher/:/var/lib/rancher/ --name=rancher rancher/rancher:stable
		
			

审计日志

		
docker run -d --restart=unless-stopped -p 80:80 -p 443:443 -v /var/lib/rancher/:/var/lib/rancher/ -v /var/log/auditlog:/var/log/auditlog --name=rancher rancher/rancher:stable
		
			
防火墙配置

防火墙放行 etcd

			
iptables -I INPUT -s 172.16.0.0/0 -p tcp --dport 2379 -j ACCEPT
iptables -I INPUT -s 172.16.0.0/0 -p tcp --dport 2380 -j ACCEPT		
			
				
			
systemctl restart firewalld
systemctl enable firewalld

iptables -A INPUT -p tcp --dport 6443 -j ACCEPT
iptables -A INPUT -p tcp --dport 2379 -j ACCEPT
iptables -A INPUT -p tcp --dport 2380 -j ACCEPT
iptables -A INPUT -p tcp --dport 10250 -j ACCEPT

firewall-cmd --zone=public --add-port=6443/tcp --permanent
firewall-cmd --zone=public --add-port=2379/tcp --permanent
firewall-cmd --zone=public --add-port=2380/tcp --permanent
firewall-cmd --zone=public --add-port=10250/tcp --permanent
firewall-cmd --reload			
			
				

从阿里云安装

				
docker run -itd -p 80:80 -p 443:443 \
    --restart=unless-stopped \
    -e CATTLE_AGENT_IMAGE="registry.cn-hangzhou.aliyuncs.com/rancher/rancher-agent:v2.4.2" \
    registry.cn-hangzhou.aliyuncs.com/rancher/rancher				
				
				

仅用 unsupported-storage-drivers

			
[root@localhost ~]# docker run -d --privileged --restart=unless-stopped -p 8080:80 -p 8443:443 --name=rancher --env unsupported-storage-drivers=true rancher/rancher:stable
[root@localhost ~]# docker run -d --privileged --restart=unless-stopped -p 8080:80 -p 8443:443 --name=rancher rancher/rancher:stable  --features=unsupported-storage-drivers=true
			
				
Helm 安装 Rancher

安装 k3s

				
hostnamectl set-hostname master				
curl -sfL https://rancher-mirror.oss-cn-beijing.aliyuncs.com/k3s/k3s-install.sh | INSTALL_K3S_MIRROR=cn sh -
				
				

安装最新版

				
helm repo add rancher-latest https://releases.rancher.com/server-charts/latest				
				
				

安装用于生产环境的稳定版

				
helm repo add rancher-stable https://releases.rancher.com/server-charts/stable
				
				

创建命名空间

				
kubectl create namespace cattle-system				
				
				

安装 cert-manager

				
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.7.1/cert-manager.crds.yaml

helm repo add jetstack https://charts.jetstack.io

helm repo update

helm install cert-manager jetstack/cert-manager \
  --namespace cert-manager \
  --create-namespace \
  --version v1.7.1
				
				
			
helm install rancher rancher-stable/rancher \
  --create-namespace \
  --namespace cattle-system \
  --set hostname=rancher.netkiller.cn \
  --set ingress.tls.source=letsEncrypt \
  --set bootstrapPassword=admin \
  --set replicas=1 \
  --set systemDefaultRegistry=registry.cn-hangzhou.aliyuncs.com
			
				
Mac 安装
			
Neo-iMac:~ neo$ brew install rancher-cli

Neo-iMac:~ neo$ rancher -v
rancher version 2.4.13
			
				
进入容器
			
$ docker exec -it rancher /bin/bash 			
			
				

3.1.1.2. Web UI

安装完之后运行下面命令查看密码

			
[root@localhost ~]# docker logs rancher 2>&1 | grep "Bootstrap Password:"
2021/11/26 10:27:14 [INFO] Bootstrap Password: wkz68vmmx4gqfwxwzq4vxrzl5zgjqxlmxkfwkdltmpkxl5clqc9dw9
			
			

浏览器输入 https://your-ip-address 即可进入WebUI

设置密码

3.1.1.3. SSL 证书

第一种方式

			
docker run -d -p 8443:443 -v /srv/rancher/cacerts.pem:/etc/rancher/ssl/cacerts.pem -v /srv/rancher/key.pem:/etc/rancher/ssl/key.pem -v /srv/rancher/cert.crt:/etc/rancher/ssl/cert.pem rancher/rancher:latest
			
			

第二种方式

			
docker run -d --name rancher-server rancher/rancher:latest			
docker run -d --name=nginx --restart=unless-stopped -p 80:80 -p 443:443 -v /your_certificates:/your_certificates -v /etc/nginx.conf:/etc/nginx/conf.d/default.conf --link=rancher-server nginx:1.11			
			
			

3.1.2. Rancher Kubernetes Engine (RKE) 2

3.1.2.1. Server

		
curl -sfL https://get.rke2.io | sh -		
		
			

			
systemctl enable rke2-server.service
systemctl start rke2-server.service
			
			

3.1.2.2. Linux Agent(Worker)

			
curl -sfL https://get.rke2.io | INSTALL_RKE2_TYPE="agent" sh -			
			
			
			
systemctl enable rke2-agent.service			
			
			

配置 rke2-agent 服务

			
mkdir -p /etc/rancher/rke2/
vim /etc/rancher/rke2/config.yaml

server: https://<server>:9345
token: <token from server node>
			
			

			
systemctl start rke2-agent.service			
			
			

3.1.3. Rancher Kubernetes Engine (RKE) 1

https://github.com/rancher/rke/releases

https://rancher.com/an-introduction-to-rke/

3.1.3.1. 安装 RKE

v1.3.2
			
cd /usr/local/src/
wget https://github.com/rancher/rke/releases/download/v1.3.2/rke_linux-amd64
mkdir -p /srv/rancher/bin
install rke_linux-amd64 /srv/rancher/bin/			
			
				
v0.1.17
				
[root@localhost ~]# wget https://github.com/rancher/rke/releases/download/v0.1.17/rke
[root@localhost ~]# chmod +x rke 
[root@localhost ~]# ./rke --version
rke version v0.1.17		
				
				

3.1.3.2. 配置 RKE

		
[root@localhost ~]# /srv/rancher/bin/rke_linux-amd64 config
[+] Cluster Level SSH Private Key Path [~/.ssh/id_rsa]: 
		
			

3.1.3.3. 启动 RKE

			
[root@localhost ~]# /srv/rancher/bin/rke_linux-amd64 up			
			
			

3.1.4. Rancher CLI

3.1.4.1. 二进制安装

http://mirror.cnrancher.com

			
cd /usr/local/src
wget http://rancher-mirror.cnrancher.com/cli/v2.4.13/rancher-linux-amd64-v2.4.13.tar.xz
tar Jxvf rancher-linux-amd64-v2.4.13.tar.xz
install rancher-v2.4.13/rancher /usr/local/bin/
			
			

			
[root@localhost src]# rancher
Rancher CLI, managing containers one UTF-8 character at a time

Usage: rancher [OPTIONS] COMMAND [arg...]

Version: v2.4.13

Options:
  --debug                   Debug logging
  --config value, -c value  Path to rancher config (default: "/root/.rancher") [$RANCHER_CONFIG_DIR]
  --help, -h                show help
  --version, -v             print the version
  
Commands:
  apps, [app]                                       Operations with apps. Uses helm. Flags prepended with "helm" can also be accurately described by helm documentation.
  catalog                                           Operations with catalogs
  clusters, [cluster]                               Operations on clusters
  context                                           Operations for the context
  globaldns                                         Operations on global DNS providers and entries
  inspect                                           View details of resources
  kubectl                                           Run kubectl commands
  login, [l]                                        Login to a Rancher server
  multiclusterapps, [multiclusterapp mcapps mcapp]  Operations with multi-cluster apps
  namespaces, [namespace]                           Operations on namespaces
  nodes, [node]                                     Operations on nodes
  projects, [project]                               Operations on projects
  ps                                                Show workloads in a project
  server                                            Operations for the server
  settings, [setting]                               Show settings for the current server
  ssh                                               SSH into a node
  up                                                apply compose config
  wait                                              Wait for resources cluster, app, project, multiClusterApp
  token                                             Authenticate and generate new kubeconfig token
  help, [h]                                         Shows a list of commands or help for one command
  
Run 'rancher COMMAND --help' for more information on a command.
			
			
			

3.1.5. rancher-compose

Rancher Compose是一个多主机版本的Docker Compose

下载地址: https://github.com/rancher/rancher-compose/releases

3.1.5.1. v0.12.5

			
cd /tmp

wget https://github.com/rancher/rancher-compose/releases/download/v0.12.5/rancher-compose-linux-amd64-v0.12.5.tar.xz
tar Jxvf rancher-compose-linux-amd64-v0.12.5.tar.xz
mv ./rancher-compose-v0.12.5/rancher-compose /usr/local/bin/

cd