知乎专栏 |
目录
如果只是学习,可以安装最新版
docker run -d --privileged --restart=unless-stopped -p 80:80 -p 443:443 --name=rancher rancher/rancher:latest
稳定版
docker run -d --privileged --restart=unless-stopped -p 80:80 -p 443:443 -v /var/lib/rancher/:/var/lib/rancher/ --name=rancher rancher/rancher:stable
审计日志
docker run -d --restart=unless-stopped -p 80:80 -p 443:443 -v /var/lib/rancher/:/var/lib/rancher/ -v /var/log/auditlog:/var/log/auditlog --name=rancher rancher/rancher:stable
防火墙放行 etcd
iptables -I INPUT -s 172.16.0.0/0 -p tcp --dport 2379 -j ACCEPT iptables -I INPUT -s 172.16.0.0/0 -p tcp --dport 2380 -j ACCEPT
systemctl restart firewalld systemctl enable firewalld iptables -A INPUT -p tcp --dport 6443 -j ACCEPT iptables -A INPUT -p tcp --dport 2379 -j ACCEPT iptables -A INPUT -p tcp --dport 2380 -j ACCEPT iptables -A INPUT -p tcp --dport 10250 -j ACCEPT firewall-cmd --zone=public --add-port=6443/tcp --permanent firewall-cmd --zone=public --add-port=2379/tcp --permanent firewall-cmd --zone=public --add-port=2380/tcp --permanent firewall-cmd --zone=public --add-port=10250/tcp --permanent firewall-cmd --reload
从阿里云安装
docker run -itd -p 80:80 -p 443:443 \ --restart=unless-stopped \ -e CATTLE_AGENT_IMAGE="registry.cn-hangzhou.aliyuncs.com/rancher/rancher-agent:v2.4.2" \ registry.cn-hangzhou.aliyuncs.com/rancher/rancher
仅用 unsupported-storage-drivers
[root@localhost ~]# docker run -d --privileged --restart=unless-stopped -p 8080:80 -p 8443:443 --name=rancher --env unsupported-storage-drivers=true rancher/rancher:stable [root@localhost ~]# docker run -d --privileged --restart=unless-stopped -p 8080:80 -p 8443:443 --name=rancher rancher/rancher:stable --features=unsupported-storage-drivers=true
安装 k3s
hostnamectl set-hostname master curl -sfL https://rancher-mirror.oss-cn-beijing.aliyuncs.com/k3s/k3s-install.sh | INSTALL_K3S_MIRROR=cn sh -
安装最新版
helm repo add rancher-latest https://releases.rancher.com/server-charts/latest
安装用于生产环境的稳定版
helm repo add rancher-stable https://releases.rancher.com/server-charts/stable
创建命名空间
kubectl create namespace cattle-system
安装 cert-manager
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.7.1/cert-manager.crds.yaml helm repo add jetstack https://charts.jetstack.io helm repo update helm install cert-manager jetstack/cert-manager \ --namespace cert-manager \ --create-namespace \ --version v1.7.1
helm install rancher rancher-stable/rancher \ --create-namespace \ --namespace cattle-system \ --set hostname=rancher.netkiller.cn \ --set ingress.tls.source=letsEncrypt \ --set bootstrapPassword=admin \ --set replicas=1 \ --set systemDefaultRegistry=registry.cn-hangzhou.aliyuncs.com
安装完之后运行下面命令查看密码
[root@localhost ~]# docker logs rancher 2>&1 | grep "Bootstrap Password:" 2021/11/26 10:27:14 [INFO] Bootstrap Password: wkz68vmmx4gqfwxwzq4vxrzl5zgjqxlmxkfwkdltmpkxl5clqc9dw9
浏览器输入 https://your-ip-address 即可进入WebUI
设置密码
第一种方式
docker run -d -p 8443:443 -v /srv/rancher/cacerts.pem:/etc/rancher/ssl/cacerts.pem -v /srv/rancher/key.pem:/etc/rancher/ssl/key.pem -v /srv/rancher/cert.crt:/etc/rancher/ssl/cert.pem rancher/rancher:latest
第二种方式
docker run -d --name rancher-server rancher/rancher:latest docker run -d --name=nginx --restart=unless-stopped -p 80:80 -p 443:443 -v /your_certificates:/your_certificates -v /etc/nginx.conf:/etc/nginx/conf.d/default.conf --link=rancher-server nginx:1.11
curl -sfL https://get.rke2.io | sh -
systemctl enable rke2-server.service systemctl start rke2-server.service
https://github.com/rancher/rke/releases
https://rancher.com/an-introduction-to-rke/
cd /usr/local/src/ wget https://github.com/rancher/rke/releases/download/v1.3.2/rke_linux-amd64 mkdir -p /srv/rancher/bin install rke_linux-amd64 /srv/rancher/bin/
[root@localhost ~]# /srv/rancher/bin/rke_linux-amd64 config [+] Cluster Level SSH Private Key Path [~/.ssh/id_rsa]:
http://mirror.cnrancher.com
cd /usr/local/src wget http://rancher-mirror.cnrancher.com/cli/v2.4.13/rancher-linux-amd64-v2.4.13.tar.xz tar Jxvf rancher-linux-amd64-v2.4.13.tar.xz install rancher-v2.4.13/rancher /usr/local/bin/
[root@localhost src]# rancher Rancher CLI, managing containers one UTF-8 character at a time Usage: rancher [OPTIONS] COMMAND [arg...] Version: v2.4.13 Options: --debug Debug logging --config value, -c value Path to rancher config (default: "/root/.rancher") [$RANCHER_CONFIG_DIR] --help, -h show help --version, -v print the version Commands: apps, [app] Operations with apps. Uses helm. Flags prepended with "helm" can also be accurately described by helm documentation. catalog Operations with catalogs clusters, [cluster] Operations on clusters context Operations for the context globaldns Operations on global DNS providers and entries inspect View details of resources kubectl Run kubectl commands login, [l] Login to a Rancher server multiclusterapps, [multiclusterapp mcapps mcapp] Operations with multi-cluster apps namespaces, [namespace] Operations on namespaces nodes, [node] Operations on nodes projects, [project] Operations on projects ps Show workloads in a project server Operations for the server settings, [setting] Show settings for the current server ssh SSH into a node up apply compose config wait Wait for resources cluster, app, project, multiClusterApp token Authenticate and generate new kubeconfig token help, [h] Shows a list of commands or help for one command Run 'rancher COMMAND --help' for more information on a command.
Rancher Compose是一个多主机版本的Docker Compose