Home | 简体中文 | 繁体中文 | 杂文 | Github | 知乎专栏 | Facebook | Linkedin | Youtube | 打赏(Donations) | About

第 113 章 Rancher - Multi-Cluster Kubernetes Management

Rancher is open-source software for delivering Kubernetes-as-a-Service.


113.1. 安装 Rancher
113.1.1. Rancher Server
113.1.2. Rancher Kubernetes Engine (RKE) 2
113.1.3. Rancher Kubernetes Engine (RKE) 1
113.1.4. Rancher CLI
113.1.5. rancher-compose
113.2. 快速入门
113.2.1. API
113.3. Rancher Compose
113.3.1. Rancher Compose 命令
113.3.2. 操作演示
113.4. Rancher CLI
113.4.1. 登陆 Rancher
113.4.2. 查看集群
113.4.3. 查看节点
113.4.4. catalog
113.4.5. 查看设置
113.4.6. rancher kubectl
113.5. K3s
113.5.1. AutoK3s
113.5.2. 安装 K3s(Docker 模式)
113.5.3. 安装 K3s(VM 模式)
113.5.4. k3d
113.5.5. TLS 证书
113.5.6. 创建 Token
113.5.7. FAQ
113.6. Rancher Demo
113.6.1. Rancher 部署 Nginx
113.6.2. local-path-provisioner
113.7. Longhorn
113.7.1. 安装 Longhorn
113.7.2. 选择磁盘类型
113.7.3. 节点选择
113.7.4. FAQ
113.8. FAQ
113.8.1. 调试 Rancher 查看日志
113.8.2. [network] Host [rancher.netkiller.cn] is not able to connect to the following ports: [rancher.netkiller.cn:2379]. Please check network policies and firewall rules
113.8.3. cgroups v2

113.1. 安装 Rancher

113.1.1. Rancher Server

Docker 安装


docker run -d --privileged --restart=unless-stopped -p 80:80 -p 443:443 --name=rancher rancher/rancher:latest


docker run -d --privileged --restart=unless-stopped -p 80:80 -p 443:443 -v /var/lib/rancher/:/var/lib/rancher/ --name=rancher rancher/rancher:stable


docker run -d --restart=unless-stopped -p 80:80 -p 443:443 -v /var/lib/rancher/:/var/lib/rancher/ -v /var/log/auditlog:/var/log/auditlog --name=rancher rancher/rancher:stable

防火墙放行 etcd

iptables -I INPUT -s -p tcp --dport 2379 -j ACCEPT
iptables -I INPUT -s -p tcp --dport 2380 -j ACCEPT		
systemctl restart firewalld
systemctl enable firewalld

iptables -A INPUT -p tcp --dport 6443 -j ACCEPT
iptables -A INPUT -p tcp --dport 2379 -j ACCEPT
iptables -A INPUT -p tcp --dport 2380 -j ACCEPT
iptables -A INPUT -p tcp --dport 10250 -j ACCEPT

firewall-cmd --zone=public --add-port=6443/tcp --permanent
firewall-cmd --zone=public --add-port=2379/tcp --permanent
firewall-cmd --zone=public --add-port=2380/tcp --permanent
firewall-cmd --zone=public --add-port=10250/tcp --permanent
firewall-cmd --reload			


docker run -itd -p 80:80 -p 443:443 \
    --restart=unless-stopped \
    -e CATTLE_AGENT_IMAGE="registry.cn-hangzhou.aliyuncs.com/rancher/rancher-agent:v2.4.2" \

仅用 unsupported-storage-drivers

[root@localhost ~]# docker run -d --privileged --restart=unless-stopped -p 8080:80 -p 8443:443 --name=rancher --env unsupported-storage-drivers=true rancher/rancher:stable
[root@localhost ~]# docker run -d --privileged --restart=unless-stopped -p 8080:80 -p 8443:443 --name=rancher rancher/rancher:stable  --features=unsupported-storage-drivers=true
Helm 安装 Rancher

安装 k3s

hostnamectl set-hostname master				
curl -sfL https://rancher-mirror.oss-cn-beijing.aliyuncs.com/k3s/k3s-install.sh | INSTALL_K3S_MIRROR=cn sh -


helm repo add rancher-latest https://releases.rancher.com/server-charts/latest				


helm repo add rancher-stable https://releases.rancher.com/server-charts/stable


kubectl create namespace cattle-system				

安装 cert-manager

kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.7.1/cert-manager.crds.yaml

helm repo add jetstack https://charts.jetstack.io

helm repo update

helm install cert-manager jetstack/cert-manager \
  --namespace cert-manager \
  --create-namespace \
  --version v1.7.1
helm install rancher rancher-stable/rancher \
  --create-namespace \
  --namespace cattle-system \
  --set hostname=rancher.netkiller.cn \
  --set ingress.tls.source=letsEncrypt \
  --set bootstrapPassword=admin \
  --set replicas=1 \
  --set systemDefaultRegistry=registry.cn-hangzhou.aliyuncs.com
Mac 安装
Neo-iMac:~ neo$ brew install rancher-cli

Neo-iMac:~ neo$ rancher -v
rancher version 2.4.13
$ docker exec -it rancher /bin/bash 			
Web UI


[root@localhost ~]# docker logs rancher 2>&1 | grep "Bootstrap Password:"
2021/11/26 10:27:14 [INFO] Bootstrap Password: wkz68vmmx4gqfwxwzq4vxrzl5zgjqxlmxkfwkdltmpkxl5clqc9dw9

浏览器输入 https://your-ip-address 即可进入WebUI


SSL 证书


docker run -d -p 8443:443 -v /srv/rancher/cacerts.pem:/etc/rancher/ssl/cacerts.pem -v /srv/rancher/key.pem:/etc/rancher/ssl/key.pem -v /srv/rancher/cert.crt:/etc/rancher/ssl/cert.pem rancher/rancher:latest


docker run -d --name rancher-server rancher/rancher:latest			
docker run -d --name=nginx --restart=unless-stopped -p 80:80 -p 443:443 -v /your_certificates:/your_certificates -v /etc/nginx.conf:/etc/nginx/conf.d/default.conf --link=rancher-server nginx:1.11			

113.1.2. Rancher Kubernetes Engine (RKE) 2

curl -sfL https://get.rke2.io | sh -		

systemctl enable rke2-server.service
systemctl start rke2-server.service
Linux Agent(Worker)
curl -sfL https://get.rke2.io | INSTALL_RKE2_TYPE="agent" sh -			
systemctl enable rke2-agent.service			

配置 rke2-agent 服务

mkdir -p /etc/rancher/rke2/
vim /etc/rancher/rke2/config.yaml

server: https://<server>:9345
token: <token from server node>

systemctl start rke2-agent.service			

113.1.3. Rancher Kubernetes Engine (RKE) 1



安装 RKE
cd /usr/local/src/
wget https://github.com/rancher/rke/releases/download/v1.3.2/rke_linux-amd64
mkdir -p /srv/rancher/bin
install rke_linux-amd64 /srv/rancher/bin/			
[root@localhost ~]# wget https://github.com/rancher/rke/releases/download/v0.1.17/rke
[root@localhost ~]# chmod +x rke 
[root@localhost ~]# ./rke --version
rke version v0.1.17		
配置 RKE

[root@localhost ~]# /srv/rancher/bin/rke_linux-amd64 config
[+] Cluster Level SSH Private Key Path [~/.ssh/id_rsa]: 
启动 RKE
[root@localhost ~]# /srv/rancher/bin/rke_linux-amd64 up			

113.1.4. Rancher CLI



cd /usr/local/src
wget http://rancher-mirror.cnrancher.com/cli/v2.4.13/rancher-linux-amd64-v2.4.13.tar.xz
tar Jxvf rancher-linux-amd64-v2.4.13.tar.xz
install rancher-v2.4.13/rancher /usr/local/bin/

[root@localhost src]# rancher
Rancher CLI, managing containers one UTF-8 character at a time

Usage: rancher [OPTIONS] COMMAND [arg...]

Version: v2.4.13

  --debug                   Debug logging
  --config value, -c value  Path to rancher config (default: "/root/.rancher") [$RANCHER_CONFIG_DIR]
  --help, -h                show help
  --version, -v             print the version
  apps, [app]                                       Operations with apps. Uses helm. Flags prepended with "helm" can also be accurately described by helm documentation.
  catalog                                           Operations with catalogs
  clusters, [cluster]                               Operations on clusters
  context                                           Operations for the context
  globaldns                                         Operations on global DNS providers and entries
  inspect                                           View details of resources
  kubectl                                           Run kubectl commands
  login, [l]                                        Login to a Rancher server
  multiclusterapps, [multiclusterapp mcapps mcapp]  Operations with multi-cluster apps
  namespaces, [namespace]                           Operations on namespaces
  nodes, [node]                                     Operations on nodes
  projects, [project]                               Operations on projects
  ps                                                Show workloads in a project
  server                                            Operations for the server
  settings, [setting]                               Show settings for the current server
  ssh                                               SSH into a node
  up                                                apply compose config
  wait                                              Wait for resources cluster, app, project, multiClusterApp
  token                                             Authenticate and generate new kubeconfig token
  help, [h]                                         Shows a list of commands or help for one command
Run 'rancher COMMAND --help' for more information on a command.

113.1.5. rancher-compose

Rancher Compose是一个多主机版本的Docker Compose

下载地址: https://github.com/rancher/rancher-compose/releases

cd /tmp

wget https://github.com/rancher/rancher-compose/releases/download/v0.12.5/rancher-compose-linux-amd64-v0.12.5.tar.xz
tar Jxvf rancher-compose-linux-amd64-v0.12.5.tar.xz
mv ./rancher-compose-v0.12.5/rancher-compose /usr/local/bin/