知乎专栏 | 多维度架构 |
如果只是学习,可以安装最新版
docker run -d --privileged --restart=unless-stopped -p 80:80 -p 443:443 --name=rancher rancher/rancher:latest
稳定版
docker run -d --privileged --restart=unless-stopped -p 80:80 -p 443:443 -v /var/lib/rancher/:/var/lib/rancher/ --name=rancher rancher/rancher:stable
审计日志
docker run -d --restart=unless-stopped -p 80:80 -p 443:443 -v /var/lib/rancher/:/var/lib/rancher/ -v /var/log/auditlog:/var/log/auditlog --name=rancher rancher/rancher:stable
防火墙放行 etcd
iptables -I INPUT -s 172.16.0.0/0 -p tcp --dport 2379 -j ACCEPT iptables -I INPUT -s 172.16.0.0/0 -p tcp --dport 2380 -j ACCEPT
systemctl restart firewalld systemctl enable firewalld iptables -A INPUT -p tcp --dport 6443 -j ACCEPT iptables -A INPUT -p tcp --dport 2379 -j ACCEPT iptables -A INPUT -p tcp --dport 2380 -j ACCEPT iptables -A INPUT -p tcp --dport 10250 -j ACCEPT firewall-cmd --zone=public --add-port=6443/tcp --permanent firewall-cmd --zone=public --add-port=2379/tcp --permanent firewall-cmd --zone=public --add-port=2380/tcp --permanent firewall-cmd --zone=public --add-port=10250/tcp --permanent firewall-cmd --reload
hostnamectl set-hostname m-1d41c853af58
安装完之后运行下面命令查看密码
[root@localhost ~]# docker logs rancher 2>&1 | grep "Bootstrap Password:" 2021/11/26 10:27:14 [INFO] Bootstrap Password: wkz68vmmx4gqfwxwzq4vxrzl5zgjqxlmxkfwkdltmpkxl5clqc9dw9
浏览器输入 https://your-ip-address 即可进入WebUI
![]() |
设置密码
![]() |
第一种方式
docker run -d -p 8443:443 -v /srv/rancher/cacerts.pem:/etc/rancher/ssl/cacerts.pem -v /srv/rancher/key.pem:/etc/rancher/ssl/key.pem -v /srv/rancher/cert.crt:/etc/rancher/ssl/cert.pem rancher/rancher:latest
第二种方式
docker run -d --name rancher-server rancher/rancher:latest docker run -d --name=nginx --restart=unless-stopped -p 80:80 -p 443:443 -v /your_certificates:/your_certificates -v /etc/nginx.conf:/etc/nginx/conf.d/default.conf --link=rancher-server nginx:1.11
https://github.com/rancher/rke/releases
https://rancher.com/an-introduction-to-rke/
cd /usr/local/src/ wget https://github.com/rancher/rke/releases/download/v1.3.2/rke_linux-amd64 mkdir -p /srv/rancher/bin install rke_linux-amd64 /srv/rancher/bin/
[root@localhost ~]# /srv/rancher/bin/rke_linux-amd64 config [+] Cluster Level SSH Private Key Path [~/.ssh/id_rsa]:
http://mirror.cnrancher.com
cd /usr/local/src wget http://rancher-mirror.cnrancher.com/cli/v2.4.13/rancher-linux-amd64-v2.4.13.tar.xz tar Jxvf rancher-linux-amd64-v2.4.13.tar.xz install rancher-v2.4.13/rancher /usr/local/bin/
[root@localhost src]# rancher Rancher CLI, managing containers one UTF-8 character at a time Usage: rancher [OPTIONS] COMMAND [arg...] Version: v2.4.13 Options: --debug Debug logging --config value, -c value Path to rancher config (default: "/root/.rancher") [$RANCHER_CONFIG_DIR] --help, -h show help --version, -v print the version Commands: apps, [app] Operations with apps. Uses helm. Flags prepended with "helm" can also be accurately described by helm documentation. catalog Operations with catalogs clusters, [cluster] Operations on clusters context Operations for the context globaldns Operations on global DNS providers and entries inspect View details of resources kubectl Run kubectl commands login, [l] Login to a Rancher server multiclusterapps, [multiclusterapp mcapps mcapp] Operations with multi-cluster apps namespaces, [namespace] Operations on namespaces nodes, [node] Operations on nodes projects, [project] Operations on projects ps Show workloads in a project server Operations for the server settings, [setting] Show settings for the current server ssh SSH into a node up apply compose config wait Wait for resources cluster, app, project, multiClusterApp token Authenticate and generate new kubeconfig token help, [h] Shows a list of commands or help for one command Run 'rancher COMMAND --help' for more information on a command.
Rancher Compose是一个多主机版本的Docker Compose
Rancher Compose 工具的工作方式是跟 Docker Compose 的工作方式是相似的,Docker Compose 不能远程部署,Rancher Compose 可以部署到指定URL的 Rancher 上。
[root@localhost ~]# rancher-compose Usage: rancher-compose [OPTIONS] COMMAND [arg...] Docker-compose to Rancher Version: v0.12.5 Author: Rancher Labs, Inc. Options: --verbose, --debug --file value, -f value Specify one or more alternate compose files (default: docker-compose.yml) [$COMPOSE_FILE] --project-name value, -p value Specify an alternate project name (default: directory name) [$COMPOSE_PROJECT_NAME] --url value Specify the Rancher API endpoint URL [$RANCHER_URL] --access-key value Specify Rancher API access key [$RANCHER_ACCESS_KEY] --secret-key value Specify Rancher API secret key [$RANCHER_SECRET_KEY] --rancher-file value, -r value Specify an alternate Rancher compose file (default: rancher-compose.yml) --env-file value, -e value Specify a file from which to read environment variables --bindings-file value, -b value Specify a file from which to read bindings --help, -h show help --version, -v print the version Commands: create Create all services but do not start up Bring all services up start Start services logs Get service logs restart Restart services stop, down Stop services scale Scale services rm Delete services pull Pulls images for services upgrade Perform rolling upgrade between services help Shows a list of commands or help for one command Run 'rancher-compose COMMAND --help' for more information on a command.
![]() | 提示 |
---|---|
Rancher Compose 目前不支持 V3 版的 Docker Compose |
为 RANCHER COMPOSE 设置 RANCHER SERVER
# Set the url that Rancher is on $ export RANCHER_URL=http://server_ip/ # Set the access key, i.e. username $ export RANCHER_ACCESS_KEY=<username_of_environment_api_key> # Set the secret key, i.e. password $ export RANCHER_SECRET_KEY=<password_of_environment_api_key>
如果你不想设置环境变量,那么你需要在Rancher Compose 命令中手动送入这些变量:
$ rancher-compose --url http://server_ip --access-key <username_of_environment_api_key> --secret-key <password_of_environment_api_key> up
Rancher Compose 支持所有 Docker Compose 支持的命令
Name Description create 创建所有服务但不启动 up 启动所有服务 start 启动服务 logs 输出服务日志 restart 重启服务 stop, down 停止服务 scale 缩放服务 rm 删除服务 pull 拉取所有服务的镜像 upgrade 服务之间进行滚动升级 help, h 输出命令列表或者指定命令的帮助列表
RANCHER COMPOSE 选项
无论何时你使用 Rancher Compose 命令,这些不同的选项你都可以使用 Name Description --verbose, --debug --file, -f [–file option –file option] 指定一个compose 文件 (默认: docker-compose.yml) [$COMPOSE_FILE] --project-name, -p 指定一个项目名称 (默认: directory name) --url 执行 Rancher API接口 URL [$RANCHER_URL] --access-key 指定 Rancher API access key [$RANCHER_ACCESS_KEY] --secret-key 指定 Rancher API secret key [$RANCHER_SECRET_KEY] --rancher-file, -r 指定一个 Rancher Compose 文件 (默认: rancher-compose.yml) --env-file, -e 指定一个环境变量配置文件 --help, -h 输出帮助文本 --version, -v 输出 Rancher Compose 版本
帮助信息
[root@localhost ~]# rancher Rancher CLI, managing containers one UTF-8 character at a time Usage: rancher [OPTIONS] COMMAND [arg...] Version: v2.4.13 Options: --debug Debug logging --config value, -c value Path to rancher config (default: "/root/.rancher") [$RANCHER_CONFIG_DIR] --help, -h show help --version, -v print the version Commands: apps, [app] Operations with apps. Uses helm. Flags prepended with "helm" can also be accurately described by helm documentation. catalog Operations with catalogs clusters, [cluster] Operations on clusters context Operations for the context globaldns Operations on global DNS providers and entries inspect View details of resources kubectl Run kubectl commands login, [l] Login to a Rancher server multiclusterapps, [multiclusterapp mcapps mcapp] Operations with multi-cluster apps namespaces, [namespace] Operations on namespaces nodes, [node] Operations on nodes projects, [project] Operations on projects ps Show workloads in a project server Operations for the server settings, [setting] Show settings for the current server ssh SSH into a node up apply compose config wait Wait for resources cluster, app, project, multiClusterApp token Authenticate and generate new kubeconfig token help, [h] Shows a list of commands or help for one command Run 'rancher COMMAND --help' for more information on a command.
链接到 Rancher
$ rancher login https://<SERVER_URL> --token <BEARER_TOKEN>
登陆演示
[root@localhost ~]# rancher login https://192.168.30.13 --token token-5q6kw:8b7w2hj85z7cwkwhhvjlp2rw5ls5n8d4gj7vj74jbdch9gv4dzq9km The authenticity of server 'https://192.168.30.13' can't be established. Cert chain is : [Certificate: Data: Version: 3 (0x2) Serial Number: 5708461865883058034 (0x4f3887d281d2bf72) Signature Algorithm: ECDSA-SHA256 Issuer: O=dynamiclistener-org,CN=dynamiclistener-ca Validity Not Before: Nov 29 07:00:54 2021 UTC Not After : Nov 29 08:53:00 2022 UTC Subject: O=dynamic,CN=dynamic Subject Public Key Info: Public Key Algorithm: ECDSA Public-Key: (256 bit) X: 1c:f4:1d:86:32:a7:57:6c:d5:6c:59:86:18:b9:9f: 40:10:e2:f2:99:96:04:96:10:d4:88:82:2c:06:5c: e7:7c Y: 16:86:d8:41:0a:f3:c3:f0:e7:0c:29:a4:69:e0:b2: 41:34:73:a6:78:58:e0:a0:df:84:4d:c9:9e:83:3f: bd:fd Curve: P-256 X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication X509v3 Authority Key Identifier: keyid:3D:40:3F:96:30:78:9F:C1:84:1F:94:E0:A2:4D:1C:E1:69:3D:F3:E4 X509v3 Subject Alternative Name: DNS:localhost, DNS:rancher.cattle-system IP Address:127.0.0.1, IP Address:172.19.0.3, IP Address:192.168.30.13 Signature Algorithm: ECDSA-SHA256 30:45:02:21:00:e5:f1:e7:2d:14:fc:25:1f:5c:ea:ce:9a:8d: 7a:95:e2:d8:bc:64:7a:38:83:3e:84:bc:2e:c7:83:5c:44:5f: 21:02:20:7c:91:46:fe:2f:bc:f9:18:41:e7:8d:70:0b:1b:c7: e3:c2:b3:12:c5:4f:44:ef:fa:00:15:88:6c:3a:c2:e1:23 ] Do you want to continue connecting (yes/no)? yes INFO[0002] Saving config to /root/.rancher/cli2.json
配置文件
[root@localhost ~]# cat /root/.rancher/cli2.json | jq { "Servers": { "rancherDefault": { "accessKey": "token-5q6kw", "secretKey": "8b7w2hj85z7cwkwhhvjlp2rw5ls5n8d4gj7vj74jbdch9gv4dzq9km", "tokenKey": "token-5q6kw:8b7w2hj85z7cwkwhhvjlp2rw5ls5n8d4gj7vj74jbdch9gv4dzq9km", "url": "https://192.168.30.13", "project": "local:p-8rzzk", "cacert": "-----BEGIN CERTIFICATE-----\nMIIBpzCCAU2gAwIBAgIBADAKBggqhkjOPQQDAjA7MRwwGgYDVQQKExNkeW5hbWlj\nbGlzdGVuZXItb3JnMRswGQYDVQQDExJkeW5hbWljbGlzdGVuZXItY2EwHhcNMjEx\nMTI5MDcwMDU0WhcNMzExMTI3MDcwMDU0WjA7MRwwGgYDVQQKExNkeW5hbWljbGlz\ndGVuZXItb3JnMRswGQYDVQQDExJkeW5hbWljbGlzdGVuZXItY2EwWTATBgcqhkjO\nPQIBBggqhkjOPQMBBwNCAARppCv2i2N7k6tF4DWBaJAHhOdwC1SMfymJaj8LUwOP\nfGsMhpLVlI/6Go7FIRPAIkGxoPqc0CeayxrcGun0R66Ao0IwQDAOBgNVHQ8BAf8E\nBAMCAqQwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUPUA/ljB4n8GEH5Tgok0c\n4Wk98+QwCgYIKoZIzj0EAwIDSAAwRQIhAJn4aRTOGsJCaQllCXzDw/vl3o3AmY0a\nqTSMjPRo91vMAiBTnYJMP92NZUoqVV6tG8H+PdsTK/QeTSHm1m4iju1JBg==\n-----END CERTIFICATE-----", "kubeCredentials": null, "kubeConfigs": null } }, "CurrentServer": "rancherDefault" }
[root@localhost ~]# rancher clusters CURRENT ID STATE NAME PROVIDER NODES CPU RAM PODS * local active local Unknown 1 0.10/4 0.07/7.51 GB 5/110
[root@localhost ~]# rancher nodes ID NAME STATE POOL DESCRIPTION local:machine-5p4pj local-node active
[root@localhost ~]# rancher catalog ID NAME URL BRANCH KIND helm helm https://kubernetes-charts.storage.googleapis.com/ master helm library library https://git.rancher.io/charts master helm
[root@localhost ~]# rancher settings ID NAME VALUE agent-image agent-image rancher/rancher-agent:v2.1.6 api-ui-version api-ui-version 1.1.6 cacerts cacerts -----BEGIN CERTIFICATE----- MIIC7jCCAdagAwIBAgIBADANBgkqhkiG9w0BAQsFADAoMRIwEAYDVQQKEwl0aGUt cmFuY2gxEjAQBgNVBAMTCWNhdHRsZS1jYTAeFw0xOTAzMTkwODUxNTNaFw0yOTAz MTYwODUxNTNaMCgxEjAQBgNVBAoTCXRoZS1yYW5jaDESMBAGA1UEAxMJY2F0dGxl LWNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2j/x0F+VpdPHv6ce zKYAcGeGDjHfv8YL4Q6NpO4m6N3z3WwC9e9qNq062TGWml3q3xIu0ll229vTXYZG YaW7hdIYdNcgE4d2DSFiM0rV2CCiBheAidcvGWTmVuRqDaH7+ofxUeuz940osjcY GKYkugUnPA9n6cXRF8KF9a6d6t2Kcwqyd3A5c5ld+lPsu2u6lbJhJArdGWmi8Iiq CpkgmPyabCJhpF/YRtLfZ6+mQ0SpcapAuVvXiSGyHjnXykxywthSnTHgSJp48SV7 XCYJx5skU4rqKOWRgwfgQLWnLdV6kWLTH7EE+aiBwt2lygZUR3Ekpr3rXe7Q+dHh ygOYVwIDAQABoyMwITAOBgNVHQ8BAf8EBAMCAqQwDwYDVR0TAQH/BAUwAwEB/zAN BgkqhkiG9w0BAQsFAAOCAQEAMfDWlobAEGKvhLW380JA93IcafbQGgTLyhBglqwF B4SBj56ZTki2mZrccUZXYKzIPTRwY39cnBakjkkczm4Hkci3Ag+4hz9g5mJWAa/H mYrxNEdUJNiih7RNwBne0MaLSHH1MjBfmCSExCJkqlXuD4XXY7dJ05ZQ6urWB2ZI lC7oqwGUxnvDSEMONHLTNQy+5yA+jSae9holJ5kpvEq6vE9A1PoUg4/leHZXsI5L h+gDJX+WbAn5rdyDB0F4XJxn/glQPGxFNib8EUGt4b58re4x9A8ZaVbzL+KEKrS1 7QO13jU95Cy5+FA5GKO3YILrkvCFIoEaRe83jlbiQZSSaw== -----END CERTIFICATE----- cli-url-darwin cli-url-darwin https://releases.rancher.com/cli2/v2.0.6/rancher-darwin-amd64-v2.0.6.tar.gz cli-url-linux cli-url-linux https://releases.rancher.com/cli2/v2.0.6/rancher-linux-amd64-v2.0.6.tar.gz cli-url-windows cli-url-windows https://releases.rancher.com/cli2/v2.0.6/rancher-windows-386-v2.0.6.zip engine-install-url engine-install-url https://releases.rancher.com/install-docker/17.03.sh engine-iso-url engine-iso-url https://releases.rancher.com/os/latest/rancheros-vmware.iso engine-newest-version engine-newest-version v17.12.0 engine-supported-range engine-supported-range ~v1.11.2 || ~v1.12.0 || ~v1.13.0 || ~v17.03.0 first-login first-login false helm-version helm-version v2.10.0-rancher5 ingress-ip-domain ingress-ip-domain xip.io install-uuid install-uuid 6002fd6a-f4ae-454b-a17b-f90c64aafa2a k8s-version k8s-version v1.11.6-rancher1-1 k8s-version-to-images k8s-version-to-images {"v1.10.12-rancher1-1":null,"v1.11.6-rancher1-1":null,"v1.12.4-rancher1-1":null,"v1.9.7-rancher2-2":null} machine-version machine-version v0.15.0-rancher1-1 namespace namespace peer-service peer-service rdns-base-url rdns-base-url https://api.lb.rancher.cloud/v1 rke-version rke-version v0.1.15 server-image server-image rancher/rancher server-url server-url https://192.168.0.157 server-version server-version v2.1.6 system-default-registry system-default-registry system-namespaces system-namespaces kube-system,kube-public,cattle-system,cattle-alerting,cattle-logging,cattle-pipeline,ingress-nginx telemetry-opt telemetry-opt in telemetry-uid telemetry-uid bf1dd7d1-e0ed-475e-9dfe-e9af2d71f9b3 ui-feedback-form ui-feedback-form ui-index ui-index https://releases.rancher.com/ui/latest2/index.html ui-path ui-path /usr/share/rancher/ui ui-pl ui-pl rancher whitelist-domain whitelist-domain forums.rancher.com windows-agent-image windows-agent-image rancher/rancher-agent:v2.1.6-nanoserver-1803
[root@localhost ~]# rancher kubectl get pods --all-namespaces NAMESPACE NAME READY STATUS RESTARTS AGE cattle-fleet-local-system fleet-agent-59b74595c-xgnjg 1/1 Running 5 129m cattle-fleet-system fleet-controller-66cc4c6b5b-xswdl 1/1 Running 5 131m cattle-fleet-system gitjob-5778966b7c-jqdtj 1/1 Running 5 131m cattle-system rancher-webhook-6979fbd4bf-gs8vk 1/1 Running 5 129m kube-system coredns-7448499f4d-4n2vt 1/1 Running 5 134m
准备编排脚本
[root@localhost ~]# cat nginx.yaml apiVersion: v1 kind: Service metadata: name: nginx labels: app: nginx spec: ports: - port: 88 targetPort: 80 selector: app: nginx type: NodePort --- apiVersion: apps/v1 kind: Deployment metadata: name: nginx labels: app: nginx spec: replicas: 3 selector: matchLabels: app: nginx template: metadata: labels: app: nginx spec: containers: - name: nginx image: nginx:latest ports: - containerPort: 80
部署
[root@localhost ~]# rancher kubectl create -f nginx.yaml service/nginx created deployment.apps/nginx created
查看状态
[root@localhost ~]# rancher kubectl get deployment -n default NAME READY UP-TO-DATE AVAILABLE AGE nginx 3/3 3 3 113s [root@localhost ~]# rancher kubectl get service -n default NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 10.43.0.1 <none> 443/TCP 156m nginx NodePort 10.43.111.205 <none> 88:32646/TCP 119s [root@localhost ~]# rancher kubectl get pods -n default NAME READY STATUS RESTARTS AGE nginx-585449566-kd2mk 0/1 ContainerCreating 0 14s nginx-585449566-mdl8n 0/1 ContainerCreating 0 14s nginx-585449566-v8s5k 0/1 ContainerCreating 0 14s
[root@localhost ~]# rancher kubectl describe services nginx Name: nginx Namespace: default Labels: app=nginx Annotations: field.cattle.io/publicEndpoints: [{"port":32646,"protocol":"TCP","serviceName":"default:nginx","allNodes":true}] Selector: app=nginx Type: NodePort IP Family Policy: SingleStack IP Families: IPv4 IP: 10.43.111.205 IPs: 10.43.111.205 Port: <unset> 88/TCP TargetPort: 80/TCP NodePort: <unset> 32646/TCP Endpoints: 10.42.0.40:80,10.42.0.41:80,10.42.0.42:80 Session Affinity: None External Traffic Policy: Cluster Events: <none>
neo@ubuntu:~$ docker logs -f rancher
$ curl -L http://127.0.0.1:2379/health {"health": "true"}
提示错误
[network] Host [rancher.netkiller.cn] is not able to connect to the following ports: [rancher.netkiller.cn:2379]. Please check network policies and firewall rules
排查
$ docker logs -f share-mnt Error response from daemon: {"message":"No such container: kubelet"} Error: failed to start containers: kubelet
neo@m-1d41c853af58:~$ snap list Name Version Rev Tracking Publisher Notes core 16-2.37.4 6531 stable canonical✓ core go 1.12 3318 stable mwhudson classic kubectl 1.13.4 780 stable canonical✓ classic lxd 3.11 10343 stable/… canonical✓ - microk8s v1.14.0-beta.1 442 1.14/beta canonical✓ classic neo@m-1d41c853af58:~$ snap remove microk8s kubectl lxd error: access denied (try with sudo) neo@m-1d41c853af58:~$ sudo snap remove microk8s kubectl lxd sudo: unable to resolve host m-1d41c853af58: Invalid argument microk8s removed kubectl removed lxd removed