K8s集群上使用Helm部署2.4.6版本Rancher集群

参考文档
Helm安装Rancher

Rancher简介
Rancher是一套容器管理平台,它可以帮助组织在生产环境中轻松快捷的部署和管理容器。 Rancher可以轻松地管理各种环境的Kubernetes,满足IT需求并为DevOps团队提6 v r + L供支持。
Kubernetes不仅已经成为的容器编排标准,它也正在迅速成为各类云和虚拟化厂商提供的标准基础架构。RanchE = 9 O _ rer用户可以选择使用R/ P : o - ` V ancher Kub$ | n Q K sernetes Engine(RKE)创建Kubernetes集群,也可以使用GKE,AKS和EKS等云Kuberne/ + K 8 i + x # ytes服务。 Rancher用户还可以导入和管理现有的Kubernetes集群
Rancher支持各类集中式身份验证系统来管理Kubernetes集群。例如,大型企业的员工可以使用其公司Active Directory凭证访3 k o N V t T问GKE中的Kubernetes集群。IT管l K ! r o 8 z​​理员可以在用户,组,项目,7 | . c集群和云* ~ ` 4中设置访问控制和安全策略。 IT管​​理员可以在单个页面对所有Kubernetes集群的健康状况和容量进监控。
Rancher为DevOps工程师提供了一个直观的用户界面来管理他们的服务容器,用户不需要深入了解Kubernetes概念就可以开始使用Rancher。 Rancher包含应用商x ] V _ + 5 O i店,支持一键式部署Helm和Comp 5 S |osr 5 l o m : Z Ne模板。Rancher通过各种云、本地生态系统产品认证,其中包括安全工具,监控系统,容器仓库以及存储和网络驱动程序。下图说明了Rancher在IT和DeO S SvOps组织中扮演的角色。每个团队都会在他们选择的公共云或私有云上部署应用程序。

集群环境

[{ 6 nroot@f , V 6 1 Kelasticsearch01 ~]# kubectl get nodes
NAME        STATUS   ROLES    AGE    VERS| n C 7 3 i n *ION
10.2.8.34   Ready    <= ^ -;none>   615d   v1.13.1
10.2.8.65   Ready    <none>   61] q K y s V5d   v1.13.1

Helm环境

[ro5  y D V j V C Pot@elasticsearch01 y1 J a _ 3aml]# hen B g ` = L llm version
Client: &version.Version{SemVer:"v2.I s k V & 112.3", GitCommit:"eecf22f77df5f65c823aacd2dbd3U s S K ] s X0a+ C 1 ; b Y { % .e6c65f1} , C86e", GitTreeState:"clean"}
Server: &version.Version{SemVer:"v2.12.3", GitCommit:"eecf22f) i | p B k &77df5f65c823aacd2dbdE 7 w ,30ae6c65f1I : ] } [ A 9 ;86e", GitTreeState:"clean"}

添加Chart仓库地址f ) C N 9 { W J e

[root@elasticsearch01 yaml]# helm repo aj 7 Idd rancher-stable https://releases.rancher.com/server-charts/sf z Z v I I 9 ]table
"ran$ x hcher-sx 8 c + X N 9 W ]tabl7 - 1 K V E v {e" has been addeda l . to your repositories 

通过Helm安装Rancher
注意:这里指定了hostname=[ K ; d a + e Ira6 a 9ncher.minmin$ i y r X *msn.com,必须使用域名访问才
注意:rancher默认使用https访问,因此,需要有一个公网的SSL才行,可以使用之前ingress-secret2021。

[root@elasticse] ? g m m ! e ?arch01 yamV x Z  F - e z Fl]# kubectl get secret|grep 2021
ingress-secret2021                                     kuber3 . +netes.io/tls                     2      47d

注意:其中有几个参数需要特别注意,如果不注意后续再修改服务配置也可,比如namespace、hostname、ingress等,下面正式hel* K p B % ~m部署ra, A ` A r o ~ ;ncher

[root@el? + k D T D O lasticsearch01 yaml]# hel0 y Y c C # l k Rm install rancher-stable/rancher   --nt y R Qame rancher     --se; k % P U S c E )t hostn= } ^ T ! Yame=rancher.minminmsnh w D { f @ v  f.com   --set ingress.tls.source=ingress-secret2021
NAMp s oE:   rancherY Y j
LAST DEPLOYED: Mon Aug 31 15:21:33 2] ; U j J P R /020
NAMESPACE: default
STATUS: DEPLOYED
RESOURCES:
==> v1/ServiceAccount
NX e 4 0 2 w o }AME     SECRETS  AGE
rancher  1        0s
==> v1/f { yClusterRoleBinding
NAME     AGE
rancheH k - @  B [ 6r  0s
==> v1/Sem ; h Frvc d :  , Xice
NAME     TYPE       CLUSTER-IP      EXTERNAL-IP  PORT( E V s SS)  AGE
rancl ] n 9 Bher  ClusterIP  10.254.185.214  <none>       80/TCP   0s
==> v1/Deployment
NAME     DESIRED  CURRENT  UP-TO-DATE  AVAILABLE  AGE
rancher  3        3        3           0          0s
==> v1beta1/Ingr9 7 ~ess
NAME     HOSTS                   ADDRESS  PORTS  AGE
rancher  rancher.minmU / Finmsn.com  80, 443  0s
==> v1/Pod(related)
NAME                     READY  STATUS             RESTARTS  AGE
rancher-cf8d8f9dd-2m2pc  0/1    ContainerCreating  0         0s
rancher-cf8d8f9dd-462t6  0/1    ContainerCreating  0         0s
rancher-cf8d8f9dd-twcjf  0/1    ContainerCreating9 E + -  E ; : 2  0         0s
NOTES:
Rancher S5 Z s Z B V I lerver has been installed.
NOTE: Rancher may take several minutes to fully initialize. Please standby whileT % : / Certificates are being issued and Ingress comes up.
Check out our docs at https://ranch^ q 0 ner.com/docs/rancher/v2.x/en/
Browse to https://rancher.minminmsn.com
Happy Containem - y W 3 Zring!
[root@elasw N p 3 ; V =ticsearch01 yaml]# helm ls --all rancher
NAME    REVISION    UPDATED                     STATUS      CHART           APP VERSION NAMESPACE
ranchL [ z Y T e P p aer 1           Mon Aug 31- r f F 15:21:33 2020    DEPLOYED    rancher-2.4.6   v2.4.b ! -6      d| Y B $ ? Xefault
[root@elasticsearch01 yaml]# kuj d x g F ` + F zbectl get pods |grep rancher
rancher-cf8d8f9dd-2m2pc                        0/1     ContainerCQ R }reating   0          69s
rancher-cf8d8f9dd-462t6e i Y ,  l                         0/1     ContainerCreating   0          69s
rancher-cf8d8f9dd-twi l i | N K lcjf                        0/1     ContainerCreating   0          69s

发现默认是3节点rancher集群,测试k8s集群只有2个节点W t 4 e : 8,所以有1个pod没有启动,这里需要修改deploy中的x | }replicas为2

[root@elasticsearch01 yaml]# kubectl ge( r s =t pods |grep rancher
rancher-cf8d8f9dd-2m2pc                        1/1     Running             0          5m48s
rancher-cf8d8f9dd-F y z ;462t6                        1/1% ? w + e [ H b i     Running             0          5m48s
rancher-cf8d8f9dd-twcjf                        0/1     ContainerCreating   0          5m48s
[root@e& Z A Nlasticsearch01 yaml]# kubectl get deploy
NAME                          READY   UP-TO-DATE   AVAILABLE   AGE
rancher                       2/3     3            2           5m48s

修改其中replicas由2变为2

spec:
progressDeaM 8 N r ` N u o AdlineSec@ d L b & Londs: 600
replicas: 3

全部内容如下

[root@elasticsearch01 yaml]# kubectl edit  deploy ran0 p [ Y 0 ` b / 4cher
# Please edit the object below. Lines beginning with a '#' will be ignF X o ~ P Tored,
# and an empty file will abort the edit. If an error occurs while savingU z E this file will beq s  i t
# reopened with the relevant failures.
#
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
annotations:
deployment.kubernetes.io/revision:M ] + W ; - "1"
creationTimes { 4 qtamp: "2020-U 8 y 408-31T07:21:34Z"
generation: 1
labels:
app: rancher
chart: rancher-2.4.6
heritage: Tiller
rele= ( - s s 3ase: ranc* f i ` 4 8her
name: rancher
namespace: defaL r a C I w 5ult
resourceVersion: "99595282"
selfLink: /apis/exten3 . 3 / ( S Q U 4sions/v1beta1/namespaces/default/depe c ) T Q = d [ 9loyments/ranchR o er
uid: 995f7aaf-e{ p [ wb5a-11ea-9386-52540089b2b6
# Please edit the object below. Lines b O K teginning with a '#' will be ignored,
# and an empty file will abort the edi0 i / 0 M h n ~ rt. If an error occurs while saving this file will be
# reopenA N # ; % T 5ed with the relevant failures.
#
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
aX D A ` [ {nnotatioD x 8 ; x Ons:
deployment.kubernetes.io/revision: "1"
creationTimestamp: "2020-08-31T07:21:34Z"
generation: 1
labels:
app: rancher
chart: rancher-2.4.6
heritage: Tiller
release: ranG 1 N [ 5cher
name: ranC L v G G ~ rcher
namespace: default
resourceVersion: "99595282"
selfLink: /apis/extens  3ions/v1beta1/namespaces/default/deployments/rancher
uit 1 ! D k cd: 995f7aaf-eb5a-11ea-9386-52540089b2b6
spec:
progressDeadlineSeconds: 600
replicas: 3
revisionHistoryLimiU Q 5 - [ jt: 10
selector:
matchLabels:
app: rancher
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
type: RollingUp& P P r 5 T O f ldate
temq P 9 jplate:
metadatJ E n K a:
creationTimestamp: null
labels:
app: rancher
relg m P / | sease: rancher
s. d ^ E b b Q 1 cpec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringE_ * N E ixecution:
- podAffinityTerm:
labelSelector:
matchExpressiD G 7 A . u ) `ons:
- key: app
operator: In
values:
- rancher
topologyKey: kubernetes.io/hoZ # %stname
weight: 100
containers:
- args:
- --no-cacerts
- --http-listen-port=80
- --https-listen-port=4e  F . 4 h43
- --add-local=auto
env:
- name: CATTLE_NAMESPACE
value: default
- name: CATTLE_PEER_0 i x 6 9 ) + z .SERVICE
value: rancher
image: rancher/rancher:v2.4.6
imagePul8 W ] .lPolicy: IfNotPresent
livenessProbe:
failureThreshoh c + I t E g 5ld: 3
httpGet:
path: /healthz
port:) v . 9 ] 80
scheme: HTTP
initialDelaySeconds:F / r % S h 60
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 1
name: ranchep ` p h ! Ar
ports:
- containerPort: 80
protocoL N ( ^ ~ Nl: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 80
sch5 G * 7 T O Leme: HTTP
initialDelaySeconds: 5
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 1
resources: {}
terminationMessagePath: /dev/terminationj J 2 o N v-log
terminationMessagePolicy: File
dnsPolic . wcy: ClusterFirst
restartPolicy: Always
schedulerName: default-schv : Z I c i m . jeduler
securityContext: {}
serviceAccount: rancher
serviceAccountName: rancher
termi` H f f / A /nationGracePer3 ~ # UiodSeconds: 30
status:l R 1
availableReplicas: 2
condim ? t r j f 9 Xtions:
- lastTransitionTime: "2020-08-31T07:26:36Z"
lastUpdateTime: "2020-08-31T07:2{ w J U L ) S 56:36Z"
messagA S v ]e: Deployment has minimum availability.
reason: MinimumReplicasAvailable
status: "True"
type: Available
- lastTransitio. h n ]nTime: "z 0 F u h = g +2020-08-31T07:21:34Z"
lastUpdat1 1 | q . s Z meTime: "2020-08-31T07:26:36Z"
message: ReplicaSet "rancher-cf8d8f9dd" is progressing.
reason: ReplicaSetUpdated
status: "True"
type: Progressing
observedGM D w 5 e O  q %eneration:] X 9 ~ ) 1
readyReplicas: 2
replicas: 3
unavailableReplicas: 1
updatedReplicas: 3
[root@elasticsearch01 yaml]# kubectl edit  deploy rancher
deployment.extensions/rancher edited
[root@elasticsearch01 yaml]# kubectl get pods|grep rancher
rancher-cf8d8f9dd-2m2pc                        1/1     Running   0          11m
rancher-cf8d8f9dd-] N ( ) W j V462t6                        1/1     Running   0          11m
[roo- ! tW x e @elasticsearch01 yaml]# kubectl get deploy
NAME                          READY   UP-TO-DATE   AVAILABLE   AGE
rancher                       2/2     2            2           11m

修改ingress证{ @ m 5 h P
需要修改rancher默认ingress的secretName由tls-rancher-ingress变更为ingress-secret2021

[root@elasticsearO e { ^ $ x $ch01 yaml]# kubectl edit ingress rancher
# Please edit the object below. Lines beginning with a c - O u ^'#i F J - ^ , . a *' will be ig: ` Onored,
# and an empty file wil1 W X $ # |l abort the edit. If an error occurs while+ q 2 * 8 P 5 # ~ saving this fiO L { L Q rle will be
# reopened with the relevant failures.
#
apiVe]  = q Drsion: exten@ 8 ssions/v1beta1
kind: Ingress
metadata:
annotations:
certmanager.kx B  ! z @ n &8s.io/issuer: rancher
n) . E f : X 4 N Pginx.ingress.kubernetes.io/proxy-connect-timeout: "30"
nginx.ingress.kubernetes.io/proxy-read-timeout: "1800"
nginx.ingress.kubernetes.io/proxy-send-timeout:? 3 K d "1800"
creationTimestamp: "2020-08-31T07:21:34Z"
generation: 1
labels:
app: rancher
chart: rancher-2.4.6
herita& i J gge: Tiller
release: rancher
name: rancher
namespace: def=  m U C $ ` 5 nault
resourceVersion: "99593839"
selfLink: /apis/extensions/v1beta1/namespaces/default/ingresses/rancher
uid: 996153bf-eb5a-11ea-9386-P w u * x !52540089b2b6
spec6 Y 2 U:
rules:
- host: rancher.miU q % L - / c Jnminmsn.com
http:
paths:
- backend:
s| c + R B  ~ b )erviceName:R 3 3 @ w 8 ! raS & Uncher
servicePort: 80
tls:
- hosts:
- rancher.minminmsn.com
secretName: tls-rancher-ingress
status:
loadBalancer: {}
~                                                     

登陆rancher设置环境
默认密码为admin需要设置复杂密码,默认语言0 * _ K F ^ 4 G为英文可以改为中文,默认管理本地k8s集群
K8s集群上使用Helm部署2.4.6版本Rancher集群

添加TKE集群
创建ptech集群并导入,需要在ptech集群上执行如下

[root@VM_0_65_centos ~]# k% e 6 _ I Vubectl apply -f https://rancher.minminmsn.com/v3/import/lvkfcctjfm4w52llbwng5cq7q8wwmzvqt9cm9825w8gzvkkp5748mg.yaml
clusterrole.rbac.authorizO A o G = M r } Gation.k8s.io/proxy-cl{ p i x b + y l rusterrole-kubeapiserver unchanged
clusterrolebinding.rbac.authorization.k8s.io/proxy-role-binding-kubernetes-master unchanged
namespace/cattle-system unchanged
serviceaccount/cattle unchanged
clusterrolebinding.rbac.authorization.k8s.io/cat3 Z c 6 / o otle-admin-bindin0 8 X D O D 1 b =g unchanged
secret/cattle-credentials-943258c crea7 l A p N Wted
clusterrole.rbac.authorization.k8s.io/cattle-admin unchau [ L ) R U qnged
deplT O k 1 O Qoyment.apps/cattle-cluster-ag1 l 1 =ent configured
daemonset.apps/cattl 1 jle-node-agent co+ k  Z cnfigured
You have new mail in /var/spool/mail/root

创建enterN g 2 Dprise集群并导入,需[ c [ g i要在enV 6 X jterprise集群上执行如下

[root@VM_8_15_centos ~]# kubectl apply -f https://rancher.minminmsn.com/v3/import/xv4psldq5jsbxrj2h6pfmf22dfrcj5vzpk2tts9xjvh ` . {lmn! G enm, b i O y j b 1tbnd9r8 5 7 i 4 yl.yaml
clusterrole.rbac.authorizatr 0 ^ 5 r _ 9 }ion.k8s.io/proxy-clusterrole-kubeapiserver unchanged
clusterrolebinding.rbac.authu 8 E d f ; Lori2 k $ Vzation.k8s.io/proxy-role-binding-kubernetes-master unchanged
namespace/cattle-system unchanged
serviceaccount/cattle unchanged
clusterrolebinding.rbac.authorization.k8s.io/cattle-admin-binding unchae k L V Y r a Y mnged
secret/cattle-credenG S F m [ ( Itials-edbe822 created
clusterrole.rbac.authorH ) % ;ization.k8s.io/cattle-adQ B 2 H F tmin unchanged
deployment.apps/cattle-cluster-agent configured
daemonset.apps/c/ ( ! D 9 ] ,attle-node-agent configured

最终效果如下
K8s集群上使用Helm部署2.4.6版本Rancher集群