Rancher2的单节点部署很简单

1 sudo docker run -d --restart=unless-stopped -p 80:80 -p 443:443 rancher/rancher

View Code

Rancher2的多节点HA部署在2.0.8之前需要直接rke部署,升级也比较麻烦,2.0.8以后的版本使用helm部署,相对于之前的版本在部署和升级上面好了很多,记录如下:

2.0.8之前版本的部署需要rancher-cluster.yml文件

  1 nodes:
  2   - address: 192.168.40.104 # hostname or IP to access nodes
  3     user: root # root user (usually 'root')
  4     role: [controlplane,etcd,worker] # K8s roles for node
  5     ssh_key_path: ~/.ssh/id_rsa # path to PEM file
  6   - address: 192.168.40.105
  7     user: root
  8     role: [controlplane,etcd,worker]
  9     ssh_key_path: ~/.ssh/id_rsa
 10   - address: 192.168.40.106
 11     user: root
 12     role: [controlplane,etcd,worker]
 13     ssh_key_path: ~/.ssh/id_rsa
 14 
 15 services:
 16   etcd:
 17     snapshot: true
 18     creation: 6h
 19     retention: 24h
 20 
 21 addons: |-
 22   ---
 23   kind: Namespace
 24   apiVersion: v1
 25   metadata:
 26     name: cattle-system
 27   ---
 28   kind: ServiceAccount
 29   apiVersion: v1
 30   metadata:
 31     name: cattle-admin
 32     namespace: cattle-system
 33   ---
 34   kind: ClusterRoleBinding
 35   apiVersion: rbac.authorization.k8s.io/v1
 36   metadata:
 37     name: cattle-crb
 38     namespace: cattle-system
 39   subjects:
 40   - kind: ServiceAccount
 41     name: cattle-admin
 42     namespace: cattle-system
 43   roleRef:
 44     kind: ClusterRole
 45     name: cluster-admin
 46     apiGroup: rbac.authorization.k8s.io
 47   ---
 48   apiVersion: v1
 49   kind: Secret
 50   metadata:
 51     name: cattle-keys-ingress
 52     namespace: cattle-system
 53   type: Opaque
 54   data:
 55     tls.crt: #添加自己的证书
 56     tls.key: #添加自己的证书
 57   ---
 58   apiVersion: v1
 59   kind: Secret
 60   metadata:
 61     name: cattle-keys-server
 62     namespace: cattle-system
 63   type: Opaque
 64   data:
 65     cacerts.pem: #添加自己的证书
 66   ---  
 67   apiVersion: v1
 68   kind: Service
 69   metadata:
 70     namespace: cattle-system
 71     name: cattle-service
 72     labels:
 73       app: cattle
 74   spec:
 75     ports:
 76     - port: 80
 77       targetPort: 80
 78       protocol: TCP
 79       name: http
 80     - port: 443
 81       targetPort: 443
 82       protocol: TCP
 83       name: https
 84     selector:
 85       app: cattle
 86   ---
 87   apiVersion: extensions/v1beta1
 88   kind: Ingress
 89   metadata:
 90     namespace: cattle-system
 91     name: cattle-ingress-http
 92     annotations:
 93       nginx.ingress.kubernetes.io/proxy-connect-timeout: "30"
 94       nginx.ingress.kubernetes.io/proxy-read-timeout: "1800"   # Max time in seconds for ws to remain shell window open
 95       nginx.ingress.kubernetes.io/proxy-send-timeout: "1800"   # Max time in seconds for ws to remain shell window open
 96   spec:
 97     rules:
 98     - host:   # FQDN to access cattle server
 99       http:
100         paths:
101         - backend:
102             serviceName: cattle-service
103             servicePort: 80
104     tls:
105     - secretName: cattle-keys-ingress
106       hosts:
107       -       # FQDN to access cattle server
108   ---
109   kind: Deployment
110   apiVersion: extensions/v1beta1
111   metadata:
112     namespace: cattle-system
113     name: cattle
114   spec:
115     replicas: 1
116     template:
117       metadata:
118         labels:
119           app: cattle
120       spec:
121         serviceAccountName: cattle-admin
122         containers:
123         # Rancher install via RKE addons is only supported up to v2.0.8
124         - image: rancher/rancher:stable
125           imagePullPolicy: Always
126           name: cattle-server
127   #       env:
128   #       - name: HTTP_PROXY
129   #         value: "http://your_proxy_address:port"
130   #       - name: HTTPS_PROXY
131   #         value: "http://your_proxy_address:port"
132   #       - name: NO_PROXY
133   #         value: "localhost,127.0.0.1,0.0.0.0,10.43.0.0/16,your_network_ranges_that_dont_need_proxy_to_access"
134           livenessProbe:
135             httpGet:
136               path: /ping
137               port: 80
138             initialDelaySeconds: 60
139             periodSeconds: 60
140           readinessProbe:
141             httpGet:
142               path: /ping
143               port: 80
144             initialDelaySeconds: 20
145             periodSeconds: 10
146           ports:
147           - containerPort: 80
148             protocol: TCP
149           - containerPort: 443
150             protocol: TCP
151           volumeMounts:
152           - mountPath: /etc/rancher/ssl
153             name: cattle-keys-volume
154             readOnly: true
155         volumes:
156         - name: cattle-keys-volume
157           secret:
158             defaultMode: 420
159             secretName: cattle-keys-server

View Code

2.0.8之后的rancher-cluster.yml文件要简洁很多

 1 nodes:
 2   - address: 192.168.40.104 # hostname or IP to access nodes
 3     internal_address: 192.168.40.104
 4     user: root # root user (usually 'root')
 5     role: [controlplane,etcd,worker] # K8s roles for node
 6     ssh_key_path: ~/.ssh/id_rsa # path to PEM file
 7   - address: 192.168.40.105
 8     internal_address: 192.168.40.105
 9     user: root
10     role: [controlplane,etcd,worker]
11     ssh_key_path: ~/.ssh/id_rsa
12   - address: 192.168.40.106
13     internal_address: 192.168.40.106
14     user: root
15     role: [controlplane,etcd,worker]
16     ssh_key_path: ~/.ssh/id_rsa
17 
18 services:
19   etcd:
20     snapshot: true
21     creation: 6h
22     retention: 24h

View Code

这里我设置三个节点做HA,关于架构借用rancher官方的图

 

LB使用nginx,单独部署,不建议使用容器,直接部署实体就行,nginx.conf文件中要使用stream模块负责LB

通过rke部署三个节点的k8s集群

rke up --config ./rancher-cluster.yml

部署完成后,在当前目录会生成kube_config_rancher-cluster.yml文件,这个文件要保留好,后期升级是不要使用的

export KUBECONFIG=$(pwd)/kube_config_rancher-cluster.yml

 

创建tiller 的pod

kubectl -n kube-system create serviceaccount tiller
kubectl create clusterrolebinding tiller --clusterrole cluster-admin --serviceaccount=kube-system:tiller
helm init --service-account tiller --tiller-image registry.cn-hangzhou.aliyuncs.com/google_containers/tiller:v2.11.0

查看所有的pod

 

查看helm和tiller是否成功

 

部署rancher,需要把rancher加入helm的repository中

helm repo add rancher-stable https://releases.rancher.com/server-charts/stable
helm repo update

因为有自己的证书,所以在安装时候不用cert-manager工具

helm install rancher-stable/rancher --name rancher --namespace cattle-system --set hostname=(nginx中的域名) --set ingress.tls.source=secret

 

添加证书

kubectl -n cattle-system create secret tls tls-rancher-ingress --cert=tls.crt --key=tls.key
kubectl -n cattle-system create secret generic tls-ca --from-file=cacerts.pem

rancher2HA模式部署完成

 

进入rancher2后,会发现一个local的k8s集群

 

到此,rancher2.x(2.0.8以上版本)HA模式部署完成

 

版权声明:本文为drnmmond原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://www.cnblogs.com/drnmmond/p/9887884.html