附录:Rancher 安装.md
安装前准备
一、安装 kubectl 与 helm(如果未安装)
curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl
chmod +x kubectl && mv kubectl /usr/local/bin/
curl https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash
二、准备 Kubernetes 集群
你必须确保:
-
可以通过
kubectl get nodes正常访问集群 -
Kubernetes ≥ 1.21(不同 Rancher 版本略有差异)
三、安装 ingress-nginx(用于暴露 Rancher)
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update
helm install ingress-nginx ingress-nginx/ingress-nginx \
--namespace ingress-nginx \
--create-namespace \
--set controller.service.type=LoadBalancer
等待外部 IP 分配:
ubuntu@ubuntu:~$ kubectl get svc -n ingress-nginx
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx-controller LoadBalancer 10.111.89.100 <pending> 80:32402/TCP,443:30097/TCP 22s
ingress-nginx-controller-admission ClusterIP 10.105.200.153 <none> 443/TCP 22s
## 发现缺少 LoadBalancer【EXTERNAL-IP 为pending】
## 安装LB
ubuntu@ubuntu:~$ kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.14.3/config/manifests/metallb-native.yaml
namespace/metallb-system created
customresourcedefinition.apiextensions.k8s.io/bfdprofiles.metallb.io created
customresourcedefinition.apiextensions.k8s.io/bgpadvertisements.metallb.io created
customresourcedefinition.apiextensions.k8s.io/bgppeers.metallb.io created
customresourcedefinition.apiextensions.k8s.io/communities.metallb.io created
customresourcedefinition.apiextensions.k8s.io/ipaddresspools.metallb.io created
customresourcedefinition.apiextensions.k8s.io/l2advertisements.metallb.io created
serviceaccount/controller created
serviceaccount/speaker created
role.rbac.authorization.k8s.io/controller created
role.rbac.authorization.k8s.io/pod-lister created
clusterrole.rbac.authorization.k8s.io/metallb-system:controller created
clusterrole.rbac.authorization.k8s.io/metallb-system:speaker created
rolebinding.rbac.authorization.k8s.io/controller created
rolebinding.rbac.authorization.k8s.io/pod-lister created
clusterrolebinding.rbac.authorization.k8s.io/metallb-system:controller created
clusterrolebinding.rbac.authorization.k8s.io/metallb-system:speaker created
configmap/metallb-excludel2 created
secret/webhook-server-cert created
service/webhook-service created
deployment.apps/controller created
daemonset.apps/speaker created
validatingwebhookconfiguration.admissionregistration.k8s.io/metallb-webhook-configuration created
ubuntu@ubuntu:~$ kubectl get pods -n metallb-system
NAME READY STATUS RESTARTS AGE
controller-6d9b64d49f-x5fs5 1/1 Running 0 27s
speaker-98mqz 0/1 Running 0 27s
speaker-dgfmd 0/1 Running 0 27s
speaker-nvss7 0/1 Running 0 27s
ubuntu@ubuntu:~$
## 给分配IP 192.168.236.101/24
ubuntu@ubuntu:~$ cat <<EOF | kubectl apply -f -
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
name: default-pool
namespace: metallb-system
spec:
addresses:
- 192.168.236.200-192.168.236.210
---
apiVersion: metallb.io/v1beta1
kind: L2Advertisement
metadata:
name: default
namespace: metallb-system
spec: {}
EOF
ipaddresspool.metallb.io/default-pool created
l2advertisement.metallb.io/default unchanged
## 让 ingress-nginx 重新获得 IP
ubuntu@ubuntu:~$ helm upgrade --install ingress-nginx ingress-nginx/ingress-nginx \
--namespace ingress-nginx \
--set controller.service.type=LoadBalancer
## 重新查看
ubuntu@ubuntu:~$ kubectl get svc -n ingress-nginx
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx-controller LoadBalancer 10.104.99.152 192.168.236.200 80:31694/TCP,443:31176/TCP 7m56s
ingress-nginx-controller-admission ClusterIP 10.105.200.153 <none> 443/TCP 21m
安装 cert-manager(Rancher TLS 依赖)
kubectl create namespace cert-manager
helm repo add jetstack https://charts.jetstack.io
helm repo update
helm install cert-manager jetstack/cert-manager \
--namespace cert-manager \
--set installCRDs=true
检查
ubuntu@ubuntu:~$ kubectl get pods -n cert-manager
NAME READY STATUS RESTARTS AGE
cert-manager-77b74755d9-9tkkv 1/1 Running 0 25s
cert-manager-cainjector-65fcfd6ccf-68lpn 1/1 Running 0 25s
cert-manager-webhook-9b4dd78-566b9 1/1 Running 0 25s
五、准备 Rancher 主机名(无需域名)
我们用 sslip.io,它会自动将主机名解析到你的 IP。
rancher.<INGRESS_IP>.sslip.io
如果 INGRESS_IP=1.2.3.4,则 hostname 是:
rancher.1.2.3.4.sslip.io
## 这里是
rancher.192.168.236.200.sslip.io
六、安装 Rancher(Helm)
kubectl create namespace cattle-system
helm repo add rancher-latest https://releases.rancher.com/server-charts/latest
helm repo update
# helm install rancher rancher-latest/rancher \
# --namespace cattle-system \
# --set hostname=rancher.192.168.236.200.sslip.io \
# --set replicas=3 \
# --set ingress.tls.source=letsEncrypt \
# --set letsEncrypt.email="952022746@qq.com"
helm install rancher rancher-latest/rancher \
--namespace cattle-system \
--set hostname=rancher.192.168.236.200.sslip.io \
--set ingress.tls.source=secret \
--set replicas=1 \
--set ingress.ingressClassName=nginx
七、检查安装状态
查看 Rancher pod 是否全部 Running:
ubuntu@ubuntu:~$ kubectl get pods -n cattle-system
NAME READY STATUS RESTARTS AGE
rancher-5dbcb676cd-kx5nb 0/1 Running 0 76s
rancher-5dbcb676cd-lbcmz 0/1 Running 0 76s
rancher-5dbcb676cd-tkv5n 0/1 Running 0 76s
## 查看 ingress
ubuntu@ubuntu:~$ kubectl get ingress -n cattle-system
NAME CLASS HOSTS ADDRESS PORTS AGE
rancher <none> rancher.192.168.236.200.sslip.io 80, 443 100s
ubuntu@ubuntu:~$
八、访问 Rancher
浏览器打开:
https://rancher.192.168.236.200.sslip.io
首次登录会要求设置 admin 密码。
如需重置密码:
kubectl -n cattle-system get pods -l app=rancher
kubectl -n cattle-system exec -it rancher-5dbcb676cd-kx5nb -c rancher -- reset-password
P5KkW6ZyrRhb6nvtm0OO
浙公网安备 33010602011771号