Rancher 是为使用容器的公司打造的容器管理平台,Rancher 简化了使用 Kubernetes 的流程,开发者可以随处运行 Kubernetes(Run Kubernetes Everywhere),满足 IT 需求规范,赋能 DevOps 团队。
rancher官网:https://rancher.com/
中文官网:https://www.rancher.cn/
github地址:https://github.com/rancher/rancher
备注:
下面部署3节点kubernetes集群,然后在集群中部署rancher v2.5.0容器平台,rancher v2.5.0版本以后支持在已有kubernetes集群之上进行部署,与rke集群解耦,提供了很大的灵活性。
所有节点必须配置主机名,并确认节点时间同步
hostnamectl set-hostname xx
yum install -y chrony
systemctl enable --now chronyd
timedatectl set-timezone Asia/Shanghai安装sealos,以部署k8s v1.18.8版本为例
wget -c https://sealyun.oss-cn-beijing.aliyuncs.com/latest/sealos && \
chmod +x sealos && mv sealos /usr/bin
#下载离线资源包
wget -c \
https://sealyun.oss-cn-beijing.aliyuncs.com/cd3d5791b292325d38bbfaffd9855312-1.18.8/kube1.18.8.tar.gz部署kubernetes集群
sealos init \
--passwd 123456 \
--master 172.31.66.38 \
--node 172.31.66.39 \
--node 172.31.66.40 \
--pkg-url /root/kube1.18.8.tar.gz \
--version v1.18.8确认集群就绪
[root@master1 ~]# kubectl get nodes -o wide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
master1 Ready master 63m v1.18.8 172.31.66.38 <none> CentOS Linux 7 (Core) 3.10.0-1127.19.1.el7.x86_64 docker://19.3.0
node1 Ready <none> 62m v1.18.8 172.31.66.39 <none> CentOS Linux 7 (Core) 3.10.0-1127.19.1.el7.x86_64 docker://19.3.0
node2 Ready <none> 62m v1.18.8 172.31.66.40 <none> CentOS Linux 7 (Core) 3.10.0-1127.19.1.el7.x86_64 docker://19.3.0去除master节点污点
[root@master1 ~]# kubectl taint nodes master1 node-role.kubernetes.io/master-rancher默认使用ingress暴露UI到集群外部供用户访问,所以需要自行部署ingress-controller,以部署ingress-nginx-controller为例。
安装helm
version=v3.3.1
#从华为开源镜像站下载
curl -LO https://repo.huaweicloud.com/helm/${version}/helm-${version}-linux-amd64.tar.gz
tar -zxvf helm-${version}-linux-amd64.tar.gz
mv linux-amd64/helm /usr/local/bin/helm && rm -rf linux-amd64添加ingress-nginx helm repo
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx使用helm部署ingress-nginx,默认镜像为gcr.io,可自行在dockerhub搜索镜像替换:
helm install ingress-nginx \
--namespace ingress-nginx \
--create-namespace \
--set controller.image.repository=giantswarm/ingress-nginx-controller \
--set controller.image.tag=v0.40.2 \
--set controller.image.digest=null \
--set controller.service.type=NodePort \
ingress-nginx/ingress-nginx确认ingress-nginx就绪
[root@master1 ~]# kubectl -n ingress-nginx get pods
NAME READY STATUS RESTARTS AGE
ingress-nginx-controller-757f67c94b-6fdlg 1/1 Running 0 43m
[root@master1 ~]# kubectl -n ingress-nginx get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx-controller NodePort 10.103.240.29 <none> 80:30309/TCP,443:31610/TCP 43m
ingress-nginx-controller-admission ClusterIP 10.96.43.100 <none> 443/TCP 43m参考:https://rancher.com/docs/rancher/v2.x/en/installation/install-rancher-on-k8s/
添加rancher helm chart
helm repo add rancher-latest https://releases.rancher.com/server-charts/latest安装cert-manager
kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v0.15.0/cert-manager.crds.yaml
helm repo add jetstack https://charts.jetstack.io
helm repo update
helm install cert-manager \
--namespace cert-manager \
--create-namespace \
--version v0.15.0 \
jetstack/cert-manager部署rancher,注意hostname必须为dns域名形式。
helm install rancher \
--namespace cattle-system \
--create namespace \
--set hostname=rancher.my.org \
--version 2.5.1 \
rancher-latest/rancher查看创建的资源
[root@vm003 ~]# kubectl get pods -A
NAMESPACE NAME READY STATUS RESTARTS AGE
cattle-system helm-operation-bzcbl 0/2 Completed 0 2m36s
cattle-system helm-operation-kd9w8 0/2 Completed 0 95s
cattle-system helm-operation-l4qqt 0/2 Completed 0 86s
cattle-system helm-operation-qhxdn 0/2 Completed 0 20s
cattle-system helm-operation-vw5g8 0/2 Completed 0 69s
cattle-system rancher-66d4d887f6-9bsw2 1/1 Running 1 3m3s
cattle-system rancher-66d4d887f6-bxxks 1/1 Running 0 3m3s
cattle-system rancher-66d4d887f6-tqkjb 1/1 Running 0 3m3s
cattle-system rancher-webhook-669d998d9-k8j9s 1/1 Running 0 67s
cert-manager cert-manager-7cb75cf6b4-btwf8 1/1 Running 0 10m
cert-manager cert-manager-cainjector-759496659c-vlsxg 1/1 Running 0 10m
cert-manager cert-manager-webhook-7c75b89bf6-skfsn 1/1 Running 0 10m
fleet-system fleet-agent-c66455545-6ms5f 1/1 Running 0 11s
fleet-system fleet-controller-649446f474-5mr9t 1/1 Running 0 116s
fleet-system gitjob-869546b74d-7sp2h 1/1 Running 0 116s
kube-system calico-kube-controllers-84445dd79f-75xfs 1/1 Running 0 16m
kube-system calico-node-cqwms 1/1 Running 0 16m
kube-system calico-node-dk2j6 1/1 Running 0 15m
kube-system calico-node-rrpww 1/1 Running 0 15m
kube-system coredns-66bff467f8-97xjr 1/1 Running 0 16m
kube-system coredns-66bff467f8-bzlbt 1/1 Running 0 16m
kube-system etcd-vm003 1/1 Running 0 16m
kube-system kube-apiserver-vm003 1/1 Running 0 16m
kube-system kube-controller-manager-vm003 1/1 Running 0 16m
kube-system kube-proxy-6pnpt 1/1 Running 0 16m
kube-system kube-proxy-mpsns 1/1 Running 0 15m
kube-system kube-proxy-n7sgs 1/1 Running 0 15m
kube-system kube-scheduler-vm003 1/1 Running 0 16m
kube-system kube-sealyun-lvscare-vm001 1/1 Running 0 15m
kube-system kube-sealyun-lvscare-vm002 1/1 Running 0 15m
rancher-operator-system rancher-operator-547dbc9654-vww8m 1/1 Running 0 80s查看rancher自带的ingress
[root@vm003 ~]# kubectl -n cattle-system get ingress
NAME CLASS HOSTS ADDRESS PORTS AGE
rancher <none> rancher.my.org 80, 443 6m56s查看ingress controller 暴露的nodeport类型service
[root@master1 ~]# kubectl -n ingress-nginx get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx-controller NodePort 10.103.240.29 <none> 80:30309/TCP,443:31610/TCP 44m
ingress-nginx-controller-admission ClusterIP 10.96.43.100 <none> 443/TCP 44mwindows本地修改hosts,添加域名解析,由于是nodeport,地址为任意节点IP即可。
C:\Windows\System32\drivers\etc\hosts
172.31.66.38 rancher.my.org浏览器登录rancher UI
https://rancher.my.org:31610首先修改密码,然后选择直接使用现有集群:
登录后默认为cluster Explorer视图,另一个视图模式在右上角Cluster Manager
选择workload—>deployments,点击右上角Create可部署普通的k8s应用。
切换到default命名空间,创建一个2副本的nginx为例
注意为pod添加标签,创建service时需要通过该标签匹配pod
点击create,选择pod,查看应用运行情况
创建cluster IP类型service。
listening port为serivce端口,target port为容器端口,与deployment中定义匹配:
service配置seletctor,匹配nginx-demo的pod
创建ingress,将服务暴露到集群外部
浏览器访问,本地同样要配置域名解析
C:\Windows\System32\drivers\etc\hosts
172.31.66.38 rancher.my.org
172.31.66.38 rancher.nginx.org访问url
https://rancher.nginx.org:31610
http://rancher.nginx.org:30309
rancher自带了应用商店,可基于helm部署复杂的k8s应用,点击左上角app图标可切换到应用商店视图:
以部署rancher 开源存储longhorn为例,在每个节点安装longhorn依赖
yum install -y iscsi-initiator-utils
systemctl enable --now iscsid然后点击longhorn图标进入helm chat,直接点击右下install一键部署即可,如果需要定制配置install前修改values.yaml。
部署完成后展开左上角可看到longhorn选项:
点击进入即可登录到longhorn UI,longhorn整合了所有节点的本地存储,默认3副本高可用,存储目录默认为本地/var/lib/longhron
此时一个云原生分布式存储已经就绪,默认storageclass为longhorn,可直接调用该storageclass动态申请pv:
[root@master1 ~]# kubectl get sc
NAME PROVISIONER RECLAIMPOLICY VOLUMEBINDINGMODE ALLOWVOLUMEEXPANSION AGE
longhorn (default) driver.longhorn.io Delete Immediate true 49m说明: rancher的应用商店可以配置对接第三方helm仓库,但目前好像无法自行上传应用到chats的框框里面。
从Rancher v2.5开始,现在建议使用由Fleet提供支持的Rancher Continuous Delivery处理基于Gitops的deploy pipeline,该工具在Cluster Explorer中可用。
即在rancher v2.5.0以后rancher pipeline会被Continuous Delivery替代。
展开左上角Cluster Explorer,选择Continuous Delivery功能:
选择create,配置git仓库,官方示例仓库:https://github.com/rancher/fleet-examples
由于网络差连接github失败,也不知道怎么玩,这里就划水一笔带过。
fleet参考:https://rancher.com/docs/rancher/v2.x/en/deploy-across-clusters/fleet/
新版的rancher分为2个视图,一个cluster explorer视图,一个cluster manager视图。
cluster explorer 用户视图,应用查看、部署、cd等操作
cluster manager 管理员视图,添加多集群,添加节点,集群资源监控维护等
