image.png

  1. docker run -d --restart=unless-stopped -p 80:80 -p 443:443 --privileged rancher/rancher

1 使用docker 部署rancher

使用root特权模式部署 —privileged

  1. docker run -d --restart=unless-stopped -p 80:80 -p 443:443 --privileged rancher/rancher
  1. [root@node01 ~]# docker ps 
  2. CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS                                         NAMES
  3. bf46c0fa30b2        rancher/rancher     "entrypoint.sh"     2 minutes ago       Up 2 minutes        0.0.0.0:8882->80/tcp, 0.0.0.0:8444->443/tcp   unruffled_vaughan
  4. [root@node01 ~]# 
  5. [root@node01 ~]#

image.png

image.png

image.png
image.png
image.png
image.png

image.png

1.2 版本升级 数据备份

  1. docker ps |grep rancher
  2. docker stop rancher
  3. docker create --volumes-from rancher --name rancher-data rancher/rancher
  5. docker run --volumes-from rancher-data -v $PWD:/backup busybox tar zcvf /backup/rancher-data-backup-v2.4.13.tar.gz /var/lib/rancher
  1. [root@rancher-server ~]# docker run --name rancher  -d --privileged --restart=unless-stopped --volumes-from rancher-data  -p 80:80 -p 443:443 rancher/rancher
  2. 9f366e8c6c90f4482d3bb2252ab637df1398136a37e9f1f8afd460e5479bb12a
  3. [root@rancher-server ~]# 
  4. [root@rancher-server ~]# docker ps |grep rancher
  5. 9f366e8c6c90   rancher/rancher:v2.5.7-ent-rc3-linux-amd64   "entrypoint.sh"          13 seconds ago   Up 11 seconds          0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp   rancher
  6. [root@rancher-server ~]#

新版UI

image.png

image.png

问题1:

  1. [root@node01 ~]# docker run -d --restart=unless-stopped -p 80:80 -p 443:443 rancher/rancher
  2. c0b84379c876a78d00c177202f3ca0f61251bf70aa1e1a6b4cf5183f0986f3b6
  3. [root@node01 ~]# 
  4. [root@node01 ~]# docker ps 
  5. CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS                                  PORTS               NAMES
  6. c0b84379c876        rancher/rancher     "entrypoint.sh"     3 seconds ago       Restarting (1) Less than a second ago                       crazy_mccarthy

查看日志:

  1. [root@node01 ~]# docker logs c0b
  2. ERROR: Rancher must be ran with the --privileged flag when running outside of Kubernetes
  3. ERROR: Rancher must be ran with the --privileged flag when running outside of Kubernetes
  4. ERROR: Rancher must be ran with the --privileged flag when running outside of Kubernetes
  5. ERROR: Rancher must be ran with the --privileged flag when running outside of Kubernetes
  6. ERROR: Rancher must be ran with the --privileged flag when running outside of Kubernetes
  7. ERROR: Rancher must be ran with the --privileged flag when running outside of Kubernetes
  8. ERROR: Rancher must be ran with the --privileged flag when running outside of Kubernetes
  9. ERROR: Rancher must be ran with the --privileged flag when running outside of Kubernetes
  10. [root@node01 ~]#

Rancher2.5产品理念解读.pdf

Rancher v2.5 demo.pdf

2 使用 helm部署rancher

2.1 helm 安装

文件下载
rancher中国官方提供 http://mirror.cnrancher.com/

https://helm.sh/zh/docs/intro/install/

https://github.com/helm/helm/releases
29 Rancher -2.5 部署 - 图11
29 Rancher -2.5 部署 - 图12

4.1 添加 helm rancher仓库

https://github.com/rancher/rancher/blob/master/chart/values.yaml

helm rancher仓库
https://artifacthub.io/packages/helm/rancher-stable/rancher

  1. [root@liwm home]# helm repo add rancher-latest https://releases.rancher.com/server-charts/latest

4.2 部署rancher 证书

cattle-system
cert-manager

  1. [root@liwm home]# kubectl create namespace cattle-system
  2. namespace/cattle-system created
  3. [root@liwm home]# kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v1.0.4/cert-manager.crds.yaml
  4. customresourcedefinition.apiextensions.k8s.io/certificaterequests.cert-manager.io created
  5. customresourcedefinition.apiextensions.k8s.io/certificates.cert-manager.io created
  6. customresourcedefinition.apiextensions.k8s.io/challenges.acme.cert-manager.io created
  7. customresourcedefinition.apiextensions.k8s.io/clusterissuers.cert-manager.io created
  8. customresourcedefinition.apiextensions.k8s.io/issuers.cert-manager.io created
  9. customresourcedefinition.apiextensions.k8s.io/orders.acme.cert-manager.io created
  10. [root@liwm home]# kubectl get pods --namespace cert-manager
  11. No resources found in cert-manager namespace.
  12. [root@liwm home]# kubectl create namespace cert-manager
  13. namespace/cert-manager created
  14. [root@liwm home]# helm repo add jetstack https://charts.jetstack.io
  15. WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /root/.kube/config
  16. WARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /root/.kube/config
  17. "jetstack" has been added to your repositories
  18. [root@liwm home]# helm install \
  19. >   cert-manager jetstack/cert-manager \
  20. >   --namespace cert-manager \
  21. >   --version v1.0.4
  22. WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /root/.kube/config
  23. WARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /root/.kube/config
  24. NAME: cert-manager
  25. LAST DEPLOYED: Sun May 23 20:42:39 2021
  26. NAMESPACE: cert-manager
  27. STATUS: deployed
  28. REVISION: 1
  29. TEST SUITE: None
  30. NOTES:
  31. cert-manager has been deployed successfully!
  33. In order to begin issuing certificates, you will need to set up a ClusterIssuer
  34. or Issuer resource (for example, by creating a 'letsencrypt-staging' issuer).
  36. More information on the different types of issuers and how to configure them
  37. can be found in our documentation:
  39. https://cert-manager.io/docs/configuration/
  41. For information on how to configure cert-manager to automatically provision
  42. Certificates for Ingress resources, take a look at the `ingress-shim`
  43. documentation:
  45. https://cert-manager.io/docs/usage/ingress/
  46. [root@liwm home]# kubectl get pods --namespace cert-manager
  47. NAME                                       READY   STATUS              RESTARTS   AGE
  48. cert-manager-6d87886d5c-s6zq4              0/1     ContainerCreating   0          9s
  49. cert-manager-cainjector-55db655cd8-h6qmt   0/1     ContainerCreating   0          9s
  50. cert-manager-webhook-6846f844ff-lwwnr      0/1     ContainerCreating   0          9s
  51. [root@liwm home]#
  1. [root@liwm home]# helm install rancher rancher-latest/rancher \
  2. >   --namespace cattle-system \
  3. >   --set hostname=rancher.my.org
  4. WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /root/.kube/config
  5. WARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /root/.kube/config
  6. NAME: rancher
  7. LAST DEPLOYED: Sun May 23 20:45:33 2021
  8. NAMESPACE: cattle-system
  9. STATUS: deployed
  10. REVISION: 1
  11. TEST SUITE: None
  12. NOTES:
  13. Rancher Server has been installed.
  15. NOTE: Rancher may take several minutes to fully initialize. Please standby while Certificates are being issued and Ingress comes up.
  17. Check out our docs at https://rancher.com/docs/rancher/v2.x/en/
  19. Browse to https://rancher.my.org
  21. Happy Containering!
  22. [root@liwm home]#
  1. [root@liwm Eren]# helm ls --all-namespaces
  2. WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /root/.kube/config
  3. WARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /root/.kube/config
  4. NAME                    NAMESPACE               REVISION        UPDATED                                 STATUS          CHART
  5.                 APP VERSION
  6. cert-manager            cert-manager            1               2021-05-23 20:42:39.3257997 +0800 CST   deployed        cert-manager-v1.0.4           v1.0.4
  7. fleet                   fleet-system            2               2021-05-23 12:48:46.4524648 +0000 UTC   deployed        fleet-0.3.500
  8.                 0.3.5
  9. rancher                 cattle-system           1               2021-05-23 20:45:33.0318282 +0800 CST   deployed        rancher-2.5.8
  10.                 v2.5.8
  11. rancher-operator        rancher-operator-system 1               2021-05-23 12:47:30.1734295 +0000 UTC   deployed        rancher-operator-0.1.400      0.1.4
  12. rancher-webhook         cattle-system           1               2021-05-23 12:47:46.7790814 +0000 UTC   deployed        rancher-webhook-0.1.000       0.1.0
  13. [root@liwm Eren]# kubectl -n cattle-system rollout status deploy/rancher
  14. deployment "rancher" successfully rolled out
  15. [root@liwm Eren]# kubectl -n cattle-system get deploy rancher
  16. NAME      READY   UP-TO-DATE   AVAILABLE   AGE
  17. rancher   3/3     3            3           139m
  18. [root@liwm Eren]#

修改 server的ClusterIP类型为:NodePort

  1. [root@liwm Eren]# kubectl -n cattle-system get service
  2. NAME              TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)                      AGE
  3. rancher           NodePort    10.101.123.206   <none>        80:30053/TCP,443:30155/TCP   150m
  4. rancher-webhook   ClusterIP   10.102.182.200   <none>        443/TCP                      148m
  5. [root@liwm Eren]#