K8s集羣上使用Helm部署2.4.6版本Rancher集羣

參考文檔
Helm安裝Rancher

Rancher簡介
Rancher是一套容器管理平臺，它能夠幫助組織在生產環境中輕鬆快捷的部署和管理容器。 Rancher能夠輕鬆地管理各類環境的Kubernetes，知足IT需求併爲DevOps團隊提供支持。
Kubernetes不只已經成爲的容器編排標準，它也正在迅速成爲各種雲和虛擬化廠商提供的標準基礎架構。Rancher用戶能夠選擇使用Rancher Kubernetes Engine(RKE)建立Kubernetes集羣，也可使用GKE，AKS和EKS等雲Kubernetes服務。 Rancher用戶還能夠導入和管理現有的Kubernetes集羣。
Rancher支持各種集中式身份驗證系統來管理Kubernetes集羣。例如，大型企業的員工可使用其公司Active Directory憑證訪問GKE中的Kubernetes集羣。IT管​​理員能夠在用戶，組，項目，集羣和雲中設置訪問控制和安全策略。 IT管​​理員能夠在單個頁面對全部Kubernetes集羣的健康情況和容量進行監控。
Rancher爲DevOps工程師提供了一個直觀的用戶界面來管理他們的服務容器，用戶不須要深刻了解Kubernetes概念就能夠開始使用Rancher。 Rancher包含應用商店，支持一鍵式部署Helm和Compose模板。Rancher經過各類雲、本地生態系統產品認證，其中包括安全工具，監控系統，容器倉庫以及存儲和網絡驅動程序。下圖說明了Rancher在IT和DevOps組織中扮演的角色。每一個團隊都會在他們選擇的公共雲或私有云上部署應用程序。

集羣環境

[root@elasticsearch01 ~]# kubectl get nodes
NAME        STATUS   ROLES    AGE    VERSION
10.2.8.34   Ready    <none>   615d   v1.13.1
10.2.8.65   Ready    <none>   615d   v1.13.1

Helm環境

[root@elasticsearch01 yaml]# helm version
Client: &version.Version{SemVer:"v2.12.3", GitCommit:"eecf22f77df5f65c823aacd2dbd30ae6c65f186e", GitTreeState:"clean"}
Server: &version.Version{SemVer:"v2.12.3", GitCommit:"eecf22f77df5f65c823aacd2dbd30ae6c65f186e", GitTreeState:"clean"}

添加Chart倉庫地址

[root@elasticsearch01 yaml]# helm repo add rancher-stable https://releases.rancher.com/server-charts/stable
"rancher-stable" has been added to your repositories

經過Helm安裝Rancher
注意：這裏指定了hostname=rancher.minminmsn.com，必須使用域名訪問才行。
注意：rancher默認使用https訪問，所以，須要有一個公網的SSL才行，可使用以前ingress-secret2021。

[root@elasticsearch01 yaml]# kubectl get secret|grep 2021
ingress-secret2021                                     kubernetes.io/tls                     2      47d

注意：其中有幾個參數須要特別注意，若是不注意後續再修改服務配置也可，好比namespace、hostname、ingress等，下面正式helm部署rancher

[root@elasticsearch01 yaml]# helm install rancher-stable/rancher   --name rancher     --set hostname=rancher.minminmsn.com   --set ingress.tls.source=ingress-secret2021
NAME:   rancher
LAST DEPLOYED: Mon Aug 31 15:21:33 2020
NAMESPACE: default
STATUS: DEPLOYED

RESOURCES:
==> v1/ServiceAccount
NAME     SECRETS  AGE
rancher  1        0s

==> v1/ClusterRoleBinding
NAME     AGE
rancher  0s

==> v1/Service
NAME     TYPE       CLUSTER-IP      EXTERNAL-IP  PORT(S)  AGE
rancher  ClusterIP  10.254.185.214  <none>       80/TCP   0s

==> v1/Deployment
NAME     DESIRED  CURRENT  UP-TO-DATE  AVAILABLE  AGE
rancher  3        3        3           0          0s

==> v1beta1/Ingress
NAME     HOSTS                   ADDRESS  PORTS  AGE
rancher  rancher.minminmsn.com  80, 443  0s

==> v1/Pod(related)
NAME                     READY  STATUS             RESTARTS  AGE
rancher-cf8d8f9dd-2m2pc  0/1    ContainerCreating  0         0s
rancher-cf8d8f9dd-462t6  0/1    ContainerCreating  0         0s
rancher-cf8d8f9dd-twcjf  0/1    ContainerCreating  0         0s

NOTES:
Rancher Server has been installed.

NOTE: Rancher may take several minutes to fully initialize. Please standby while Certificates are being issued and Ingress comes up.

Check out our docs at https://rancher.com/docs/rancher/v2.x/en/

Browse to https://rancher.minminmsn.com

Happy Containering!

[root@elasticsearch01 yaml]# helm ls --all rancher
NAME    REVISION    UPDATED                     STATUS      CHART           APP VERSION NAMESPACE
rancher 1           Mon Aug 31 15:21:33 2020    DEPLOYED    rancher-2.4.6   v2.4.6      default  
[root@elasticsearch01 yaml]# kubectl get pods |grep rancher
rancher-cf8d8f9dd-2m2pc                        0/1     ContainerCreating   0          69s
rancher-cf8d8f9dd-462t6                        0/1     ContainerCreating   0          69s
rancher-cf8d8f9dd-twcjf                        0/1     ContainerCreating   0          69s

發現默認是3節點rancher集羣，測試k8s集羣只有2個節點，因此有1個pod沒有啓動，這裏須要修改deploy中的replicas爲2

[root@elasticsearch01 yaml]# kubectl get pods |grep rancher
rancher-cf8d8f9dd-2m2pc                        1/1     Running             0          5m48s
rancher-cf8d8f9dd-462t6                        1/1     Running             0          5m48s
rancher-cf8d8f9dd-twcjf                        0/1     ContainerCreating   0          5m48s

[root@elasticsearch01 yaml]# kubectl get deploy
NAME                          READY   UP-TO-DATE   AVAILABLE   AGE
rancher                       2/3     3            2           5m48s

修改其中replicas由2變爲2

spec:
  progressDeadlineSeconds: 600
  replicas: 3

所有內容以下

[root@elasticsearch01 yaml]# kubectl edit  deploy rancher

# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  annotations:
    deployment.kubernetes.io/revision: "1"
  creationTimestamp: "2020-08-31T07:21:34Z"
  generation: 1
  labels:
    app: rancher
    chart: rancher-2.4.6
    heritage: Tiller
    release: rancher
  name: rancher
  namespace: default
  resourceVersion: "99595282"
  selfLink: /apis/extensions/v1beta1/namespaces/default/deployments/rancher
  uid: 995f7aaf-eb5a-11ea-9386-52540089b2b6
# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  annotations:
    deployment.kubernetes.io/revision: "1"
  creationTimestamp: "2020-08-31T07:21:34Z"
  generation: 1
  labels:
    app: rancher
    chart: rancher-2.4.6
    heritage: Tiller
    release: rancher
  name: rancher
  namespace: default
  resourceVersion: "99595282"
  selfLink: /apis/extensions/v1beta1/namespaces/default/deployments/rancher
  uid: 995f7aaf-eb5a-11ea-9386-52540089b2b6
spec:
  progressDeadlineSeconds: 600
  replicas: 3
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      app: rancher
  strategy:
    rollingUpdate:
      maxSurge: 1
      maxUnavailable: 1
    type: RollingUpdate
  template:
    metadata:
      creationTimestamp: null
      labels:
        app: rancher
        release: rancher
    spec:
      affinity:
        podAntiAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
          - podAffinityTerm:
              labelSelector:
                matchExpressions:
                - key: app
                  operator: In
                  values:
                  - rancher
              topologyKey: kubernetes.io/hostname
            weight: 100
      containers:
      - args:
        - --no-cacerts
        - --http-listen-port=80
        - --https-listen-port=443
        - --add-local=auto
        env:
        - name: CATTLE_NAMESPACE
          value: default
        - name: CATTLE_PEER_SERVICE
          value: rancher
        image: rancher/rancher:v2.4.6
        imagePullPolicy: IfNotPresent
        livenessProbe:
          failureThreshold: 3
          httpGet:
            path: /healthz
            port: 80
            scheme: HTTP
          initialDelaySeconds: 60
          periodSeconds: 30
          successThreshold: 1
          timeoutSeconds: 1
        name: rancher
        ports:
        - containerPort: 80
          protocol: TCP
        readinessProbe:
          failureThreshold: 3
          httpGet:
            path: /healthz
            port: 80
            scheme: HTTP
          initialDelaySeconds: 5
          periodSeconds: 30
          successThreshold: 1
          timeoutSeconds: 1
        resources: {}
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
      dnsPolicy: ClusterFirst
      restartPolicy: Always
      schedulerName: default-scheduler
      securityContext: {}
      serviceAccount: rancher
      serviceAccountName: rancher
      terminationGracePeriodSeconds: 30
status:
  availableReplicas: 2
  conditions:
  - lastTransitionTime: "2020-08-31T07:26:36Z"
    lastUpdateTime: "2020-08-31T07:26:36Z"
    message: Deployment has minimum availability.
    reason: MinimumReplicasAvailable
    status: "True"
    type: Available
  - lastTransitionTime: "2020-08-31T07:21:34Z"
    lastUpdateTime: "2020-08-31T07:26:36Z"
    message: ReplicaSet "rancher-cf8d8f9dd" is progressing.
    reason: ReplicaSetUpdated
    status: "True"
    type: Progressing
  observedGeneration: 1
  readyReplicas: 2
  replicas: 3
  unavailableReplicas: 1
  updatedReplicas: 3

[root@elasticsearch01 yaml]# kubectl edit  deploy rancher
deployment.extensions/rancher edited
[root@elasticsearch01 yaml]# kubectl get pods|grep rancher
rancher-cf8d8f9dd-2m2pc                        1/1     Running   0          11m
rancher-cf8d8f9dd-462t6                        1/1     Running   0          11m
[root@elasticsearch01 yaml]# kubectl get deploy
NAME                          READY   UP-TO-DATE   AVAILABLE   AGE
rancher                       2/2     2            2           11m

修改ingress證書
須要修改rancher默認ingress的secretName由tls-rancher-ingress變動爲ingress-secret2021

[root@elasticsearch01 yaml]# kubectl edit ingress rancher

# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    certmanager.k8s.io/issuer: rancher
    nginx.ingress.kubernetes.io/proxy-connect-timeout: "30"
    nginx.ingress.kubernetes.io/proxy-read-timeout: "1800"
    nginx.ingress.kubernetes.io/proxy-send-timeout: "1800"
  creationTimestamp: "2020-08-31T07:21:34Z"
  generation: 1
  labels:
    app: rancher
    chart: rancher-2.4.6
    heritage: Tiller
    release: rancher
  name: rancher
  namespace: default
  resourceVersion: "99593839"
  selfLink: /apis/extensions/v1beta1/namespaces/default/ingresses/rancher
  uid: 996153bf-eb5a-11ea-9386-52540089b2b6
spec:
  rules:
  - host: rancher.minminmsn.com
    http:
      paths:
      - backend:
          serviceName: rancher
          servicePort: 80
  tls:
  - hosts:
    - rancher.minminmsn.com
    secretName: tls-rancher-ingress
status:
  loadBalancer: {}
~

登錄rancher設置環境
默認密碼爲admin須要設置複雜密碼，默認語言爲英文能夠改成中文，默認管理本地k8s集羣

添加TKE集羣
建立ptech集羣並導入，須要在ptech集羣上執行以下

[root@VM_0_65_centos ~]# kubectl apply -f https://rancher.minminmsn.com/v3/import/lvkfcctjfm4w52llbwng5cq7q8wwmzvqt9cm9825w8gzvkkp5748mg.yaml
clusterrole.rbac.authorization.k8s.io/proxy-clusterrole-kubeapiserver unchanged
clusterrolebinding.rbac.authorization.k8s.io/proxy-role-binding-kubernetes-master unchanged
namespace/cattle-system unchanged
serviceaccount/cattle unchanged
clusterrolebinding.rbac.authorization.k8s.io/cattle-admin-binding unchanged
secret/cattle-credentials-943258c created
clusterrole.rbac.authorization.k8s.io/cattle-admin unchanged
deployment.apps/cattle-cluster-agent configured
daemonset.apps/cattle-node-agent configured
You have new mail in /var/spool/mail/root

建立enterprise集羣並導入，須要在enterprise集羣上執行以下

[root@VM_8_15_centos ~]# kubectl apply -f https://rancher.minminmsn.com/v3/import/xv4psldq5jsbxrj2h6pfmf22dfrcj5vzpk2tts9xjvlmnnmtbnd9rl.yaml
clusterrole.rbac.authorization.k8s.io/proxy-clusterrole-kubeapiserver unchanged
clusterrolebinding.rbac.authorization.k8s.io/proxy-role-binding-kubernetes-master unchanged
namespace/cattle-system unchanged
serviceaccount/cattle unchanged
clusterrolebinding.rbac.authorization.k8s.io/cattle-admin-binding unchanged
secret/cattle-credentials-edbe822 created
clusterrole.rbac.authorization.k8s.io/cattle-admin unchanged
deployment.apps/cattle-cluster-agent configured
daemonset.apps/cattle-node-agent configured

最終效果以下