使用helm在k8s集群部署rancher

木木2年前技术文章1115

使用helm在k8s集群部署rancher

由于我们的k8s版本是1.22,所以我们直接安装latest版本的rancher。不同版本的rancher helm仓库可以看下面链接

https://docs.rancher.cn/docs/rancher2.5/installation/resources/choosing-version/_index

添加helm仓库

```Plain Text helm repo add rancher-latest https://releases.rancher.com/server-charts/latest helm repo add rancher-alpha https://releases.rancher.com/server-charts/alpha

![https://teamo-md.oss-cn-shanghai.aliyuncs.com/img/202111300908821.png](https://teamo-md.oss-cn-shanghai.aliyuncs.com/img/202111300908821.png)

# 为rancher创建namespace

Plain Text kubectl create namespace cattle-system

![https://teamo-md.oss-cn-shanghai.aliyuncs.com/img/202111251744334.png](https://teamo-md.oss-cn-shanghai.aliyuncs.com/img/202111251744334.png)

# 安装cert-manager

由于我们选择使用自签名的证书来配置rancher,所以需要安装cert-manager来管理这些证书。

## 静默安装

先从github下载对应的yaml文件

[https://github.com/jetstack/cert-manager/releases](https://github.com/jetstack/cert-manager/releases)

Plain Text wget https://github.com/jetstack/cert-manager/releases/download/v1.6.1/cert-manager.crds.yaml

运行该yaml文件即可实现静默安装

## helm安装

## 添加jetstack helm存储库

Plain Text helm repo add jetstack https://charts.jetstack.io

![https://teamo-md.oss-cn-shanghai.aliyuncs.com/img/202111251757316.png](https://teamo-md.oss-cn-shanghai.aliyuncs.com/img/202111251757316.png)

## 更新本地helm存储库缓存

Plain Text helm repo update

![https://teamo-md.oss-cn-shanghai.aliyuncs.com/img/202111251758350.png](https://teamo-md.oss-cn-shanghai.aliyuncs.com/img/202111251758350.png)

## 安装cert-manager

Plain Text helm install \  cert-manager jetstack/cert-manager \  --namespace cert-manager \  --create-namespace \  --version v1.6.1 \  --set installCRDs=true  # 这里我们选择将CRD作为helm的一部分进行安装,所以需要加上 --set installCRDs=true

## 查看cert-manmger状态

Plain Text kubectl get pods --namespace cert-manager

![https://teamo-md.oss-cn-shanghai.aliyuncs.com/img/202111300858741.png](https://teamo-md.oss-cn-shanghai.aliyuncs.com/img/202111300858741.png)

# 安装rancher

查看helm仓库啊中的rancher版本

Plain Text helm search repo --versions

![https://teamo-md.oss-cn-shanghai.aliyuncs.com/img/202111300910492.png](https://teamo-md.oss-cn-shanghai.aliyuncs.com/img/202111300910492.png)

可以看到最新版本为2.6.2

Plain Text

这里安装会失败,应为2.6.2的rancher不支持1.22的kubernetes,之后使用了2.6.3版本的rancher安装成功

helm install rancher rancher-latest/rancher \  --namespace cattle-system \  --version 2.6.2 \  --set hostname=rancher.ilomumu.xyz \  --set replicas=1

![https://teamo-md.oss-cn-shanghai.aliyuncs.com/img/20211203120004.png](https://teamo-md.oss-cn-shanghai.aliyuncs.com/img/20211203120004.png)

# ingress-nginx

此时我们的rancher还不能正常访问,这是由于我们还没有安装ingress-nginx(ingress控制器)。先查看下ingress资源

Plain Text kubectl -n cattle-system get ingress

![https://teamo-md.oss-cn-shanghai.aliyuncs.com/img/20211203115637.png](https://teamo-md.oss-cn-shanghai.aliyuncs.com/img/20211203115637.png)

## 安装ingress-nginx

相关文档地址

[https://kubernetes.github.io/ingress-nginx/deploy/](https://kubernetes.github.io/ingress-nginx/deploy/)

helm安装命令

Plain Text helm upgrade --install ingress-nginx ingress-nginx \  --repo https://kubernetes.github.io/ingress-nginx \  --namespace ingress-nginx --create-namespace

![https://teamo-md.oss-cn-shanghai.aliyuncs.com/img/20211214135636.png](https://teamo-md.oss-cn-shanghai.aliyuncs.com/img/20211214135636.png)

安装完成

# 修改rancher的ingress配置

我们要修改rancher的ingress配置将其绑定到我们安装的ingress上

Plain Text kubectl get ingress -n cattle-system

![https://teamo-md.oss-cn-shanghai.aliyuncs.com/img/20211214135915.png](https://teamo-md.oss-cn-shanghai.aliyuncs.com/img/20211214135915.png)

编辑ingress

Plain Text kubectl edit ingress -n cattle-system rancher

原始内容如下

YAML

Please edit the object below. Lines beginning with a '#' will be ignored,

and an empty file will abort the edit. If an error occurs while saving this file will be

reopened with the relevant failures.

# apiVersion: networking.k8s.io/v1 kind: Ingress metadata:  annotations:    cert-manager.io/issuer: rancher    cert-manager.io/issuer-kind: Issuer    meta.helm.sh/release-name: rancher    meta.helm.sh/release-namespace: cattle-system    nginx.ingress.kubernetes.io/proxy-connect-timeout: "30"    nginx.ingress.kubernetes.io/proxy-read-timeout: "1800"    nginx.ingress.kubernetes.io/proxy-send-timeout: "1800"  creationTimestamp: "2021-12-14T03:46:23Z"  generation: 1  labels:    app: rancher    app.kubernetes.io/managed-by: Helm    chart: rancher-2.6.3-rc2    heritage: Helm    release: rancher  name: rancher  namespace: cattle-system  resourceVersion: "8072"  uid: f98350de-579c-4be0-a82e-08bcbf69fff5 spec:  rules:

  • host: rancher.ilomumu.xyz http:  paths:

    • backend:  service:    name: rancher    port:      number: 80 pathType: ImplementationSpecific tls:

  • hosts:

    • rancher.ilomumu.xyz secretName: tls-rancher-ingress status: loadBalancer: {}

编辑后内容如下

YAML

Please edit the object below. Lines beginning with a '#' will be ignored,

and an empty file will abort the edit. If an error occurs while saving this file will be

reopened with the relevant failures.

# apiVersion: networking.k8s.io/v1 kind: Ingress metadata:  annotations:    cert-manager.io/issuer: rancher    cert-manager.io/issuer-kind: Issuer    meta.helm.sh/release-name: rancher    meta.helm.sh/release-namespace: cattle-system    nginx.ingress.kubernetes.io/proxy-connect-timeout: "30"    nginx.ingress.kubernetes.io/proxy-read-timeout: "1800"    nginx.ingress.kubernetes.io/proxy-send-timeout: "1800"    kubernetes.io/ingress.class: "nginx"   # 添加绑定  creationTimestamp: "2021-12-14T03:46:23Z"  generation: 1  labels:    app: rancher    app.kubernetes.io/managed-by: Helm    chart: rancher-2.6.3-rc2    heritage: Helm    release: rancher  name: rancher  namespace: cattle-system  resourceVersion: "8072"  uid: f98350de-579c-4be0-a82e-08bcbf69fff5 spec:  rules:

  • host: rancher.ilomumu.xyz http:  paths:

    • backend:  service:    name: rancher    port:      number: 80 pathType: ImplementationSpecific tls:

  • hosts:

    • rancher.ilomumu.xyz secretName: tls-rancher-ingress status: loadBalancer: {}

# 修改hosts文件

查看ingress-nginx-control所在节点ip

![https://teamo-md.oss-cn-shanghai.aliyuncs.com/img/20211215163911.png](https://teamo-md.oss-cn-shanghai.aliyuncs.com/img/20211215163911.png)

修改hosts文件

![https://teamo-md.oss-cn-shanghai.aliyuncs.com/img/20211215164031.png](https://teamo-md.oss-cn-shanghai.aliyuncs.com/img/20211215164031.png)

# 查看访问端口

Plain Text kubectl get svc -n ingress-nginx

![https://teamo-md.oss-cn-shanghai.aliyuncs.com/img/20211214141508.png](https://teamo-md.oss-cn-shanghai.aliyuncs.com/img/20211214141508.png)

# 进行访问测试

访问地址

Plain Text  https://rancher.ilomumu.xyz:30733

![https://teamo-md.oss-cn-shanghai.aliyuncs.com/img/20211215165639.png](https://teamo-md.oss-cn-shanghai.aliyuncs.com/img/20211215165639.png)

# 配置rancher

## 获取bootstrapPassword密码

Plain Text kubectl get secret --namespace cattle-system bootstrap-secret -o go-template='{{.data.bootstrapPassword|base64decode}}{{"\n"}}'

![https://teamo-md.oss-cn-shanghai.aliyuncs.com/img/20211215165505.png](https://teamo-md.oss-cn-shanghai.aliyuncs.com/img/20211215165505.png)

## 设置密码并同意协议

![https://teamo-md.oss-cn-shanghai.aliyuncs.com/img/20211215165740.png](https://teamo-md.oss-cn-shanghai.aliyuncs.com/img/20211215165740.png)

## 设置中文

![https://teamo-md.oss-cn-shanghai.aliyuncs.com/img/20211215165903.png](https://teamo-md.oss-cn-shanghai.aliyuncs.com/img/20211215165903.png)

# 完全卸载rancher

rancher官方提供了卸载k8s集群内rancher的工具

[https://github.com/rancher/system-tools](https://github.com/rancher/system-tools)

直接下载该工具使用即可

Plain Text

使用-c 参数指定kubeconfig文件

system-tools remove -c .kube/config ```


返回列表

上一篇:helm chart包编写

下一篇:Kubernetes节点与令牌管理

相关文章

InnoDB秘籍:MVCC机制与行锁的深度探索

InnoDB秘籍:MVCC机制与行锁的深度探索

前言事务的起源可以追溯到 6000 年以前,当时苏美尔人(Sumerians)就发明了事务处理和记录的方法。已知最早的记录是写在土块上的,上面写了皇家的税收、土地、谷物、牲畜、奴隶和黄金,明确地记下了...

MySQL 复制-有数据环境搭建异步复制

MySQL 复制-有数据环境搭建异步复制

前言本 SOP 介绍的是已有数据的场景下如果部署主从复制,因为是生产环境而且有数据,我们就需要先将主库的数据同步到从库再建立复制关系,还需要根据数据量来选择更适合的备份工具。一、步骤归纳单实例安装:新...

pod内无法访问slb的监听

pod内无法访问slb的监听

问题背景在A账号下的k8s集群中有个nginx 应用,需要去访问B账号下内网slb代理的一个服务。B账号下的slb有多条监听,测试发现只有个别监听可以telnet通,其余监听telnet均不通。可能是...

迁移Cloudera Manager节点

迁移Cloudera Manager节点

1.概述1.CDH环境已搭建并正常运行2.旧Cloudera Manager节点包含Cloudera Manager Server(即cloudera-scm-server)服务和Cloudera M...

CDH-Impala集成ldap认证

CDH-Impala集成ldap认证

1、背景集群版本:cdh6.2.0impala版本:3.2.0+cdh6.2.0用户认证:AD由于用户需要使用数据库工具连接impala,但是集群开启了kerberos,如果使用数据库连接工具连接im...

kafka开启kerberos和ACL

kafka开启kerberos和ACL

kafka开启kerberos和ACL一、部署kafka-KB包1.上传软件包依次点击 部署中心----部署组件----上传软件包选择需要升级的kafka版本并点击确定 2.部署kafka依次点击部署...

发表评论    

◎欢迎参与讨论,请在这里发表您的看法、交流您的观点。

©Copyrights 2016-2022 YUNCHE 浙ICP备2021017017号