1.安装rke和local集群

[root@nginx 2.5.8]# rke -v
rke version v1.5.1

 [root@nginx cert-manager]# rke up --config locale-cluster.ym
[root@nginx 2.5.8]# cat locale-cluster.yml 
nodes:- address: 192.168.1.65internal_address: 192.168.1.65hostname_override: 192.168.1.65labels: app: rke-local-masteruser: wuborole: [controlplane, worker, etcd]ssh_key_path: /home/wubo/.ssh/id_rsaport: 22services:etcd:extra_args:auto-compaction-retention: 240 #(单位小时)quota-backend-bytes: '6442450944'backup_config:enabled: true         # 设置true启用ETCD自动备份，设置false禁用；interval_hours: 12    # 快照创建间隔时间，不加此参数，默认5分钟；retention: 6          # etcd备份保留份数；snapshot: truecreation: 6hretention: 24hingress:provider: nginx
#  extra_args:
#    default-ssl-certificate: "ingress-nginx/ingress-default-cert"
#  options:
#    use-forwarded-headers: "true"
#  #hostnetwork: truecluster_name: local
ignore_docker_version: true
prefix_path: /opt/rke
#kubernetes_version: v1.13.5-rancher1-2 #rke 0.2.2 https://github.com/rancher/rke/releases/tag/v1.1.0
#kubernetes_version: v1.17.4-rancher1-3 #rke 1.1.0
#kubernetes_version: v1.17.4-rancher1-2 #rke 1.1.0
kubernetes_version: v1.20.10-rancher1-1 #rke 1.2.12
dns:provider: corednsupstreamnameservers:- 192.168.99.42- 114.114.114.114
network:plugin: calicomtu: 0options:flannel_backend_type: vxlanprivate_registries:- url: harbor.jettech.comuser: adminpassword: Harbor12345is_default: true
services:kube-api:service_node_port_range: 30000-32767always_pull_images: truekubelet:cluster_domain: jettech.comfail_swap_on: false

2.安装cert-manager证书管理

Install/Upgrade Rancher on a Kubernetes Cluster | Rancher

Release v1.13.3 · cert-manager/cert-manager · GitHub 

Rancher默认生成一个自签名CA，并用于cert-manager颁发访问Rancher服务器接口的证书。

因为rancher是 的默认选项，所以我们在运行命令时ingress.tls.source没有指定。ingress.tls.sourcehelm install

• 设置hostname为解析到您的负载均衡器的 DNS 记录。
• 设置replicas用于 Rancher 部署的副本数量。默认为 3；如果集群中的节点少于 3 个，则应相应减少。
• 要安装特定的 Rancher 版本，请使用该--version标志，例如：--version 2.3.6。
• 如果您要安装 alpha 版本，Helm 需要将该--devel选项添加到命令中。

wget https://github.com/cert-manager/cert-manager/releases/download/v1.13.3/cert-manager.crds.yaml[root@nginx cert-manager]# kubectl create -f cert-manager.yaml[root@nginx cert]# watch kubectl get all -AEvery 2.0s: kubectl get all -A                                                                                                       Mon Jan 15 16:38:56 2024NAMESPACE                 NAME                                           READY   STATUS      RESTARTS   AGEcert-manager              pod/cert-manager-cainjector-55f4d8d98c-zjzb6   1/1     Running     0          42m
cert-manager              pod/cert-manager-df54459bf-bzs28               1/1     Running     0          42m
cert-manager              pod/cert-manager-webhook-789576979c-jv2sv	 1/1     Running     0          42m

 3.安装rancher集群

[root@nginx cert-manager]# helm install  rancher rancher-stable/rancher --namespace cattle-system --set hostname=jetto.jettech.com --set rancherImage=harbor.jettech.com/rancher/rancher --set rancherImageTag=v2.5.8 --set replicas=1 --set systemDefaultRegistry=harbor.jettech.com

4.nginx 

[root@nginx cert-manager]# cat ../../nginx/conf/nginx.conf
worker_processes 4;
worker_rlimit_nofile 40000;
events {worker_connections 8192;
}stream {upstream rancher_servers_https {least_conn;server 192.168.1.65:443 max_fails=3 fail_timeout=5s;}server {listen     443;proxy_pass rancher_servers_https;}
}