1.安装rke和local集群
[root@nginx 2.5.8]# rke -v
rke version v1.5.1
[root@nginx cert-manager]# rke up --config locale-cluster.ym
[root@nginx 2.5.8]# cat locale-cluster.yml
nodes:- address: 192.168.1.65internal_address: 192.168.1.65hostname_override: 192.168.1.65labels: app: rke-local-masteruser: wuborole: [controlplane, worker, etcd]ssh_key_path: /home/wubo/.ssh/id_rsaport: 22services:etcd:extra_args:auto-compaction-retention: 240 #(单位小时)quota-backend-bytes: '6442450944'backup_config:enabled: true # 设置true启用ETCD自动备份,设置false禁用;interval_hours: 12 # 快照创建间隔时间,不加此参数,默认5分钟;retention: 6 # etcd备份保留份数;snapshot: truecreation: 6hretention: 24hingress:provider: nginx
# extra_args:
# default-ssl-certificate: "ingress-nginx/ingress-default-cert"
# options:
# use-forwarded-headers: "true"
# #hostnetwork: truecluster_name: local
ignore_docker_version: true
prefix_path: /opt/rke
#kubernetes_version: v1.13.5-rancher1-2 #rke 0.2.2 https://github.com/rancher/rke/releases/tag/v1.1.0
#kubernetes_version: v1.17.4-rancher1-3 #rke 1.1.0
#kubernetes_version: v1.17.4-rancher1-2 #rke 1.1.0
kubernetes_version: v1.20.10-rancher1-1 #rke 1.2.12
dns:provider: corednsupstreamnameservers:- 192.168.99.42- 114.114.114.114
network:plugin: calicomtu: 0options:flannel_backend_type: vxlanprivate_registries:- url: harbor.jettech.comuser: adminpassword: Harbor12345is_default: true
services:kube-api:service_node_port_range: 30000-32767always_pull_images: truekubelet:cluster_domain: jettech.comfail_swap_on: false
2.安装cert-manager证书管理
Install/Upgrade Rancher on a Kubernetes Cluster | Rancher
Release v1.13.3 · cert-manager/cert-manager · GitHub
Rancher默认生成一个自签名CA,并用于cert-manager
颁发访问Rancher服务器接口的证书。
因为rancher
是 的默认选项,所以我们在运行命令时ingress.tls.source
没有指定。ingress.tls.source
helm install
- 设置
hostname
为解析到您的负载均衡器的 DNS 记录。 - 设置
replicas
用于 Rancher 部署的副本数量。默认为 3;如果集群中的节点少于 3 个,则应相应减少。 - 要安装特定的 Rancher 版本,请使用该
--version
标志,例如:--version 2.3.6
。 - 如果您要安装 alpha 版本,Helm 需要将该
--devel
选项添加到命令中。
wget https://github.com/cert-manager/cert-manager/releases/download/v1.13.3/cert-manager.crds.yaml[root@nginx cert-manager]# kubectl create -f cert-manager.yaml[root@nginx cert]# watch kubectl get all -AEvery 2.0s: kubectl get all -A Mon Jan 15 16:38:56 2024NAMESPACE NAME READY STATUS RESTARTS AGEcert-manager pod/cert-manager-cainjector-55f4d8d98c-zjzb6 1/1 Running 0 42m
cert-manager pod/cert-manager-df54459bf-bzs28 1/1 Running 0 42m
cert-manager pod/cert-manager-webhook-789576979c-jv2sv 1/1 Running 0 42m
3.安装rancher集群
[root@nginx cert-manager]# helm install rancher rancher-stable/rancher --namespace cattle-system --set hostname=jetto.jettech.com --set rancherImage=harbor.jettech.com/rancher/rancher --set rancherImageTag=v2.5.8 --set replicas=1 --set systemDefaultRegistry=harbor.jettech.com
4.nginx
[root@nginx cert-manager]# cat ../../nginx/conf/nginx.conf
worker_processes 4;
worker_rlimit_nofile 40000;
events {worker_connections 8192;
}stream {upstream rancher_servers_https {least_conn;server 192.168.1.65:443 max_fails=3 fail_timeout=5s;}server {listen 443;proxy_pass rancher_servers_https;}
}