rancher 简单使用
运行docker 容器
环境部署
-
关闭防火墙与selinux
systemctl stop firewalld
systemctl disable firewalld
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
setenforce 0
-
关闭 NetworlManager
systemctl stop firewalld
systemctl disable firewalld
-
下载常用工具,修改yum源
yum install -y ntpdate vim wget tree httpd-tools telnet lrzsz net-tools bridge-utils unzip
curl -o /etc/yum.repos.d/Centos-7.repo http://mirrors.aliyun.com/repo/Centos-7.repo
curl -o /etc/yum.repos.d/docker-ce.repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum clean all && yum makecache
-
同步时间
ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
ntpdate -u ntp.aliyun.com && date
-
修改内核参数
cat <<EOF >> /etc/sysctl.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward=1
EOF
# 自动加载br_netfilter(网络过滤器) 模块
modprobe br_netfilter
#sysctl命令动态的修改内核参数
sysctl -p /etc/sysctl.conf
# -p:从配置文件“/etc/sysctl.conf”加载内核参数设置
# modprobe 自动处理可载入模块
- 配置加速
```bash
## https://cr.console.aliyun.com/cn-hangzhou/instances/mirrors
mkdir -p /etc/docker
vi /etc/docker/daemon.json
{
"registry-mirrors" : [
"https://8xpk5wnt.mirror.aliyuncs.com"
]
}
```
- 安装启动并设置开机启动
```bash
yum install docker-ce -y
systemctl enable docker
systemctl start docker
yum安装指定版本
yum install docker-ce-20.10.6 -y
查看源中可用版本
yum list docker-ce --showduplicates | sort -r
安装最新版本
yum install docker-ce -y
查看docker版本
docker version
```
- 运行eureka
```
# 使用docker 运行eureka
docker run -p 8761:8761 -d hub.c.163.com/springcloud/eureka
# 访问 http://192.168.3.88:8761/
```
## rancher 及其下产品 介绍
rancher 中文社区网站:https://docs.rancher.cn/docs/rancher2.5/cluster-admin/_index
官网:https://rancher.com/
### 介绍
**rancher**
一个来源的企业级容器管理平台,通过rancher,企业再也不必自己使用一系列的开源软件去从头搭建容器服务平台。rancher提供了在生产环境中使用的管理和kubernetes的全栈化容器部署和管理平台。
帮助用户不需要深入了解kubernetes概念就可以使用rancher。
使用rancher可以非常轻松的管理安装在本地或远程开发环境中的kubernetes,rancher2.3全面支持Windows容器,集成Istio服务网格,并增强了云原生工作负载的安全性,有助于开发人员更快且更有信心地进行创新。
**RKE**
RKE是一款经过CNCF认证,极致简单且非常快速的kubernetes安装程序,完全在容器内运行,解决了容器最常见的安装复杂性问题。借助RKE,Kubernetes可以完全独立于您正在运行的操作系统和平台,轻松实现Kubernetes的自动化运维。仅需几分钟,RKE便可通过单条命令构建一个集群,其声明式配置使Kubernetes升级操作具备原子性且安全。
**K3S**
k3s是经CNCF一致性认证的Kubernetes发行版,专为无人值守、资源受限、偏远地区或物联网设备内部的生产工作负载而设计。 k3s被打包成单个小于60MB的二进制文件,支持x86和ARM处理器,在小到树莓派或大到 AWS a1.4xlarge 32GiB服务器的环境中均能出色工作。
**RIO**
Rio是一款轻量级Kubernetes应用部署引擎,可以快速且简单地在任何Kubernetes集群中构建、测试、部署、扩展和编写无状态的应用程序。通过集成Istio、Knative和Prometheus等常见服务,Rio帮助您为用户提供最佳的应用程序发布体验。
## rancher安装
```bash
1.安装,此处安装最新版本,也可指定版本安装,如:v2.5.2
docker run -d --privileged --restart=unless-stopped -p 80:80 -p 443:443 rancher/rancher:latest
2.访问,输入主机的 IP 地址:https://<SERVER_IP>
################################根据提示操作########################################
It looks like this is your first time visiting Rancher; if you pre-set your own bootstrap password, enter it here. Otherwise a random one has been generated for you. To find it:
For a "docker run" installation:
Find your container ID with docker ps, then run:
docker logs container-id 2>&1 | grep "Bootstrap Password:"
For a Helm installation, run:
kubectl get secret --namespace cattle-system bootstrap-secret -o go-template='{{.data.bootstrapPassword|base64decode}}{{"\n"}}'
################################################################################
3.找到随机密码登录,登录后可以选择 "Set a specific password to use" 设置密码
[root@rancher-01 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
43535129abe2 rancher/rancher:latest "entrypoint.sh" 26 hours ago Up 5 minutes 0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp flamboyant_aryabhata
[root@rancher-01 ~]# docker logs 43535129abe2 2>&1 | grep "Bootstrap Password:"
2021/09/16 00:25:30 [INFO] Bootstrap Password: j57xvm455r2vv65dcc7w29sz6qhhjf7g94x6x9bjtmg4hrxjb6glp7
添加kubernetes集群
根据提示导入集群
# 页面提示
Run the kubectl command below on an existing Kubernetes cluster running a supported Kubernetes version to import it into Rancher:
kubectl apply -f https://192.168.3.88/v3/import/mmd9v722djj85d2chbx6k2sk6d9gbqmn26wz4g52qttqd4nwsl8jrt_c-m-89m4t2m5.yaml
If you get a "certificate signed by unknown authority" error, your Rancher installation has a self-signed or untrusted SSL certificate. Run the command below instead to bypass the certificate verification:
curl --insecure -sfL https://192.168.3.88/v3/import/mmd9v722djj85d2chbx6k2sk6d9gbqmn26wz4g52qttqd4nwsl8jrt_c-m-89m4t2m5.yaml | kubectl apply -f -
If you get permission errors creating some of the resources, your user may not have the cluster-admin role. Use this command to apply it:
kubectl create clusterrolebinding cluster-admin-binding --clusterrole cluster-admin --user <your username from your kubeconfig>
# rke2 安装的 发行版 kubernetes 也就是 k3s
[root@rke2-1 ~]# /var/lib/rancher/rke2/bin/kubectl get node
NAME STATUS ROLES AGE VERSION
rke2-1 Ready control-plane,etcd,master 3d19h v1.21.4+rke2r3
rke2-2 Ready control-plane,etcd,master 3d19h v1.21.4+rke2r3
rke2-3 Ready control-plane,etcd,master 3d18h v1.21.4+rke2r3
rke2-4 Ready control-plane,etcd,master 3d19h v1.21.4+rke2r3
# 选择第二个,绕过证书检测,导入
[root@rke2-1 ~]# curl --insecure -sfL https://192.168.3.88/v3/import/mmd9v722djj85d2chbx6k2sk6d9gbqmn26wz4g52qttqd4nwsl8jrt_c-m-89m4t2m5.yaml | /var/lib/rancher/rke2/bin/kubectl apply -f -
clusterrole.rbac.authorization.k8s.io/proxy-clusterrole-kubeapiserver created
clusterrolebinding.rbac.authorization.k8s.io/proxy-role-binding-kubernetes-master created
namespace/cattle-system created
serviceaccount/cattle created
clusterrolebinding.rbac.authorization.k8s.io/cattle-admin-binding created
secret/cattle-credentials-b2400a8 created
clusterrole.rbac.authorization.k8s.io/cattle-admin created
deployment.apps/cattle-cluster-agent created
service/cattle-cluster-agent created
# 可以看到创建了一系列资源
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-LARbK8Td-1631847529373)(images/image-20210917102456802.png)]
管理界面
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-hKCFOnSp-1631847529374)(images/image-20210917102927511.png)]
yment.apps/cattle-cluster-agent created
service/cattle-cluster-agent created
可以看到创建了一系列资源
管理界面