Shulou(Shulou.com)06/03 Report--

I. background

Rancher HA can be deployed in several ways:

Helm HA installation, deploy Rancher in an existing Kubernetes cluster, Rancher will use the cluster's etcd to store data, and use Kubernetes scheduling to achieve high availability. RKE HA installation, using RKE tools to install a separate Kubernetes cluster, specifically for Rancher HA deployment and operation, RKE HA installation only supports Rancher v2.0.8 and previous versions, and Rancher v2.0.8 and later versions use helm to install Rancher.

This scheme will be based on the existing Kubernetes cluster, use Helm to install Rancher HA, and adopt a four-tier load balancing method.

Add the address of the Chart warehouse

Use the helm repo add command to add an Rancher chart warehouse address

Rancher tag and Chart version selection reference: https://www.cnrancher.com/docs/rancher/v2.x/cn/installation/server-tags/

# replace with the Helm repository branch you want to use (that is, latest or stable). Helm repo add rancher-stable https://releases.rancher.com/server-charts/stable III. Install Rancher server using a self-signed certificate

By default, the Rancher server design needs to turn on SSL/TLS configuration to ensure security, and pass the ssl certificate to rancher server or Ingress Controller in the form of Kubernetes Secret volumes. First create the certificate ciphertext so that Rancher and Ingress Controller can use it.

1. Generate a self-signed certificate

# script

Generate a self-signed certificate script with one click

# execute script to generate certificate

Sh create_self-signed-cert.sh-ssl-domain=rancher.sumapay.com-ssl-trusted-ip=172.16.1.21172.16.1.22-ssl-size=2048-ssl-date=3650

2. Use kubectl to create a secrets of tls type

# create a namespace

[root@k8s-master03 ~] # kubectl create namespace cattle-systemnamespace/rancher-system created

# Service certificate and private key ciphertext

[root@k8s-master03 self_CA] # kubectl-n cattle-system create secret tls tls-rancher-ingress-- cert=./tls.crt-- key=./tls.key secret/tls-rancher-ingress created

# ca Certificate ciphertext

[root@k8s-master03 self_CA] # kubectl-n cattle-system create secret generic tls-ca-- from-file=cacerts.pem secret/tls-ca created3, install rancher server

# install rancher HA using helm

[root@k8s-master03 ~] # helm install rancher-stable/rancher-- name rancher2-- namespace cattle-system-- set hostname=rancher.sumapay.com-- set ingress.tls.source=secret-- set privateCA=trueNAME: rancher2LAST DEPLOYED: Fri Apr 26 14:03:51 2019NAMESPACE: cattle-systemSTATUS: DEPLOYEDRESOURCES:== > v1/ClusterRoleBindingNAME AGErancher2 0s = > v1/DeploymentNAME READY UP-TO-DATE AVAILABLE AGErancher2 0max 3300s = > v1/Pod (related) NAME READY STATUS RESTARTS AGErancher-55c884bbf7-2xqpl 0Universe 1 ContainerCreating 0 0srancher-55c884bbf7-bqvjh 0ta 1 ContainerCreating 0 0srancher-55c884bbf7-hhlvh 0ta 1 ContainerCreating 0 0s = > v1/ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT (S) AGErancher2 ClusterIP 10.110.148.105 80/TCP 0s = > v1/ServiceAccountNAME SECRETS AGErancher2 1 0s = > v1beta1/IngressNAME HOSTS ADDRESS PORTS AGErancher2 rancher.sumapay.com 80 443 0sNOTES:Rancher Server has been installed.NOTE: Rancher may take several minutes to fully initialize. Please standby while Certificates are being issued and Ingress comes up.Check out our docs at https://rancher.com/docs/rancher/v2.x/en/Browse to https://rancher.sumapay.comHappy Containering!

# View creation

[root@k8s-master03 ~] # kubectl get nsNAME STATUS AGEcattle-global-data Active 2d5hcattle-system Active 2d5h [root@k8s-master03 ~] # kubectl get ingress-n cattle-system NAME HOSTS ADDRESS PORTS AGErancher2 rancher.sumapay.com 80 443 57m [root@k8s-master03] # kubectl get service-n cattle-system NAME TYPE CLUSTER-IP EXTERNAL-IP PORT (S) AGErancher2 ClusterIP 10.111.16.80 80/TCP 54m [root@k8s-master03] # kubectl get serviceaccount-n cattle-system NAME TYPE CLUSTER-IP EXTERNAL-IP PORT (S) AGErancher2 ClusterIP 10.111.16. 80 80/TCP 51m [root@k8s-master03] # kubectl get ClusterRoleBinding-n cattle-system-l app=rancher2-o wideNAME AGE ROLE USERS GROUPS SERVICEACCOUNTSrancher2 58m ClusterRole/cluster-admin cattle-system/rancher2 [root@k8s-master03 ~] # kubectl get pods-n cattle-system NAME READY STATUS RESTARTS AGEcattle -cluster-agent-594b8f79bb-pgmdt 1 to 1 Running 5 2d2hcattle-node-agent-lg44f 1 to 1 Running 0 2d2hcattle-node-agent-zgdms 1 to 1 Running 5 2d2hrancher2-9774897c-622sc 1 to 1 Running 0 50mrancher2-9774897c-czxxx 1 to 1 Running 0 50mrancher2-9774897c-sm2n5 1 kubectl get deployment 1 Running 0 50m [root@k8s-master03] # kubectl get deployment-n cattle-system NAME READY UP-TO-DATE AVAILABLE AGEcattle-cluster-agent 1 1 1 2d4hrancher2 3 55m4, 3 3 55m4, Add a host alias (/ etc/hosts) for Agent Pod

If you do not have an internal DNS server but specify the Rancher server domain name by adding / etc/hosts host aliases, then no matter which way you create the K8S cluster (custom, import, Host driver, etc.), after the K8S cluster is running, because cattle-cluster-agent Pod and cattle-node-agent can not find the Rancher server through DNS records, resulting in unable to communicate.

Solution method

Cattle-cluster-agent Pod and cattle-node-agent can communicate properly by adding host aliases (/ etc/hosts) to them (as long as IP addresses are interoperable).

# cattle-cluster-agent podkubectl-n cattle-system\ patch deployments cattle-cluster-agent-patch'{"spec": {"template": {"spec": {"hostAliases": [{"hostnames": [ "rancher.sumapay.com"] "ip": "layer-4 load balancer address"}'# cattle-node-agent podkubectl-n cattle-system\ patch daemonsets cattle-node-agent-- patch'{"spec": {"template": {"spec": {"hostAliases": [{"hostnames": ["rancher.sumapay.com"] "ip": "layer 4 load balancer address"}]}'

At this point, rancher HA has been deployed, and since it is not in the form of NodePort, we cannot directly access the rancher service without deploying ingress-controller.

For ingress-controller deployment, please refer to traefik deployment and usage.

Reference:

Https://www.cnrancher.com/docs/rancher/v2.x/cn/installation/ha-install/helm-rancher/tcp-l4/rancher-install/

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.