1、版本兼容性

Rancher版本兼容性说明详见官网：https://rancher.com/support-maintenance-terms/all-supported-versions/rancher-v2.3.6/

这里选择Rancher-v2.3.6

• OS & Docker

TYPE	VERSION	VALIDATED/CERTIFIED ON1
CentOS	7.7	Docker 18.09.x

• Rancher Kubernetes

Rancher Launched	UPSTREAM VERSION	VALIDATED/CERTIFIED ON2,3,4,5
Rancher Launched	1.17.4	etcd: v3.4.3 flannel: v0.11.0 canal: v3.13.0 nginx-ingress-controller: 0.25.1

2、手动安装Rancher2.3.6

2.1 准备三台Centos7.7主机并，并安装好docker

Centos7 安装docker请参考：https://blog.csdn.net/iceliooo/article/details/103354159

[root@uat-w2 ~]# hostnamectl set-hostname uat-master
[root@uat-w2 ~]# 

2.2 以容器方式安装Rancher2.3.6

说明：由于Rancher默认使用80及443端口，请确保安装Rancher的节点， 80 端口和 443 端口的可用

[root@uat-master ~]# sudo docker run -d --restart=unless-stopped -p 80:80 -p 443:443 rancher/rancher:v2.3.6
Unable to find image 'rancher/rancher:v2.3.6' locally
v2.3.6: Pulling from rancher/rancher
5bed26d33875: Pull complete 
······

查看安装结果：成功运行Rancher容器并暴露80及443端口

[root@uat-master ~]# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
rancher/rancher     v2.3.6              b821fa609f1a        8 months ago        674MB
[root@uat-master ~]# docker ps 
CONTAINER ID        IMAGE                    COMMAND             CREATED             STATUS              PORTS                                      NAMES
7e4337eb54e8        rancher/rancher:v2.3.6   "entrypoint.sh"     12 minutes ago      Up 11 minutes       0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp   awesome_mirzakhani
[root@uat-master ~]# 

其它节点无镜像及容器

[root@uat-w1 ~]# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
[root@uat-w1 ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
[root@uat-w1 ~]# 

[root@uat-w2 ~]# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
[root@uat-w2 ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
[root@uat-w2 ~]# 

2.3 登录 Rancher 界面并进行初始设置

Rancher容器所在节点（这里事uat-master节点）外网IP登录Rancher UI界面

• 设置admin初始密码
  
• 设置Rancher Server URL
  
• 成功登录Rancher
  

3 创建业务集群

安装完成Rancher 后，您现在可以参考以下步骤，在 Rancher 中创建第一个自定义 Kubernetes 集群了。
在这个任务中，您可以使用自定义集群选项，使用的任意 Linux 主机（云主机、虚拟机或裸金属服务器）创建集群。

• 1、访问集群页面，单击添加集群。
  

• 2、选择自定义选项。
  

• 3、输入集群名称，其它配置全部采用默认值，单击下一步

• 4、勾选主机选项 - 角色选择中的所有角色： Etcd、 Control 和 Worker。

可选： Rancher 会自动探查用于 Rancher 通信和集群通信的 IP 地址。您可以通过主机选项 > 显示高级选项中的公网地址和内网地址指定 IP 地址。

复制以下命令在主机的SSH终端运行

sudo docker run -d --privileged --restart=unless-stopped --net=host -v /etc/kubernetes:/etc/kubernetes -v /var/run:/var/run rancher/rancher-agent:v2.3.6 --server https://120.24.X.X --token f88z7jtgn4tz626bql9tpfwcm6fcl449d82r4xssrmzkxtl92cc9hz --ca-checksum f6171cafdaf6623697b2c2328a36864ebb6a4e2c01795bbaa4a8929452d38354 --etcd --controlplane --worker

[root@uat-master ~]# sudo docker run -d --privileged --restart=unless-stopped --net=host -v /etc/kubernetes:/etc/kubernetes -v /var/run:/var/run rancher/rancher-agent:v2.3.6 --server https://120.24.X.X --token f88z7jtgn4tz626bql9tpfwcm6fcl449d82r4xssrmzkxtl92cc9hz --ca-checksum f6171cafdaf6623697b2c2328a36864ebb6a4e2c01795bbaa4a8929452d38354 --etcd --controlplane --worker
Unable to find image 'rancher/rancher-agent:v2.3.6' locally
v2.3.6: Pulling from rancher/rancher-agent
······

运行完成后，回到 Rancher 界面，单击完成，可以在Rancher UI上看到集群创建过程，如下











事件当中可以看到部分pod创建失败

• 完成k8s集群创建后镜像

[root@uat-master ~]# docker images
REPOSITORY                                        TAG                     IMAGE ID            CREATED             SIZE
rancher/rancher-agent                             v2.3.6                  697a883e05d0        8 months ago        282MB
rancher/rancher                                   v2.3.6                  b821fa609f1a        8 months ago        674MB
rancher/rke-tools                                 v0.1.56                 8c8e0533fa43        8 months ago        132MB
rancher/hyperkube                                 v1.17.4-rancher1        01abddb46913        9 months ago        1.55GB
rancher/calico-node                               v3.13.0                 d6abb567faf1        9 months ago        260MB
rancher/calico-pod2daemon-flexvol                 v3.13.0                 a6af7d3208c7        9 months ago        111MB
rancher/calico-cni                                v3.13.0                 c2377c6cbeff        9 months ago        207MB
rancher/coredns-coredns                           1.6.5                   70f311871ae1        13 months ago       41.6MB
rancher/coreos-etcd                               v3.4.3-rancher1         a0b920cf970d        14 months ago       83.6MB
rancher/metrics-server                            v0.3.6                  9dd718864ce6        14 months ago       39.9MB
rancher/cluster-proportional-autoscaler           1.7.1                   14afc47fd5af        16 months ago       40.1MB
rancher/nginx-ingress-controller                  nginx-0.25.1-rancher1   a80ffa0b898e        16 months ago       506MB
rancher/kube-api-auth                             v0.1.3                  2817cb463960        21 months ago       149MB
rancher/nginx-ingress-controller-defaultbackend   1.5-rancher1            b5af743e5984        2 years ago         5.13MB
rancher/pause                                     3.1                     da86e6ba6ca1        2 years ago         742kB
[root@uat-master ~]# 

4 安装kubectl

前面发现k8s集权中部分pod不正常，想通过kubectl 查看describe，发现无此命令

[root@uat-master ~]# kubectl 
-bash: kubectl: command not found

详情可参考k8s官网：

4.1 下载kubectl

k8s版本为v1.17.4，我们安装v1.17.3 kubectl， 如果无法下载，可以到http://mirror.cnrancher.com 下载所需资源

[root@uat-master home]# cd /opt
[root@uat-master opt]# mkdir k8s
[root@uat-master opt]# cd k8s/
[root@uat-master k8s]# curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.17.3/bin/linux/amd64/kubectl
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 41.4M  100 41.4M    0     0  11.5M      0  0:00:03  0:00:03 --:--:-- 11.5M
[root@uat-master k8s]# ll
total 42480
-rw-r--r-- 1 root root 43499520 Dec 19 16:55 kubectl

赋予执行权限

[root@uat-master k8s]# chmod +x ./kubectl
[root@uat-master k8s]# ll
total 42480
-rwxr-xr-x 1 root root 43499520 Dec 19 16:55 kubectl
[root@uat-master k8s]# 

复制到PATH

[root@uat-master k8s]# sudo cp ./kubectl /usr/local/bin/kubectl
[root@uat-master k8s]# 

测试一下

[root@uat-master k8s]# kubectl version --client
Client Version: version.Info{Major:"1", Minor:"17", GitVersion:"v1.17.3", GitCommit:"06ad960bfd03b39c8310aaf92d1e7c12ce618213", GitTreeState:"clean", BuildDate:"2020-02-11T18:14:22Z", GoVersion:"go1.13.6", Compiler:"gc", Platform:"linux/amd64"}
[root@uat-master k8s]# 

4.2 配置 kubectl

执行命令kubectl version发现无法访问服务端

[root@uat-master k8s]# kubectl version
Client Version: version.Info{Major:"1", Minor:"17", GitVersion:"v1.17.3", GitCommit:"06ad960bfd03b39c8310aaf92d1e7c12ce618213", GitTreeState:"clean", BuildDate:"2020-02-11T18:14:22Z", GoVersion:"go1.13.6", Compiler:"gc", Platform:"linux/amd64"}
The connection to the server localhost:8080 was refused - did you specify the right host or port?
[root@uat-master k8s]# 

通过 Rancher UI 访问集群，然后单击集群仪表盘页面右上角的Kubeconfig 文件，配置 kubectl，把内容复制粘贴到~/.kube/config文件内即可

[root@uat-master k8s]# mkdir ~/.kube
[root@uat-master k8s]# vi ~/.kube/config

      UJscU1PZDJ0VTI5cS82MkQwOURpRQpRZnNUdFluUHFRdTAxQlI0anFTdGVZV1JudHQ3cGpiQjc1c\
      VpPcG95N2FlU3o2Yjd4bmJ6a2ZzeUF3Nm9EL2ZUClhoZEJPWFBJLzYxSXhrTitzUVlBMEdQWE1aa\
      WFFdm1nbUljQVhMTENPajJTQWxPT0wwR0dHVk04djBpU3k1V1QKSkhSaC9BK09DYzc2Q09uRk4rY\
      TZIU1lmVVM2VEw3U1VUNWhTb2wvNDBGeVlGNk9jcGVnbURpeW9xRmtJQi9PKwpuY3BmTUp2cU1IN\
      FFKWVl6KzN5Uy9ldUMzUForTFhCQWhwbW0zWEswWHdUTUswV24yRlRmVEZGNlNIc0FpYTE0ClVqW\
      WtHZ3F2bVZXeXRRQ2oxQzZ2WjEwRVA5MVZVbjU4ZzhRM05weVhtdFJPTUE9PQotLS0tLUVORCBDR\
      VJUSUZJQ0FURS0tLS0t"
- name: "bingo-uat-master"
······

配置后可以成功运行命令

[root@uat-master k8s]# kubectl version
Client Version: version.Info{Major:"1", Minor:"17", GitVersion:"v1.17.3", GitCommit:"06ad960bfd03b39c8310aaf92d1e7c12ce618213", GitTreeState:"clean", BuildDate:"2020-02-11T18:14:22Z", GoVersion:"go1.13.6", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"17", GitVersion:"v1.17.4", GitCommit:"8d8aa39598534325ad77120c120a22b3a990b5ea", GitTreeState:"clean", BuildDate:"2020-03-12T20:55:23Z", GoVersion:"go1.13.8", Compiler:"gc", Platform:"linux/amd64"}
[root@uat-master k8s]# 

5 添加集群worker节点

将uat-w1节点作为worker角色添加到集群

[root@uat-w1 ~]# sudo docker run -d --privileged --restart=unless-stopped --net=host -v /etc/kubernetes:/etc/kubernetes -v /var/run:/var/run rancher/rancher-agent:v2.3.6 --server https://120.24.108.76 --token f88z7jtgn4tz626bql9tpfwcm6fcl449d82r4xssrmzkxtl92cc9hz --ca-checksum f6171cafdaf6623697b2c2328a36864ebb6a4e2c01795bbaa4a8929452d38354 --worker
Unable to find image 'rancher/rancher-agent:v2.3.6' locally
······
Digest: sha256:4913a649dcad32fd0a48ab6442192f441b573f76e22db316468690f269ac5d00
Status: Downloaded newer image for rancher/rancher-agent:v2.3.6
80304377242ec9f97d57a9ce5d77973a7594542c16cf8c342af2673bf8a7c67c
[root@uat-w1 ~]# docker iamges
docker: 'iamges' is not a docker command.
See 'docker --help'
[root@uat-w1 ~]# docker images
REPOSITORY              TAG                 IMAGE ID            CREATED             SIZE
rancher/rancher-agent   v2.3.6              697a883e05d0        8 months ago        282MB
rancher/rke-tools       v0.1.56             8c8e0533fa43        8 months ago        132MB
[root@uat-w1 ~]# 

节点uat-w1添加成功
同理将uat-w2节点作为worker角色添加到集群

[root@uat-master ~]# kubectl get nodes
NAME         STATUS   ROLES                      AGE     VERSION
uat-master   Ready    controlplane,etcd,worker   5h10m   v1.17.4
uat-w1       Ready    worker                     3h29m   v1.17.4
uat-w2       Ready    worker                     3h20m   v1.17.4

[root@uat-master ~]# 

6 排查处理异常POD（nginx-ingress-controller部署异常）

6.1 kubectl describe 查看POD异常原因

[root@uat-master k8s]# kubectl describe pod nginx-ingress-controller-zkh49 -n ingress-nginx
Name:         nginx-ingress-controller-zkh49 
Namespace:    ingress-nginx
Priority:     0
Node:         uat-master/172.18.30.215
Start Time:   Sat, 19 Dec 2020 16:16:12 +0800
Labels:       app=ingress-nginx
              controller-revision-hash=5b8774bcbf
              pod-template-generation=1
Annotations:  prometheus.io/port: 10254
              prometheus.io/scrape: true
Status:       Running
IP:           172.18.30.215
IPs:
  IP:           172.18.30.215
Controlled By:  DaemonSet/nginx-ingress-controller
Containers:
  nginx-ingress-controller:
    Container ID:  docker://974f9f27d429f1096c8a0dc821afa75c041d10df6a22a97c12881ea8783eee99
    Image:         rancher/nginx-ingress-controller:nginx-0.25.1-rancher1
    Image ID:      docker-pullable://rancher/nginx-ingress-controller@sha256:b5b59d579b7e5ff3a032db0f6dfc405dd4b7e1961307dd0926574d7182e7caf6
    Ports:         80/TCP, 443/TCP
    Host Ports:    80/TCP, 443/TCP
······
Events:
  Type     Reason   Age                    From                 Message
  ----     ------   ----                   ----                 -------
  Normal   Scheduled  <unknown>          default-scheduler    Successfully assigned ingress-nginx/nginx-ingress-controller-7b7cz to uat-master
  Normal   Pulled     23s (x4 over 79s)  kubelet, uat-master  Container image "rancher/nginx-ingress-controller:nginx-0.25.1-rancher1" already present on machine
  Normal   Created    23s (x4 over 78s)  kubelet, uat-master  Created container nginx-ingress-controller
  Normal   Started    23s (x4 over 78s)  kubelet, uat-master  Started container nginx-ingress-controller
  Warning  BackOff    8s (x9 over 77s)   kubelet, uat-master  Back-off restarting failed container
[root@uat-master k8s]# 

• 如果镜像下载失败（这里并不是），手动下载镜像rancher/nginx-ingress-controller:nginx-0.25.1-rancher1

[root@uat-master k8s]# docker pull rancher/nginx-ingress-controller:nginx-0.25.1-rancher1
nginx-0.25.1-rancher1: Pulling from rancher/nginx-ingress-controller
Digest: sha256:b5b59d579b7e5ff3a032db0f6dfc405dd4b7e1961307dd0926574d7182e7caf6
Status: Image is up to date for rancher/nginx-ingress-controller:nginx-0.25.1-rancher1
[root@uat-master k8s]# 

• 删除POD

[root@uat-master k8s]# kubectl delete pod nginx-ingress-controller-zkh49 -n ingress-nginx
pod "nginx-ingress-controller-nw8dj" deleted
[root@uat-master k8s]# 

6.2 kubectl logs查看POD部署失败原因

[root@uat-master k8s]# kubectl logs nginx-ingress-controller-7b7cz -n ingress-nginx
]-------------------------------------------------------------------------------
NGINX Ingress controller
  Release:       nginx-0.25.1-rancher1
  Build:         
  Repository:    https://github.com/rancher/ingress-nginx.git
  nginx version: openresty/1.15.8.1

-------------------------------------------------------------------------------

F1219 09:26:19.674960       6 main.go:63] port 80 is already in use. Please check the flag --http-port
[root@uat-master k8s]# ]

这里发现是端口被占用，查看80端口占用情况

[root@uat-master k8s]# lsof -i:80
-bash: lsof: command not found
[root@uat-master k8s]# yum -y install lsof
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
···
Complete!
[root@uat-master k8s]# lsof -i:80
COMMAND     PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
AliYunDun  1598 root   22u  IPv4  19999      0t0  TCP iZwz95vgpp2rrbuv5gy1b0Z:34476->100.100.30.26:http (ESTABLISHED)
docker-pr 12715 root    4u  IPv6  57926      0t0  TCP *:http (LISTEN)
[root@uat-master k8s]# 

6.3 重新部署Nginx Ingress controller组件

我们安装Rancher时确实占用了80端口。而且Nginx Ingress controller组件还是以DaemonSet类型部署，实验后发现Nginx Ingress controller端口无法修改，如下图

因此要么把Rancher部署到其它主机上，释放80及443端口，另一种办法是调整调度策略，让Nginx Ingress controller组件不调度到uat-master节点上。这里采用后者，通过在主机节点上打标签的方式指定Nginx Ingress controller调度到uat-w1节点。

• 给uat-w1打标签

[root@uat-master ~]# kubectl label node uat-w1 ingress=nginx
node/uat-w1 labeled
[root@uat-master ~]# 

• 下载并修改nginx-ingress-controller.yaml
  
  
• 重新部署Nginx Ingress controller

导入YAML

从文件读取，选择刚下载的nginx-ingress-controller.yaml

• 重新部署成功，Nginx Ingress controller组件只调度到了uat-w1节点
  

7 部署个Demo应用简单体验下

7.1 部署工作负载

• 在Default项目下，以Deployment方式部署hello-world应用，2个POD
  
• 部署成功
  
• 同时自动生产了服务发现
  

7.2 暴露服务

• 在Default项目下新建负载均衡

使用自动生成.xip.io后缀域名

• 成功访问

如果打开浏览器的机器与k8s集群（nginx-ingress-control组件）不在统一局域网内，则需要配置hosts才能成功访问。

如果有域名解析服务，可以使用自定义域名