rancher接管集群与使用

[root@k8s-master ~]# docker pull rancher/rancher-agent:v2.5.7

[root@rancher ~]# docker pull rancher/rancher:v2.5.7
 

[root@rancher ~]# docker run -d --restart=unless-stopped -p 80:80 -p 443:443 --privileged --name rancher rancher/rancher:v2.5.7
 
[root@rancher ~]# docker ps -a|grep rancher
7e4498d84972        rancher/rancher:v2.5.7   "entrypoint.sh"     6 seconds ago       Up 5 seconds        0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp   rancher

再master上执行

[root@master ~]# curl --insecure -sfL https://192.168.1.100/v3/import/kh4t7pmn484cm5cbvtzqdhqxkddpqqt9pwdlpkc49t24ts42k9wlqv_c-zjqlm.yaml | kubectl apply -f -
error: no objects passed to apply       #第一次执行失败了，再次执行下，可以看下这个yaml
[root@master ~]# curl --insecure -sfL https://192.168.1.100/v3/import/kh4t7pmn484cm5cbvtzqdhqxkddpqqt9pwdlpkc49t24ts42k9wlqv_c-zjqlm.yaml

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: proxy-clusterrole-kubeapiserver
rules:
- apiGroups: [""]
  resources:
  - nodes/metrics
  - nodes/proxy
  - nodes/stats
  - nodes/log
  - nodes/spec
  verbs: ["get", "list", "watch", "create"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: proxy-role-binding-kubernetes-master
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: proxy-clusterrole-kubeapiserver
subjects:
- apiGroup: rbac.authorization.k8s.io
  kind: User
  name: kube-apiserver
---
apiVersion: v1
kind: Namespace
metadata:
  name: cattle-system

---

apiVersion: v1
kind: ServiceAccount
metadata:
  name: cattle
  namespace: cattle-system

---

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: cattle-admin-binding
  namespace: cattle-system
  labels:
    cattle.io/creator: "norman"
subjects:
- kind: ServiceAccount
  name: cattle
  namespace: cattle-system
roleRef:
  kind: ClusterRole
  name: cattle-admin
  apiGroup: rbac.authorization.k8s.io

---

apiVersion: v1
kind: Secret
metadata:
  name: cattle-credentials-e3d444c
  namespace: cattle-system
type: Opaque
data:
  url: "aHR0cHM6Ly8xOTIuMTY4LjEuMTAw"
  token: "a2g0dDdwbW40ODRjbTVjYnZ0enFkaHF4a2RkcHFxdDlwd2RscGtjNDl0MjR0czQyazl3bHF2"
  namespace: ""

---

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: cattle-admin
  labels:
    cattle.io/creator: "norman"
rules:
- apiGroups:
  - '*'
  resources:
  - '*'
  verbs:
  - '*'
- nonResourceURLs:
  - '*'
  verbs:
  - '*'

---

apiVersion: apps/v1
kind: Deployment
metadata:
  name: cattle-cluster-agent
  namespace: cattle-system
spec:
  selector:
    matchLabels:
      app: cattle-cluster-agent
  template:
    metadata:
      labels:
        app: cattle-cluster-agent
    spec:
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
              - matchExpressions:
                - key: beta.kubernetes.io/os
                  operator: NotIn
                  values:
                    - windows
          preferredDuringSchedulingIgnoredDuringExecution:
          - preference:
              matchExpressions:
              - key: node-role.kubernetes.io/controlplane
                operator: In
                values:
                - "true"
            weight: 100
          - preference:
              matchExpressions:
              - key: node-role.kubernetes.io/control-plane
                operator: In
                values:
                - "true"
            weight: 100
          - preference:
              matchExpressions:
              - key: node-role.kubernetes.io/master
                operator: In
                values:
                - "true"
            weight: 100
          - preference:
              matchExpressions:
              - key: cattle.io/cluster-agent
                operator: In
                values:
                - "true"
            weight: 1
      serviceAccountName: cattle
      tolerations:
      # No taints or no controlplane nodes found, added defaults
      - effect: NoSchedule
        key: node-role.kubernetes.io/controlplane
        value: "true"
      - effect: NoSchedule
        key: "node-role.kubernetes.io/control-plane"
        operator: "Exists"
      - effect: NoSchedule
        key: "node-role.kubernetes.io/master"
        operator: "Exists"
      containers:
        - name: cluster-register
          imagePullPolicy: IfNotPresent
          env:
          - name: CATTLE_FEATURES
            value: ""
          - name: CATTLE_IS_RKE
            value: "false"
          - name: CATTLE_SERVER
            value: "https://192.168.1.100"
          - name: CATTLE_CA_CHECKSUM
            value: "0a0d8b1c6aa5e2bb4830adf1d728141d176e0bf559f87f650caa129afa710501"
          - name: CATTLE_CLUSTER
            value: "true"
          - name: CATTLE_K8S_MANAGED
            value: "true"
          image: rancher/rancher-agent:v2.5.7
          volumeMounts:
          - name: cattle-credentials
            mountPath: /cattle-credentials
            readOnly: true
          readinessProbe:
            initialDelaySeconds: 2
            periodSeconds: 5
            httpGet:
              path: /health
              port: 8080
      volumes:
      - name: cattle-credentials
        secret:
          secretName: cattle-credentials-e3d444c
          defaultMode: 320

[root@master ~]# curl --insecure -sfL https://192.168.1.100/v3/import/kh4t7pmn484cm5cbvtzqdhqxkddpqqt9pwdlpkc49t24ts42k9wlqv_c-zjqlm.yaml | kubectl apply -f -
clusterrole.rbac.authorization.k8s.io/proxy-clusterrole-kubeapiserver created
clusterrolebinding.rbac.authorization.k8s.io/proxy-role-binding-kubernetes-master created
namespace/cattle-system created
serviceaccount/cattle created
clusterrolebinding.rbac.authorization.k8s.io/cattle-admin-binding created
secret/cattle-credentials-e3d444c created
clusterrole.rbac.authorization.k8s.io/cattle-admin created
deployment.apps/cattle-cluster-agent created

由于每个节点都要拉取rancher/rancher-agent镜像，执行后需要等待一段时间。集群才会ok

上面的资源只有2C2G，进去集群看下信息，master自带了taints，执行命令查看确实带有

[root@master ~]# kubectl describe node master | grep Taints
Taints:             node-role.kubernetes.io/master:NoSchedule

监控的启用

根据实际需求，配置启用关于prometheus与granfa不再介绍

Rncher仪表盘管理k8s集群：部署nginx服务

[root@master ~]# kubectl get namespace beta
NAME   STATUS   AGE
beta   Active   31s
[root@master ~]# kubectl describe namespace beta
Name:         beta
Labels:       <none>
Annotations:  cattle.io/status:
                {"Conditions":[{"Type":"ResourceQuotaInit","Status":"True","Message":"","LastUpdateTime":"2022-09-28T14:08:38Z"},{"Type":"InitialRolesPopu...
              field.cattle.io/containerDefaultResourceLimit: {"limitsCpu":"0m","limitsMemory":"0Mi","requestsCpu":"0m","requestsMemory":"0Mi"}
              lifecycle.cattle.io/create.namespace-auth: true
Status:       Active

No resource quota.

Resource Limits
 Type       Resource  Min  Max  Default Request  Default Limit  Max Limit/Request Ratio
 ----       --------  ---  ---  ---------------  -------------  -----------------------
 Container  cpu       -    -    0                0              -
 Container  memory    -    -    0                0              -
 Container  cpu       -    -    0                0              -
 Container  memory    -    -    0                0              -

创建Deployment资源

根据自己的需求，选择配置试用的选项

[root@master ~]# kubectl get pod -nbeta
NAME                        READY   STATUS              RESTARTS   AGE
nginx-web-7b8f4d468-v79mn   0/1     ContainerCreating   0          55s
[root@master ~]# kubectl get svc -nbeta
NAME                 TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)        AGE
nginx-web            ClusterIP   10.101.229.201   <none>        80/TCP         74s
nginx-web-nodeport   NodePort    10.104.58.18     <none>        80:30080/TCP   74s
[root@master ~]# kubectl get pod -owide -nbeta
NAME                        READY   STATUS    RESTARTS   AGE   IP            NODE    NOMINATED NODE   READINESS GATES
nginx-web-7b8f4d468-v79mn   1/1     Running   0          97s   10.244.2.13   node1   <none>           <none>

也可以分开创建deployment与service