系统环境

Docker版本：19.03.5
k8s版本：1.20.0
Rancher: v2.4.5

Rancher介绍

Rancher简介

Rancher是一个开源的企业级多集群Kubernetes管理平台，实现了Kubernetes集群在混合云+本地数据中心的集中部署与管理，以确保集群的安全性，加速企业数字化转型，官网:https://docs.rancher.cn/

Rancher和k8s区别

Rancher和k8s都是用来作为容器的调度与编排系统。但是rancher不仅能够管理应用容器，更重要的一点是能够管理k8s集群。Rancher2.x底层基于k8s调度引擎，通过Rancher的封装，用户可以在不熟悉k8s概念的情况下轻松的通过Rancher来部署容器到k8s集群当中

Rancher部署

安装rancher

[root@rancher ~]# docker pull rancher/rancher-agent:v2.4.5
[root@rancher ~]# docker pull rancher/rancher:v2.4.5
#宿主机持久化目录创建
[root@rancher ~]# mkdir -p /data/rancher
#注：unless-stopped，在容器退出时总是重启容器，但是不考虑在Docker守护进程启动时就已经停止了的容器
[root@rancher ~]# docker run -d --restart=unless-stopped -p 80:80 -p 443:443 -v /data/rancher:/var/lib/rancher/ --privileged --name rancher rancher/rancher:v2.4.5
[root@rancher ~]# docker ps -a|grep rancher
5d7aa6ae74f2        rancher/rancher:v2.5.7   "entrypoint.sh"     9 seconds ago       Up 8 seconds        0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp   rancher

登录Rancher平台

浏览器输入IP地址，即可访问，由于未使用授信证书会有报警，忽略即可
rancher1

点击右下角了设置成中文
rancher2

Rancher管理k8s集群

选择添加集群，并导入存在的集群
rancher3

rancher4

rancher5

在k8s集群master节点上执行上面的命令

#查看node节点kubelet配置中的USER_ACCOUNT，默认是default-auth
[root@k8s01 ~]# cat /etc/kubernetes/kubelet.conf|grep user
    user: system:node:xxxxx
users:
  user:
[root@k8s01 ~]# kubectl create clusterrolebinding cluster-admin-binding --clusterrole cluster-admin --user system:node:xxx

[root@k8s01 ~]# curl --insecure -sfL https://10.x.0.x/v3/import/p9zvgtrv9w926gfrmfqkmmz2wpvsbvchcx85vsln8825lj89lkpnbx_c-mnpx8.yaml | kubectl apply -f -
error: no objects passed to apply
#再执行一次
[root@k8s01 ~]# curl --insecure -sfL https://10.x.0.x/v3/import/p9zvgtrv9w926gfrmfqkmmz2wpvsbvchcx85vsln8825lj89lkpnbx_c-mnpx8.yaml | kubectl apply -f -
clusterrole.rbac.authorization.k8s.io/proxy-clusterrole-kubeapiserver unchanged
clusterrolebinding.rbac.authorization.k8s.io/proxy-role-binding-kubernetes-master unchanged
namespace/cattle-system created
serviceaccount/cattle created
clusterrolebinding.rbac.authorization.k8s.io/cattle-admin-binding unchanged
secret/cattle-credentials-f491ac3 created
clusterrole.rbac.authorization.k8s.io/cattle-admin unchanged
deployment.apps/cattle-cluster-agent created

[root@k8s01 ~]# kubectl get -n cattle-system po
NAME                                    READY   STATUS    RESTARTS   AGE
cattle-cluster-agent-65b997d45b-8fd2p   1/1     Running   0          61s
cattle-node-agent-6p4mh                 1/1     Running   0          51s
cattle-node-agent-rfwdp                 1/1     Running   0          44s
cattle-node-agent-vr7qj                 1/1     Running   0          36s

执行完上面截图中的第三步骤后，观察下导入的集群的状态，状态依次从"Waiting" 变为 “Active”
rancher6

rancher7

点击上图右上角的"执行kubelet命令行"，就可以在webshell里面通过kubelet命令查看集群信息了
rancher8

配置域名访问

[root@tools conf.d]# vim rancher.conf 
map $http_upgrade $connection_upgrade {
        default Upgrade;
        ''      close;
}
server {
   listen               80;
   server_name          rancher.xxx.cn;
   client_max_body_size  250M;
   rewrite ^(.*)$ https://$host$1 permanent;
}

server {
    listen               443 ssl;
    server_name          rancher.xxx.cn;
    ssl_certificate     ssl/xx.cn.pem;
    ssl_certificate_key ssl/xx.cn.key;
    ssl_session_cache    shared:SSL:1m;
    ssl_session_timeout  5m;
    ssl_ciphers  HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers  on;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    add_header Access-Control-Allow-Origin *;
    location / {
        proxy_pass https://10.x.x.x:443;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Port $server_port;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
        proxy_read_timeout 900s;
    }
}

配置完成后重载nginx配置，即可通过域名访问