rancher部署
//
# rancher部署
Rancher 是为使用容器的公司打造的容器管理平台。
Rancher 简化了使用 Kubernetes 的流程,开发者可以随处运行 Kubernetes(Run Kubernetes Everywhere),满足 IT 需求规范,赋能 DevOps 团队。
- docker运行rancher
docker run -d --restart=unless-stopped --privileged --name rancher -p 2443:443 -v /opt/rancher:/var/lib/rancher rancher/rancher:v2.6.12
cd /opt
echo 'Asia/Shanghai' >> /etc/timezone
cat >docker-compose-rancher.yml<<EOF
version: '3'
services:
rancher:
restart: always
container_name: rancher
image: rancher/rancher:v2.6.12
working_dir: /var/lib/rancher
volumes:
- /etc/localtime:/etc/localtime
- /etc/timezone:/etc/timezone
- ./rancher:/var/lib/rancher
ports:
- "80:80"
- "443:443"
privileged: true
#entrypoint: ["entrypoint.sh","--acme-domain","rancher.yfklife.cn"]
EOF
docker-compose -f docker-compose-rancher.yml up -d
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
- 使用nginx代理
upstream rancher{
server 127.0.0.1:2443;
}
server
{
server_name rancher.yfklife.cn;
listen 80;
listen 443 ssl;
#client_max_body_size 0;
#proxy_max_temp_file_size 0;
ssl_certificate ssl/yfklife.crt;
ssl_certificate_key ssl/yfklife.key;
ssl_session_timeout 10m;
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_ciphers '!aNULL:!MD5:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-WITH-AES128-GCM-SHA256';
location / {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Accept-Encoding 'gzip';
##配置使wss协议生效
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
client_max_body_size 2G;
proxy_pass https://rancher;
}
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
# rancher tls证书更新
- 证书过期,日志
证书存放路径:${path}/rancher/k3s/server/tls/
2023-01-09 03:26:36.268080 I | http: TLS handshake error from 127.0.0.1:43456: remote error: tls: bad certificate
2023/01/09 03:26:36 [INFO] Waiting for server to become available: Get https://127.0.0.1:6443/version?timeout=30s: x509: certificate h not yet valid
1
2
2
- 修复命令,
docker exec -it rancher bash #进入容器
kubectl --insecure-skip-tls-verify -n kube-system delete secrets k3s-serving
kubectl --insecure-skip-tls-verify delete secret serving-cert -n cattle-system
rm -f /var/lib/rancher/k3s/server/tls/dynamic-cert.json
curl --insecure -sfL https://127.0.0.1:6443/v3
exit #退出容器
#重启容器
docker restart rancher
1
2
3
4
5
6
7
8
9
2
3
4
5
6
7
8
9
# 使用自有证书
- rancher-docker-compose.yml
提前创建目录:./etc/ssl ,放置证书 pem/cert 和key
echo 'Asia/Shanghai' > /etc/timezone
version: '3'
services:
rancher:
restart: always
container_name: rancher
image: rancher/rancher:v2.6.12
working_dir: /var/lib/rancher
volumes:
- /etc/localtime:/etc/localtime
- /etc/timezone:/etc/timezone
- ./lib:/var/lib/rancher
- ./etc/ssl/cert.pem:/etc/rancher/ssl/cert.pem
- ./etc/ssl/cert.key:/etc/rancher/ssl/key.pem
extra_hosts:
- "rancher.yfklife.cn:127.0.0.1"
ports:
- "38082:80"
- "8443:443"
privileged: true
entrypoint: ["entrypoint.sh","--no-cacerts"]
#entrypoint: ["entrypoint.sh","--acme-domain","rancher.yfklife.cn"]
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
- 配置nginx
vi /etc/nginx/conf.d/rancher.conf
server
{
listen 80;
listen 443 ssl;
server_name rancher.yfklife.cn;
ssl_certificate ssl/yfklife.cn.pem;
ssl_certificate_key ssl/yfklife.cn.key;
ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5:!EXPORT56:!EXP;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
location ^~ /
{
proxy_pass https://127.0.0.1:8443/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
//
如果此文章对您有帮助,点击 -->> 请博主喝咖啡 (opens new window)
上次更新: 2024/04/15, 09:37:40