rancher部署

Rancher 是为使用容器的公司打造的容器管理平台。
Rancher 简化了使用 Kubernetes 的流程，开发者可以随处运行 Kubernetes（Run Kubernetes Everywhere），满足 IT 需求规范，赋能 DevOps 团队。

• docker运行rancher

hubDocker (opens new window)

docker run -d --restart=unless-stopped --privileged --name rancher -p 2443:443 -v /opt/rancher:/var/lib/rancher rancher/rancher:v2.5.15

• 使用nginx代理

upstream rancher{
	server 127.0.0.1:2443;
}
server
{
    server_name rancher.yfklife.cn;
    listen 80;
    listen 443 ssl;
	
    #client_max_body_size 0;
    #proxy_max_temp_file_size 0;
    ssl_certificate ssl/yfklife.crt;
    ssl_certificate_key ssl/yfklife.key;
    ssl_session_timeout 10m;
    ssl_protocols TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_ciphers '!aNULL:!MD5:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-WITH-AES128-GCM-SHA256';

    location / {
        proxy_redirect off;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Accept-Encoding 'gzip';
        
        ##配置使wss协议生效
        proxy_http_version 1.1;    
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        
        client_max_body_size 2G;
        proxy_pass       https://rancher;
    }
}

rancher tls证书更新

• 证书过期，日志

证书存放路径：${path}/rancher/k3s/server/tls/

2023-01-09 03:26:36.268080 I | http: TLS handshake error from 127.0.0.1:43456: remote error: tls: bad certificate
2023/01/09 03:26:36 [INFO] Waiting for server to become available: Get https://127.0.0.1:6443/version?timeout=30s: x509: certificate h not yet valid

• 修复命令，

docker exec -it rancher bash #进入容器
kubectl --insecure-skip-tls-verify -n kube-system delete secrets k3s-serving
kubectl --insecure-skip-tls-verify delete secret serving-cert -n cattle-system
rm -f /var/lib/rancher/k3s/server/tls/dynamic-cert.json
curl --insecure -sfL https://127.0.0.1:6443/v3
exit #退出容器

#重启容器
docker restart rancher