前提:
1,k8s自带的dashboard界面不友好,使用不方便,安装rancher页面,方便使用,同时rancher支持多种监控一件安装,cicd一键集成,极大方便了使用者。
2,rancher使用rancher自定义证书,方便安装,使用域名testing-k8s.yunwei.com,端口30443,服务器ip172.21.1.48
3,使用helm安装。helm是类似yum的安装工具,推荐用helm安装,再进行修改定制。
安装步骤:
1,创建专用命名空间
kubectl create ns cattle-system
2,添加rancher chart
helm repo add rancher-stable https://releases.rancher.com/server-charts/stable
3,创建证书管理服务
kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v0.15.0/cert-manager.crds.yaml
kubectl create namespace cert-manager
helm repo add jetstack https://charts.jetstack.io
helm repo update
helm install \
cert-manager jetstack/cert-manager \
--namespace cert-manager \
--version v0.15.0
4,安装rancher
helm install rancher rancher-stable/rancher \
--namespace cattle-system \
--set hostname=testing-k8s.yunwei.com
5,创建nodeport类型svc,k8s外部网络可以通过ingress访问rancher页面。默认安装的rancher节点属于ingress control,不能在外网直接访问
cat <<eof>rancher-nodeport-svc.yaml
apiVersion: v1
kind: Service
metadata:
name: rancher-ingress-nodeport
namespace: cattle-system
labels:
app: ranche
app.kubernetes.io/managed-by: Helm
chart: rancher-2.4.5
heritage: Helm
release: rancher
spec:
type: NodePort
ports:
- name: http
port: 80
targetPort: 80
nodePort: 30080
protocol: TCP
- name: https
port: 443
targetPort: 443
nodePort: 30443
protocol: TCP
selector:
app: rancher
eof
kubectl apply -f rancher-nodeport-svc.yaml
6,创建ingress,对应上面创建的svc
cat <<eof>rancher-nodeport-ing.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
certmanager.k8s.io/issuer: rancher
meta.helm.sh/release-name: rancher
meta.helm.sh/release-namespace: cattle-system
nginx.ingress.kubernetes.io/proxy-connect-timeout: "30"
nginx.ingress.kubernetes.io/proxy-read-timeout: "1800"
nginx.ingress.kubernetes.io/proxy-send-timeout: "1800"
labels:
app: rancher
app.kubernetes.io/managed-by: Helm
chart: rancher-2.4.5
heritage: Helm
release: rancher
name: rancher-nodeport
namespace: cattle-system
spec:
rules:
- host: testing-k8s.yunwei.com
http:
paths:
- backend:
serviceName: rancher-ingress-nodeport
servicePort: 80
pathType: ImplementationSpecific
tls:
- hosts:
- testing-k8s.yunwei.com
secretName: tls-rancher-ingress
eof
kubectl apply -f rancher-nodeport-ing.yaml
7,做dns解析,或者绑定hosts
172.21.1.48 testing-k8s.yunwei.com
8,全部安装完成,使用https://testing-k8s.yunwei.com:30443即可访问rancher页面
9,使用rancher安装prometheus+grafana监控
在rancher页面点击tool - monitoring - enable
监控自动安装,安装后点击grafana图标即可查看数据
cluster
pod