kubenetes-rancher multi-cluster management (XXII)

Outline

Rancher is a container management platform, it can help organizations quickly and easily deploy and manage the container in a production environment. Rancher Kubernetes can easily manage a variety of environments to meet the needs of IT and provide support for DevOps team.

Kubernetes not only has become a standard container arrangement, it is rapidly becoming the standard infrastructure of various types of cloud and virtualization vendors. Rancher Kubernetes user can choose to create a cluster using Rancher Kubernetes Engine (RKE), it can also be used GKE, AKS and EKS Kubernetes and other cloud services. Rancher Users can also import and manage existing Kubernetes cluster.

Rancher support a variety of centralized authentication system to manage Kubernetes cluster. For example, large enterprise employees can use Active Directory credentials to access their company Kubernetes cluster of GKE. IT administrators can set access control and security policies at the user, group, project, cluster and cloud. IT administrators can monitor the health and capacity of all Kubernetes cluster in a single page.

Rancher DevOps engineers to provide an intuitive user interface to manage their container service, users do not understand the concept of Kubernetes you can start using Rancher. Rancher contains application store, to support one-click deployment Helm and Compose template. Rancher through a variety of cloud, the local eco-system product certification, including security tools, monitoring systems, warehouses and container storage and network drivers. The following figure illustrates the role IT plays in the Rancher and DevOps organization. Each team will deploy the application on their choice of a public or private cloud.

kubernetes deployed rancher

Deployment documentation: https: //www.cnrancher.com/docs/rancher/v2.x/cn/installation/other/

#生成证书
[root@localhost ~]# openssl genrsa -out tls.key 2048
Generating RSA private key, 2048 bit long modulus
......+++
....+++
e is 65537 (0x10001)
[root@localhost ~]# openssl req -new -x509 -key tls.key -out tls.crt -subj /C=CN/ST=Beijing/L=Beijing/O=DevOps/CN=sslrancher.foo.com
[root@localhost ~]# mv tls.* cert/
[root@localhost ~]# ll cert/
-rw-r--r-- 1 root root 1298 Jul  2 09:30 tls.crt
-rw-r--r-- 1 root root 1679 Jul  2 09:29 tls.key

#创建命名空间
[root@localhost ~]# kubectl create namespace cattle-system
namespace/cattle-system created
[root@localhost ~]# kubectl -n cattle-system create secret tls tls-rancher-ingress --cert=./cert/tls.crt --key=./cert/tls.key 
secret/tls-rancher-ingress created

#添加chats仓库
[root@localhost ~]# helm repo add rancher-stable https://releases.rancher.com/server-charts/stable
"rancher-stable" has been added to your repositories
[root@localhost ~]# helm repo list
NAME              URL                                                   
local             http://127.0.0.1:8879/charts                          
stable            https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts
rancher-stable    https://releases.rancher.com/server-charts/stable

#helm部署rancher
[root@localhost ~]# helm install rancher-stable/rancher --name rancher --namespace cattle-system --set hostname=sslrancher.foo.com --set ingress.tls.source=secret
NAME:   rancher
LAST DEPLOYED: Tue Jul  2 09:36:28 2019
NAMESPACE: cattle-system
STATUS: DEPLOYED

RESOURCES:
==> v1/ClusterRoleBinding
NAME     AGE
rancher  5s

==> v1/Deployment
NAME     READY  UP-TO-DATE  AVAILABLE  AGE
rancher  0/3    3           0          5s

==> v1/Pod(related)
NAME                     READY  STATUS             RESTARTS  AGE
rancher-d95d845c9-7n8rn  0/1    ContainerCreating  0         4s
rancher-d95d845c9-pw5gf  0/1    ContainerCreating  0         3s
rancher-d95d845c9-wcl2r  0/1    ContainerCreating  0         3s

==> v1/Service
NAME     TYPE       CLUSTER-IP  EXTERNAL-IP  PORT(S)  AGE
rancher  ClusterIP  10.0.0.100  <none>       80/TCP   5s

==> v1/ServiceAccount
NAME     SECRETS  AGE
rancher  1        6s

==> v1beta1/Ingress
NAME     HOSTS               ADDRESS  PORTS  AGE
rancher  sslrancher.foo.com  80, 443  4s


NOTES:
Rancher Server has been installed.

NOTE: Rancher may take several minutes to fully initialize. Please standby while Certificates are being issued and Ingress comes up.

Check out our docs at https://rancher.com/docs/rancher/v2.x/en/

Browse to https://sslrancher.foo.com

Happy Containering!

#查看pod
[root@localhost ~]# kubectl get all -n cattle-system
NAME                          READY   STATUS    RESTARTS   AGE
pod/rancher-d95d845c9-7n8rn   1/1     Running   0          110s
pod/rancher-d95d845c9-pw5gf   1/1     Running   0          109s
pod/rancher-d95d845c9-wcl2r   1/1     Running   0          109s

NAME              TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)   AGE
service/rancher   ClusterIP   10.0.0.100   <none>        80/TCP    111s

NAME                      READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/rancher   3/3     3            3           111s

NAME                                DESIRED   CURRENT   READY   AGE
replicaset.apps/rancher-d95d845c9   3         3         3       110s
[root@localhost ~]# kubectl get ingress -n cattle-system
NAME      HOSTS                ADDRESS   PORTS     AGE
rancher   sslrancher.foo.com             80, 443   2m10s

Browser access

 Manage existing clusters kubernetes

Rancher manage existing Kubernetes cluster, by starting a service in an existing Kubernetes Rancher Agent cluster, could host the entire Kubernetes cluster, and then import it in the Rancher UI.

 

Reference material

• Github Rancher
• Rancher 2.x Docs