Rancher Requirements

出自ChevyneWiki
於 2021年1月28日 (四) 13:34 由 Chevyne留言 | 貢獻 所做的修訂
跳至導覽 跳至搜尋

RKE

high-availability RKE cluster

  • Three Linux nodes, typically virtual machines, in an infrastructure provider such as Amazon’s EC2, Google Compute Engine, or vSphere.
These nodes must be in the same region/data center. You may place these servers in separate availability zones.
Rancher server data is stored on etcd database that runs on all three nodes.
  • etcd is a distributed reliable key-value store for the most critical data of a distributed system, with a focus: Simple, Secure, Fast & Reliable.
etcd database requires an odd number of nodes so that it can always elect a leader with a majority of the etcd cluster.
general installation requirements for OS, container runtime, hardware, and networking.
Deployment Size Clusters Nodes vCPUs RAM
Small Up to 150 Up to 1500 2 8 GB
Medium Up to 300 Up to 3000 4 16 GB
Large Up to 500 Up to 5000 8 32 GB
X-Large Up to 1000 Up to 10,000 16 64 GB
XX-Large Up to 2000 Up to 20,000 32 128 GB
Contact Rancher for more than 2000 clusters and/or 20,000 nodes.
  • A load balancer to direct front-end traffic to the three nodes.
RKE tool will deploy an NGINX Ingress controller.
This controller will listen on ports 80 and 443 of the worker nodes, answering traffic destined for specific hostnames.
  • A layer-4 load balancer
Install NGINX, stream module is required.
/etc/nginx/nginx.conf
worker_processes 4;
worker_rlimit_nofile 40000;

events {
    worker_connections 8192;
}

stream {
    upstream rancher_servers_http {
        least_conn;
        server <IP_NODE_1>:80 max_fails=3 fail_timeout=5s;
        server <IP_NODE_2>:80 max_fails=3 fail_timeout=5s;
        server <IP_NODE_3>:80 max_fails=3 fail_timeout=5s;
    }
    server {
        listen 80;
        proxy_pass rancher_servers_http;
    }

    upstream rancher_servers_https {
        least_conn;
        server <IP_NODE_1>:443 max_fails=3 fail_timeout=5s;
        server <IP_NODE_2>:443 max_fails=3 fail_timeout=5s;
        server <IP_NODE_3>:443 max_fails=3 fail_timeout=5s;
    }
    server {
        listen     443;
        proxy_pass rancher_servers_https;
    }

}

docker run -d --restart=unless-stopped \
  -p 80:80 -p 443:443 \
  -v /etc/nginx.conf:/etc/nginx/nginx.conf \
  nginx:1.14
  • A layer-7 load balancer
  • A DNS record to map a URL to the load balancer. This will become the Rancher server URL, and downstream Kubernetes clusters will need to reach it.

RancherD

Deployment Size Clusters Nodes vCPUs RAM
Small Up to 5 Up to 50 2 5 GB
Medium Up to 15 Up to 200 3 9 GB

Worker

Linux

  • Install the Required CLI Tools
kubectl - Kubernetes command-line tool.
helm - Package management for Kubernetes.
  • Add the Helm Chart Repository
helm repo add rancher-stable https://releases.rancher.com/server-charts/stable
  • Create a Namespace for Rancher
kubectl create namespace cattle-system
  • Choose your SSL Configuration
Configuraton Helm Chart Option Requires cert-manager
Rancher Generated Certificates (Default) ingress.tls.source=rancher yes
Let’s Encrypt ingress.tls.source=letsEncrypt yes
Certificates from Files ingress.tls.source=secret no
  • Install cert-manager (if requires)
# Install the CustomResourceDefinition resources separately
kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v1.0.4/cert-manager.crds.yaml

# **Important:**
# If you are running Kubernetes v1.15 or below, you
# will need to add the `--validate=false` flag to your
# kubectl apply command, or else you will receive a
# validation error relating to the
# x-kubernetes-preserve-unknown-fields field in
# cert-manager’s CustomResourceDefinition resources.
# This is a benign error and occurs due to the way kubectl
# performs resource validation.

# Create the namespace for cert-manager
kubectl create namespace cert-manager

# Add the Jetstack Helm repository
helm repo add jetstack https://charts.jetstack.io

# Update your local Helm chart repository cache
helm repo update

# Install the cert-manager Helm chart
helm install \
  cert-manager jetstack/cert-manager \
  --namespace cert-manager \
  --version v1.0.4

kubectl get pods --namespace cert-manager

NAME                                       READY   STATUS    RESTARTS   AGE
cert-manager-5c6866597-zw7kh               1/1     Running   0          2m
cert-manager-cainjector-577f6d9fd7-tr77l   1/1     Running   0          2m
cert-manager-webhook-787858fcdb-nlzsq      1/1     Running   0          2m
  • Install Rancher with Helm and Your Chosen Certificate Option
Rancher Generated Certificates (Default)
helm install rancher rancher-latest/rancher \
  --namespace cattle-system \
  --set hostname=rancher.my.org

kubectl -n cattle-system rollout status deploy/rancher
Waiting for deployment "rancher" rollout to finish: 0 of 3 updated replicas are available...
deployment "rancher" successfully rolled out
  • HTTP Proxy
  • Private Docker Image Registry
  • TLS Termination on an External Load Balancer
  • Verify that the Rancher Server is Successfully Deployed
kubectl -n cattle-system rollout status deploy/rancher
Waiting for deployment "rancher" rollout to finish: 0 of 3 updated replicas are available...
deployment "rancher" successfully rolled out

kubectl -n cattle-system get deploy rancher
NAME      DESIRED   CURRENT   UP-TO-DATE   AVAILABLE   AGE
rancher   3         3         3            3           3m

Windows

取自「https://chevyne.at.tw/w/index.php?title=Rancher_Requirements&oldid=1033