kubernetes下搭建不带ingress的rancher

最新推荐文章于 2024-01-24 11:47:50 发布

李炜伦

最新推荐文章于 2024-01-24 11:47:50 发布

阅读量329

点赞数

分类专栏： kubernetes 文章标签： kubernetes

本文链接：https://blog.csdn.net/sinat_32188225/article/details/117034633

版权

kubernetes 专栏收录该内容

21 篇文章 2 订阅

订阅专栏

安装helm

curl http://rancher-mirror.cnrancher.com/helm/v3.5.4/helm-v3.5.4-linux-amd64.tar.gz |tar zx;
\cp -f linux-amd64/helm /usr/local/bin;
chmod u+x /usr/local/bin/helm;

安装rancher的helm charts源

helm repo add rancher-latest http://rancher-mirror.oss-cn-beijing.aliyuncs.com/server-charts/latest;

下载rancher的charts文件

文章编辑时rancher最新版本为2.5.8

helm pull rancher-latest/rancher;
tar zxvf rancher-2.5.8.tgz;
cd rancher/templates;

修改rancher的service文件为externalIPs模式

修改service的port
单节点可以增加externalIPs，否则使用nodeport

apiVersion: v1
kind: Service
metadata:
  name: {{ template "rancher.fullname" . }}
  labels:
{{ include "rancher.labels" . | indent 4 }}
spec:
  ports:
  - port: 82
    targetPort: 80
    protocol: TCP
    name: http
  - port: 444
    targetPort: 444
    protocol: TCP
    name: https-internal
  selector:
    app: {{ template "rancher.fullname" . }}
  externalIPs:
  - xxx.xxx.xxx.xxx

修改rancher的service文件为nodePort模式

修改service的port
nodeport只需要改80端口的nodeport端口
自己随便定义port和nodeport字段的值，不要冲突就行。

apiVersion: v1
kind: Service
metadata:
  name: {{ template "rancher.fullname" . }}
  labels:
{{ include "rancher.labels" . | indent 4 }}
spec:
  ports:
  - port: 82
    targetPort: 80
    protocol: TCP
    name: http
    nodePort: 30100
  - port: 444
    targetPort: 444
    protocol: TCP
    name: https-internal
  selector:
    app: {{ template "rancher.fullname" . }}

安装rancher

返回rancher的charts文件夹，安装rancher。
hostname就是访问的域名，rancherImage是镜像源地址，tls开启外部ssl终止，禁用ingress。

helm install rancher rancher --namespace cattle-system --create-namespace \
--set hostname=xxx.cn \
--set rancherImage=registry.cn-hangzhou.aliyuncs.com/rancher/rancher \
--set tls=external \
--set ingress.enabled=false

配置nginx

centos8可以使用tls1.3，nginx编译的时候要加上。
rancher需要websocket、http/2还有几个http头。
我密钥是放在conf的文件夹里面，以xxx.cn.pem那样命名，所以就直接$server_name.pem这样参数代替了。

rancher官网7层负载均衡+ssl终止
在这里插入图片描述

map $http_upgrade $connection_upgrade {
        default Upgrade;
        ''      close;
    }

    server {
        listen 443 ssl http2 reuseport;
        server_name xxx.cn;
        ssl_protocols TLSv1.2 TLSv1.3;
        ssl_prefer_server_ciphers on;
        ssl_certificate $server_name.pem;
        ssl_certificate_key $server_name.key;

        location / {
            proxy_set_header Host $host;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header X-Forwarded-Port $server_port;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_pass http://10.10.10.62:82;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection $connection_upgrade;
            # This allows the ability for the execute shell window to remain open for up to 15 minutes. Without this parameter, the default is 1 minute and will automatically close.
            proxy_read_timeout 900s;
            proxy_buffering off;
        }
    }
    server {
        listen 80;
        server_name xxx.cn;
        return 301 https://$server_name$request_uri;
    }

李炜伦

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
kubernetes下搭建不带ingress的rancher

安装helmcurl http://rancher-mirror.cnrancher.com/helm/v3.5.4/helm-v3.5.4-linux-amd64.tar.gz |tar zx;\cp -f linux-amd64/helm /usr/local/bin;chmod u+x /usr/local/bin/helm;安装rancher的helm charts源helm repo add rancher-latest http://rancher-mirror.oss-cn-bei
复制链接

扫一扫

专栏目录