Kubernetes部署(十一):管理之Helm和Rancher部署
Helm部署
helm官方下載地址:https://github.com/helm/helm/releases
官方可用的chart列表:https://hub.kubeapps.com
所有的軟體及配置檔案都儲存在前面文章提到的百度網盤裡 :百度共享連結在此文章裡
helm簡介
Helm是一種簡化Kubernetes應用程式安裝和管理的工具。可以把它想象成apt/yum/homebrew。
- Helm有兩部分:client(helm)和server(tiller)
,Tiller在您的Kubernetes叢集內部執行,並管理chart的釋出(安裝)。 -
Helm可在您的膝上型電腦,或在任何位置執行。
- chart是包含至少兩件事的Helm包:
- 包的描述(Chart.yaml)
- 一個或多個模板,包含Kubernetes清單檔案
- chart可以儲存在磁碟上,也可以從遠端chart儲存庫(如Debian或RedHat包)中獲取.
核心術語
- Chart:一個helm程式包;
- Repository:Charts倉庫,https/http伺服器;
- Release:特定的Chart部署於目標叢集上的一個例項;
程式架構
- helm:客戶端,管理本地的Chart倉庫,管理Chart, 與Tiller伺服器互動,傳送Chart,例項安裝、查詢、解除安裝等 操作;
- Tiller:服務端,接收helm發來的Charts與Config,合併生成relase;
helm部署
- helm可以部署在任何機器上,不一定要在kubernetes的伺服器上,但是需要安裝kubectl,也就是說使用者家目錄下要有kube的配置檔案,因為helm需要和apiServer通訊。
[[email protected] ~]# ll .kube/ total 12 drwxr-xr-x 3 root root 23 Dec 25 11:28 cache -rw------- 1 root root 6264 Dec 25 16:15 config drwxr-xr-x 3 root root 4096 Jan 2 15:09 http-cache
- 開始部署
[[email protected] k8s]# wget https://storage.googleapis.com/kubernetes-helm/helm-v2.12.1-linux-amd64.tar.gz [[email protected] k8s]# tar zxf helm-v2.12.1-linux-amd64.tar.gz [[email protected] k8s]# cd linux-amd64/ [[email protected] linux-amd64]# mv helm /usr/bin/
因某些原因我們無法直接從google下載tiller映象,所以需要下載我網盤共享的映象tiller-image-v2.12.1.tar.gz
,然後在每個node節點載入映象
[[email protected] ~]# docker load < tiller-image-v2.12.1.tar.gz
apiVersion: v1
kind: ServiceAccount
metadata:
name: tiller
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: tiller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: tiller
namespace: kube-system
[[email protected] helm]# kubectl create -f rbac-config.yaml
[[email protected] helm]# helm init --service-account tiller
Creating /root/.helm
Creating /root/.helm/repository
Creating /root/.helm/repository/cache
Creating /root/.helm/repository/local
Creating /root/.helm/plugins
Creating /root/.helm/starters
Creating /root/.helm/cache/archive
Creating /root/.helm/repository/repositories.yaml
Adding stable repo with URL: https://kubernetes-charts.storage.googleapis.com
Adding local repo with URL: http://127.0.0.1:8879/charts
$HELM_HOME has been configured at /root/.helm.
Tiller (the Helm server-side component) has been installed into your Kubernetes Cluster.
Please note: by default, Tiller is deployed with an insecure 'allow unauthenticated users' policy.
To prevent this, run `helm init` with the --tiller-tls-verify flag.
For more information on securing your installation see: https://docs.helm.sh/using_helm/#securing-your-helm-installation
Happy Helming!
[[email protected] helm]# kubectl -n kube-system get pod|grep tiller
tiller-deploy-85744d9bfb-cm5jz 1/1 Running 0 11m
[[email protected] helm]# helm version
Client: &version.Version{SemVer:"v2.12.1", GitCommit:"02a47c7249b1fc6d8fd3b94e6b4babf9d818144e", GitTreeState:"clean"}
Server: &version.Version{SemVer:"v2.12.1", GitCommit:"02a47c7249b1fc6d8fd3b94e6b4babf9d818144e", GitTreeState:"clean"}
helm常用命令:
-
release管理:
- install
- delete
- upgrade/rollback
- list
- history:release的歷史資訊;
- status:獲取release狀態資訊;
- chart管理:
- create
- fetch
- get
- inspect
- package
- verify
至此helm就已經部署完了,下面會通過helm安裝k8s的管理平臺,也順便演示helm的使用。
Rancher部署
rancher簡介
- Rancher是一個企業級多叢集Kubernetes管理平臺;
- 使用者可以在Rancher上配置和管理公有云(如GKE、EKS、AKS、阿里雲、華為雲等)上託管的Kubernetes服務,亦可向Rancher中匯入已有叢集。
- 對於所有Kubernetes叢集與服務,使用者均可以在Rancher上進行集中身份認證(包括GitHub、AD/LDAP、SAML等)。
新增chart倉庫
helm官方倉庫沒有rancher的chart包,所以我們需要新增rancher官方chart倉庫。
[[email protected] helm]# helm repo add rancher-stable https://releases.rancher.com/server-charts/stable "rancher-stable" has been added to your repositories [[email protected] helm]# helm search rancher-stable/rancher NAME CHART VERSION APP VERSION DESCRIPTION rancher-stable/rancher 2018.12.4 v2.1.4 Install Rancher Server to manage Kubernetes clusters acro...
安裝cert-manager
- 安裝成功後會詳細顯示安裝的所有資源
[[email protected] helm]# helm install stable/cert-manager --name cert-manager --namespace kube-system
NAME: cert-manager
LAST DEPLOYED: Thu Jan 3 15:35:22 2019
NAMESPACE: kube-system
STATUS: DEPLOYED
RESOURCES:
==> v1/ServiceAccount
NAME SECRETS AGE
cert-manager 1 1s
==> v1beta1/ClusterRole
NAME AGE
cert-manager 1s
==> v1beta1/ClusterRoleBinding
NAME AGE
cert-manager 1s
==> v1beta1/Deployment
NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
cert-manager 1 1 1 0 1s
==> v1/Pod(related)
NAME READY STATUS RESTARTS AGE
cert-manager-7d4bfc44ff-5flvg 0/1 ContainerCreating 0 0s
NOTES:
cert-manager has been deployed successfully!
In order to begin issuing certificates, you will need to set up a ClusterIssuer
or Issuer resource (for example, by creating a 'letsencrypt-staging' issuer).
More information on the different types of issuers and how to configure them
can be found in our documentation:
https://cert-manager.readthedocs.io/en/latest/reference/issuers.html
For information on how to configure cert-manager to automatically provision
Certificates for Ingress resources, take a look at the `ingress-shim`
documentation:
https://cert-manager.readthedocs.io/en/latest/reference/ingress-shim.html
[[email protected] helm]#
安裝rancher server
[[email protected] helm]# helm install rancher-stable/rancher --name rancher --namespace cattle-system --set hostname=rancher.cnlinux.club
預設情況下,Rancher會自動生成CA根證書並使用cert-manager頒發證書,因此,這裡設定了 hostname=rancher.cnlinux.club,後續只能通過域名訪問UI
為Agent Pod新增主機別名(可選)
如果你沒有內部DNS伺服器而是通過新增/etc/hosts主機別名的方式指定的Rancher server域名,那麼不管通過哪種方式(自定義、匯入、Host驅動等)建立K8S叢集,K8S叢集執行起來之後,因為cattle-cluster-agent Pod和cattle-node-agent無法通過DNS記錄找到Rancher server,最終導致無法通訊。
可以通過給cattle-cluster-agent Pod和cattle-node-agent新增主機別名(/etc/hosts),讓其可以正常通訊(前提是IP地址可以互通)。
注意:替換以下命令中的域名和IP
cattle-cluster-agent pod
[[email protected] helm]# kubectl -n cattle-system patch deployments cattle-cluster-agent --patch '{
"spec": {
"template": {
"spec": {
"hostAliases": [
{
"hostnames":
[
"rancher.cnlinux.club"
],
"ip": "10.31.90.200"
}
]
}
}
}
}'
cattle-node-agent pod
[[email protected] helm]# kubectl -n cattle-system patch daemonsets cattle-node-agent --patch '{
"spec": {
"template": {
"spec": {
"hostAliases": [
{
"hostnames":
[
"rancher.cnlinux.club"
],
"ip": "10.31.90.200"
}
]
}
}
}
}'
訪問rancher
- 通過瀏覽器訪問https://rancher.cnlinux.club/,出現如下頁面,然後設定密碼
- 然後就可以出現如下介面,就證明已經正常運行了
3.至此就可以通過rancher來管理pod、ingress、service等資源了。
- rancher也建立新的k8s叢集,如果管理其他現有的k8s叢集,可以選擇如下圖的匯入
後續會陸續更新所有的k8s相關文件,如果你覺得我寫的不錯,希望大家多多關注點贊,非常感謝!