People lazy, not much nonsense.
rancher's official website targeted too strong. basically requires rke deployment k8s cluster admit rancher dashboard also good, you can improve development efficiency. But rke is feces, feces rke is, rke is feces, the important thing to say three times.
Official website ha deployment testing and certification program with the helm of a number, were unsuccessful, really I do not want it on the official website of the program docker rewritten k8syaml with docker solution for rapid deployment rancher, the file:
we ./rancher.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: proxy-clusterrole-kubeapiserver rules: - apiGroups: [""] resources: - nodes/metrics - nodes/proxy - nodes/stats - nodes/log - nodes/spec verbs: ["get", "list", "watch", "create"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: proxy-role-binding-kubernetes-master roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: proxy-clusterrole-kubeapiserver subjects: - apiGroup: rbac.authorization.k8s.io kind: User name: kube-apiserver --- apiVersion: v1 kind: Namespace metadata: name: cattle-system --- apiVersion: v1 kind: ServiceAccount metadata: name: cattle namespace: cattle-system --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata: name: cattle-admin-binding namespace: cattle-system labels: cattle.io/creator: "norman" subjects: - kind: ServiceAccount name: cattle namespace: cattle-system roleRef: kind: ClusterRole name: cattle-admin apiGroup: rbac.authorization.k8s.io --- apiVersion: v1 kind: Secret metadata: name: cattle-credentials-2d27727 namespace: cattle-system type: Opaque data: url: "aHR0cHM6Ly8xMC4xOC4zMi4yNTozMDQ0Mw==" token: "ZnZyc2JkN2JmdGJ4dmhncWNqbDRyamd4dGg0Z2tiZjljZHh4cXZ4aHB4ejVieGNkbnZoenBw" --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: cattle-admin labels: cattle.io/creator: "norman" rules: - apiGroups: - '*' resources: - '*' verbs: - '*' - nonResourceURLs: - '*' verbs: - '*' --- kind: Deployment apiVersion: apps/v1 metadata: name: rancher namespace: cattle-system labels: app: rancher spec: replicas: 1 strategy: type: RollingUpdate rollingUpdate: maxSurge: 1 maxUnavailable: 1 selector: matchLabels: app: rancher template: metadata: labels: app: rancher spec: containers: - name: rancher image: rancher/rancher:stable imagePullPolicy: Always env: - name: AUDIT_LEVEL value: "3" - name: CATTLE_SYSTEM_CATALOG value: "bundled" ports: - containerPort: 80 name: http - containerPort: 443 name: https readinessProbe: tcpSocket: port: 80 initialDelaySeconds: 20 periodSeconds 10 livenessProbe: tcpSocket: port: 80 initialDelaySeconds: 600 periodSeconds: 20 serviceAccountName: cattle --- apiVersion: v1 kind: Service metadata: name: rancher namespace: cattle-system spec: ports: - port: 80 name: http protocol: TCP nodePort: 30080 - port: 443 name: https protocol: TCP nodePort: 30443 sessionAffinity: ClientIP externalTrafficPolicy: Cluster sessionAffinityConfig: clientIP: timeoutSeconds: 10800 type: NodePort selector: app: rancher
Brief description of the process:
Create a cattle-system namespace
Create a cattle-admin user authorization request kube-api from the server, and then return etcd in the key value (information about the cluster, node node ah, ah, what the node status).
Creating an authorization mechanism, rancher assign permissions to ordinary users. (Type: Opaque)
Deployment rancher (20 Miao check port 80 is ready, too lazy to write, to write checks also no 443 but port 80 to get up, get up to 443 ports Why?) Serviceaccount using cattle that can not understand their own sa try kubectl get sa -n kube-system
Create a rancher service 30080/30443 nodeport, set here externalTrafficPolicy: Cluster, ensure that all nodes (including master will start the two ports, so afraid rancher pod migration.) 30080 port will automatically jump from one node to any rancher deployment 30080 port node corresponding to the node again to rewrite the port from 30080 to 30443 url port.
6. kubectl apply -f rancher.yaml && kubectl get pod -n cattle-system -w wait for the rancher named pod ready.
7. Open the browser recommendations firefox, google browser security is very troublesome. Unknown problems that may arise self-signed certificate.
Enjoy!