本文档风哥主要介绍Rancher离线安装与内网环境部署实战,包括Rancher数据库离线安装概念、Rancher数据库离线安装场景、Rancher数据库离线安装架构、Rancher数据库离线安装准备、Rancher数据库镜像仓库搭建、Rancher数据库内网网络规划、Rancher数据库镜像下载、Rancher数据库离线部署、Rancher数据库内网配置、Rancher数据库离线安装验证、Rancher数据库内网集群部署、Rancher数据库离线应用部署等内容,风哥教程参考Rancher官方文档安装与升级、离线安装等内容,适合运维人员在学习和测试中使用,如果要应用于生产环境则需要自行确认。
Part01-基础概念与理论知识
1.1 Rancher数据库离线安装概念
Rancher数据库离线安装是指在没有外网连接的环境中部署Rancher管理平台,需要提前下载所需的镜像和资源,搭建本地镜像仓库,然后在内网环境中进行部署。离线安装适用于内网环境、安全要求高的环境、网络受限的环境等场景。Rancher数据库离线安装需要准备Rancher镜像、Kubernetes组件镜像、应用镜像等,并配置本地镜像仓库。更多视频教程www.fgedu.net.cn
- 无需外网连接,适合内网环境
- 安全性高,不受外部网络影响
- 部署速度更快,不受网络带宽限制
- 需要提前准备镜像和资源
- 需要搭建本地镜像仓库
1.2 Rancher数据库离线安装场景
Rancher数据库离线安装适用场景:
- 内网环境:企业内网、政府机关、金融机构等
- 安全要求高:不能连接外网,需要隔离部署
- 网络受限:网络带宽有限,无法在线下载镜像
- 合规要求:需要符合安全合规要求
- 稳定要求:避免外部网络影响系统稳定性
1.3 Rancher数据库离线安装架构
Rancher数据库离线安装架构:
┌─────────────────────────────────────────────────────────┐
│ 外网环境(准备阶段) │
│ │
│ ┌───────────────────────────────────────────────┐ │
│ │ 镜像下载服务器 │ │
│ │ – Docker Hub │ │
│ │ – Rancher官方仓库 │ │
│ │ – Kubernetes镜像仓库 │ │
│ └───────────────────────────────────────────────┘ │
└────────────────────┬────────────────────────────────────┘
│
│ 镜像下载
↓
┌─────────────────────────────────────────────────────────┐
│ 内网环境(部署阶段) │
│ │
│ ┌───────────────────────────────────────────────┐ │
│ │ 本地镜像仓库 │ │
│ │ – Harbor │ │
│ │ – Docker Registry │ │
│ │ – Rancher镜像 │ │
│ │ – Kubernetes组件镜像 │ │
│ │ – 应用镜像 │ │
│ └───────────────────────────────────────────────┘ │
│ │ │
│ │ 镜像拉取 │
│ ↓ │
│ ┌───────────────────────────────────────────────┐ │
│ │ Rancher Server │ │
│ │ – Rancher容器 │ │
│ │ – Kubernetes集群 │ │
│ │ – 应用部署 │ │
│ └───────────────────────────────────────────────┘ │
└─────────────────────────────────────────────────────────┘
# 架构说明
1. 外网环境:下载所需的镜像和资源
2. 本地镜像仓库:存储和管理镜像
3. 内网环境:使用本地镜像仓库部署Rancher
4. 镜像同步:定期同步镜像到本地仓库
Part02-生产环境规划与建议
2.1 Rancher数据库离线安装准备
Rancher数据库离线安装准备:
# 1. 硬件准备
– 镜像下载服务器:至少1TB存储
– 本地镜像仓库:至少2TB存储
– Rancher Server:至少100GB SSD
– Kubernetes节点:每个节点至少200GB SSD
# 2. 软件准备
– Docker 20.10.x或以上
– Docker Compose 2.x
– Harbor镜像仓库
– kubectl命令行工具
– helm命令行工具
# 3. 镜像准备
– Rancher镜像:rancher/rancher:v2.8.5
– Kubernetes组件镜像:kube-apiserver、kube-controller-manager等
– 网络插件镜像:calico、flannel等
– 存储插件镜像:local-path、nfs等
– 应用镜像:nginx、mysql、redis等
# 4. 资源准备
– Rancher安装包:rke、rke2、k3s
– Helm Charts:rancher、monitoring、logging等
– 配置文件:rancher.yaml、values.yaml等
– 脚本文件:install.sh、backup.sh等
# 5. 网络准备
– 内网IP地址规划
– 防火墙规则配置
– DNS解析配置
– 负载均衡配置
2.2 Rancher数据库镜像仓库搭建
Rancher数据库镜像仓库搭建:
# 1. 安装Docker Compose
[root@fgedu-mirror ~]# curl -L “https://github.com/docker/compose/releases/download/v2.21.0/docker-compose-$(uname -s)-$(uname -m)” -o /usr/local/bin/docker-compose
[root@fgedu-mirror ~]# chmod +x /usr/local/bin/docker-compose
[root@fgedu-mirror ~]# docker-compose –version
Docker Compose version v2.21.0
# 2. 下载Harbor安装包
[root@fgedu-mirror ~]# wget https://github.com/goharbor/harbor/releases/download/v2.8.2/harbor-offline-installer-v2.8.2.tgz
# 3. 解压Harbor安装包
[root@fgedu-mirror ~]# tar -zxvf harbor-offline-installer-v2.8.2.tgz
[root@fgedu-mirror ~]# cd harbor
# 4. 配置Harbor
[root@fgedu-mirror harbor]# cp harbor.yml.tmpl harbor.yml
[root@fgedu-mirror harbor]# cat > harbor.yml << EOF
hostname: harbor.fgedu.net.cn
http:
port: 80
https:
port: 443
certificate: /data/ssl/harbor.crt
private_key: /data/ssl/harbor.key
harbor_admin_password: Harbor@123456
data_volume: /data/harbor
trivy:
ignore_unfixed: false
skip_update: false
offline_scan: false
security_check: vuln
insecure: false
jobservice:
max_job_workers: 10
job_loggers:
- name: STDIO
level: INFO
parameters:
stdout:
level: INFO
notification:
webhook_job_max_retry: 3
webhook_job_http_client_max_idle_connections: 100
log:
level: info
local:
rotate_count: 50
rotate_size: 200M
location: /var/log/harbor
_version: 2.8.2
EOF
# 5. 生成SSL证书
[root@fgedu-mirror harbor]# mkdir -p /data/ssl
[root@fgedu-mirror harbor]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout /data/ssl/harbor.key \
-x509 -days 365 -out /data/ssl/harbor.crt \
-subj "/C=CN/ST=Beijing/L=Beijing/O=FGEDU/OU=IT/CN=harbor.fgedu.net.cn"
# 6. 安装Harbor
[root@fgedu-mirror harbor]# ./install.sh
[Step 0]: checking if docker is installed ...
Note: docker version: 24.0.7
[Step 1]: checking docker-compose is installed ...
Note: docker-compose version: 2.21.0
[Step 2]: loading Harbor images ...
Loaded image: goharbor/harbor-core:v2.8.2
Loaded image: goharbor/harbor-db:v2.8.2
Loaded image: goharbor/registry-photon:v2.8.2
...
[Step 3]: preparing environment ...
[Step 4]: preparing harbor configs ...
prepare base dir is set to /root/harbor
Generated configuration file: /config/portal/nginx.conf
Generated configuration file: /config/core/env
...
[Step 5]: starting Harbor ...
Creating harbor-log ...
Creating harbor-db ...
Creating registry ...
Creating registryctl ...
Creating harbor-core ...
Creating harbor-portal ...
Creating harbor-jobservice ...
Creating nginx ...
✔ ----Harbor has been installed and started successfully.----
# 7. 验证Harbor安装
[root@fgedu-mirror harbor]# docker ps | grep harbor
1234567890ab goharbor/harbor-log:v2.8.2 "/bin/sh -c /usr/..." 10 seconds ago Up 9 seconds 127.0.0.1:1514->10514/tcp harbor-log
2345678901bc goharbor/harbor-db:v2.8.2 “/docker-entrypoint….” 10 seconds ago Up 9 seconds 127.0.0.1:5432->5432/tcp harbor-db
3456789012cd goharbor/registry:v2.8.2 “/home/harbor/entryp…” 10 seconds ago Up 9 seconds 127.0.0.1:5000->5000/tcp registry
4567890123de goharbor/harbor-core:v2.8.2 “/harbor/entrypoint.sh” 10 seconds ago Up 9 seconds 127.0.0.1:8080->8080/tcp harbor-core
5678901234ef goharbor/harbor-portal:v2.8.2 “nginx -g ‘daemon of…” 10 seconds ago Up 9 seconds 127.0.0.1:8082->8082/tcp harbor-portal
6789012345fa goharbor/harbor-jobservice:v2.8.2 “/harbor/entrypoint.s…” 10 seconds ago Up 9 seconds 127.0.0.1:8081->8081/tcp harbor-jobservice
7890123456ab goharbor/nginx-photon:v2.8.2 “nginx -g ‘daemon of…” 10 seconds ago Up 9 seconds 0.0.0.0:80->8080/tcp, 0.0.0.0:443->8443/tcp nginx
# 8. 访问Harbor Web界面
# URL: https://harbor.fgedu.net.cn
# 用户名:admin
# 密码:Harbor@123456
2.3 Rancher数据库内网网络规划
Rancher数据库内网网络规划:
# IP地址规划
管理网络:192.168.1.0/24
Harbor镜像仓库:192.168.1.10
Rancher Server:192.168.1.11
Kubernetes节点:192.168.1.20-192.168.1.30
网关:192.168.1.1
DNS:192.168.1.10
# 端口规划
Harbor镜像仓库:
80/tcp:HTTP访问
443/tcp:HTTPS访问
Rancher Server:
80/tcp:HTTP访问
443/tcp:HTTPS访问
6443/tcp:Kubernetes API
Kubernetes节点:
6443/tcp:Kubernetes API
10250/tcp:Kubelet API
10251/tcp:Kube-scheduler
10252/tcp:Kube-controller-manager
# DNS解析配置
harbor.fgedu.net.cn -> 192.168.1.10
rancher.fgedu.net.cn -> 192.168.1.11
# 防火墙规则
开放80/tcp、443/tcp端口
限制访问来源IP
配置端口转发规则
Part03-生产环境项目实施方案
3.1 Rancher数据库镜像下载
3.1.1 Rancher数据库下载Rancher镜像
[root@fgedu-download ~]# docker pull rancher/rancher:v2.8.5
v2.8.5: Pulling from rancher/rancher
1234567890ab: Pull complete
2345678901bc: Pull complete
3456789012cd: Pull complete
4567890123de: Pull complete
5678901234ef: Pull complete
6789012345fa: Pull complete
7890123456ab: Pull complete
8901234567bc: Pull complete
9012345678cd: Pull complete
Digest: sha256:abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890
Status: Downloaded newer image for rancher/rancher:v2.8.5
docker.io/rancher/rancher:v2.8.5
# 下载RKE2镜像
[root@fgedu-download ~]# docker pull rancher/rke2:v1.28.5-rke2r1
v1.28.5-rke2r1: Pulling from rancher/rke2
1234567890ab: Pull complete
2345678901bc: Pull complete
3456789012cd: Pull complete
4567890123de: Pull complete
5678901234ef: Pull complete
6789012345fa: Pull complete
7890123456ab: Pull complete
8901234567bc: Pull complete
9012345678cd: Pull complete
Digest: sha256:abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890
Status: Downloaded newer image for rancher/rke2:v1.28.5-rke2r1
docker.io/rancher/rke2:v1.28.5-rke2r1
# 查看下载的镜像
[root@fgedu-download ~]# docker images | grep rancher
rancher/rancher v2.8.5 abcdef123456 2 weeks ago 1.2GB
rancher/rke2 v1.28.5-rke2r1 bcdef234567 2 weeks ago 800MB
3.1.2 Rancher数据库下载Kubernetes组件镜像
[root@fgedu-download ~]# docker pull rancher/mirrored-flannelcni-flannel:v0.22.0
[root@fgedu-download ~]# docker pull rancher/mirrored-flannelcni-flannel-cni-plugin:v1.3.0-flannel1
[root@fgedu-download ~]# docker pull rancher/mirrored-calico-node:v3.26.1
[root@fgedu-download ~]# docker pull rancher/mirrored-calico-kube-controllers:v3.26.1
[root@fgedu-download ~]# docker pull rancher/mirrored-calico-cni:v3.26.1
[root@fgedu-download ~]# docker pull rancher/mirrored-calico-typha:v3.26.1
[root@fgedu-download ~]# docker pull rancher/mirrored-pause:3.9
[root@fgedu-download ~]# docker pull rancher/mirrored-coredns-coredns:1.10.1
[root@fgedu-download ~]# docker pull rancher/mirrored-etcd:3.5.9-0
[root@fgedu-download ~]# docker pull rancher/mirrored-kube-apiserver:v1.28.5
[root@fgedu-download ~]# docker pull rancher/mirrored-kube-controller-manager:v1.28.5
[root@fgedu-download ~]# docker pull rancher/mirrored-kube-scheduler:v1.28.5
[root@fgedu-download ~]# docker pull rancher/mirrored-kube-proxy:v1.28.5
[root@fgedu-download ~]# docker pull rancher/mirrored-kubelet:v1.28.5
# 查看下载的镜像
[root@fgedu-download ~]# docker images | grep mirrored
rancher/mirrored-flannelcni-flannel v0.22.0 abcdef123456 2 weeks ago 80MB
rancher/mirrored-flannelcni-flannel-cni-plugin v1.3.0-flannel1 bcdef234567 2 weeks ago 10MB
rancher/mirrored-calico-node v3.26.1 cdef345678 2 weeks ago 200MB
rancher/mirrored-calico-kube-controllers v3.26.1 def456789 2 weeks ago 80MB
rancher/mirrored-calico-cni v3.26.1 ef5678901 2 weeks ago 150MB
rancher/mirrored-calico-typha v3.26.1 f67890123 2 weeks ago 70MB
rancher/mirrored-pause 3.9 789012345 2 weeks ago 1MB
rancher/mirrored-coredns-coredns 1.10.1 890123456 2 weeks ago 50MB
rancher/mirrored-etcd 3.5.9-0 901234567 2 weeks ago 300MB
rancher/mirrored-kube-apiserver v1.28.5 012345678 2 weeks ago 120MB
rancher/mirrored-kube-controller-manager v1.28.5 123456789 2 weeks ago 110MB
rancher/mirrored-kube-scheduler v1.28.5 234567890 2 weeks ago 60MB
rancher/mirrored-kube-proxy v1.28.5 345678901 2 weeks ago 80MB
rancher/mirrored-kubelet v1.28.5 456789012 2 weeks ago 100MB
3.2 Rancher数据库离线部署
3.2.1 Rancher数据库上传镜像到Harbor
[root@fgedu-download ~]# docker tag rancher/rancher:v2.8.5 harbor.fgedu.net.cn/rancher/rancher:v2.8.5
[root@fgedu-download ~]# docker tag rancher/rke2:v1.28.5-rke2r1 harbor.fgedu.net.cn/rancher/rke2:v1.28.5-rke2r1
# 上传镜像到Harbor
[root@fgedu-download ~]# docker push harbor.fgedu.net.cn/rancher/rancher:v2.8.5
The push refers to repository [harbor.fgedu.net.cn/rancher/rancher]
1234567890ab: Pushed
2345678901bc: Pushed
3456789012cd: Pushed
4567890123de: Pushed
5678901234ef: Pushed
6789012345fa: Pushed
7890123456ab: Pushed
8901234567bc: Pushed
9012345678cd: Pushed
v2.8.5: digest: sha256:abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890 size: 1234
[root@fgedu-download ~]# docker push harbor.fgedu.net.cn/rancher/rke2:v1.28.5-rke2r1
The push refers to repository [harbor.fgedu.net.cn/rancher/rke2]
1234567890ab: Pushed
2345678901bc: Pushed
3456789012cd: Pushed
4567890123de: Pushed
5678901234ef: Pushed
6789012345fa: Pushed
7890123456ab: Pushed
8901234567bc: Pushed
9012345678cd: Pushed
v1.28.5-rke2r1: digest: sha256:abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890 size: 567
# 批量上传Kubernetes组件镜像
[root@fgedu-download ~]# for image in $(docker images | grep mirrored | awk ‘{print $1″:”$2}’); do
new_image=$(echo $image | sed ‘s|rancher/mirrored-|harbor.fgedu.net.cn/rancher/|g’)
docker tag $image $new_image
docker push $new_image
done
# 验证镜像上传
# 访问Harbor Web界面:https://harbor.fgedu.net.cn
# 查看rancher项目下的镜像列表
3.2.2 Rancher数据库在内网部署
[root@fgedu-server ~]# cat > /etc/docker/daemon.json << EOF { "registry-mirrors": [ "https://harbor.fgedu.net.cn" ], "insecure-registries": [ "harbor.fgedu.net.cn" ], "data-root": "/Rancher/fgdata/docker", "log-driver": "json-file", "log-opts": { "max-size": "100m", "max-file": "3" }, "storage-driver": "overlay2", "storage-opts": [ "overlay2.override_kernel_check=true" ], "exec-opts": ["native.cgroupdriver=systemd"], "live-restore": true } EOF # 重启Docker服务 [root@fgedu-server ~]# systemctl restart docker [root@fgedu-server ~]# systemctl status docker # 拉取Rancher镜像 [root@fgedu-server ~]# docker pull harbor.fgedu.net.cn/rancher/rancher:v2.8.5 v2.8.5: Pulling from rancher/rancher 1234567890ab: Pull complete 2345678901bc: Pull complete 3456789012cd: Pull complete 4567890123de: Pull complete 5678901234ef: Pull complete 6789012345fa: Pull complete 7890123456ab: Pull complete 8901234567bc: Pull complete 9012345678cd: Pull complete Digest: sha256:abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890 Status: Downloaded newer image for harbor.fgedu.net.cn/rancher/rancher:v2.8.5 harbor.fgedu.net.cn/rancher/rancher:v2.8.5 # 启动Rancher容器 [root@fgedu-server ~]# docker run -d --restart=unless-stopped \ --name rancher \ -p 80:80 -p 443:443 \ -v /Rancher/fgdata/rancher:/var/lib/rancher \ -v /Rancher/fgdata/rancher/log:/var/log/rancher \ -e CATTLE_SYSTEM_DEFAULT_REGISTRY=harbor.fgedu.net.cn \ -e CATTLE_SYSTEM_CATALOG=bundled \ --privileged \ harbor.fgedu.net.cn/rancher/rancher:v2.8.5 1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef # 查看Rancher容器状态 [root@fgedu-server ~]# docker ps | grep rancher 1234567890ab harbor.fgedu.net.cn/rancher/rancher:v2.8.5 "entrypoint.sh" 10 seconds ago Up 9 seconds 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp rancher
# 查看Rancher容器日志
[root@fgedu-server ~]# docker logs -f rancher
INFO: Starting Rancher
INFO: Rancher is starting
INFO: Waiting for Rancher to be ready…
INFO: Rancher is ready
INFO: Rancher is running
3.3 Rancher数据库内网配置
3.3.1 Rancher数据库配置私有镜像仓库
# 步骤1:登录Rancher管理界面
# 步骤2:点击右上角用户图标 – 选择”全局设置”
# 步骤3:找到”System Default Registry”设置项
# 步骤4:输入私有镜像仓库地址:harbor.fgedu.net.cn
# 步骤5:点击”保存”按钮
# 通过API配置私有镜像仓库
[root@fgedu-server ~]# curl -k -u “admin:password” \
-X PUT \
-H “Content-Type: application/json” \
-d ‘{
“value”: “harbor.fgedu.net.cn”
}’ \
https://192.168.1.11/v3/settings/system-default-registry
{
“id”: “system-default-registry”,
“type”: “setting”,
“links”: {
“self”: “https://192.168.1.11/v3/settings/system-default-registry”
},
“name”: “system-default-registry”,
“value”: “harbor.fgedu.net.cn”,
“default”: “”,
“source”: “env”
}
# 验证私有镜像仓库配置
[root@fgedu-server ~]# curl -k -u “admin:password” \
https://192.168.1.11/v3/settings/system-default-registry
{
“id”: “system-default-registry”,
“type”: “setting”,
“name”: “system-default-registry”,
“value”: “harbor.fgedu.net.cn”
}
Part04-生产案例与实战讲解
4.1 Rancher数据库离线安装验证
4.1.1 Rancher数据库访问验证
# URL: https://192.168.1.11
# 使用初始密码登录
# 测试Rancher服务
[root@fgedu-server ~]# curl -k https://localhost/ping
pong
# 测试私有镜像仓库访问
[root@fgedu-server ~]# curl -k https://harbor.fgedu.net.cn/v2/_catalog
{“repositories”:[“rancher/rancher”,”rancher/rke2″,”rancher/mirrored-flannelcni-flannel”,”rancher/mirrored-calico-node”]}
# 查看Rancher容器状态
[root@fgedu-server ~]# docker ps | grep rancher
1234567890ab harbor.fgedu.net.cn/rancher/rancher:v2.8.5 “entrypoint.sh” 10 seconds ago Up 9 seconds 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp rancher
# 查看Rancher容器资源使用情况
[root@fgedu-server ~]# docker stats rancher –no-stream
CONTAINER ID NAME CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS
1234567890ab rancher 5.23% 1.2GiB / 15.6GiB 7.69% 12.3MB / 8.9MB 45.6MB / 23.4MB 156
4.2 Rancher数据库内网集群部署
4.2.1 Rancher数据库创建离线集群
# 步骤1:登录Rancher管理界面
# 步骤2:点击”集群” – “创建”按钮
# 步骤3:选择”自定义”集群
# 步骤4:填写集群信息:
# 集群名称:fgedu-offline-cluster
# 集群描述:Rancher数据库离线测试集群
# Kubernetes版本:v1.28.5
# 网络提供商:Canal (Flannel + Calico)
# 私有镜像仓库:harbor.fgedu.net.cn
# 步骤5:点击”下一步”按钮
# 步骤6:选择节点角色:
# etcd:true
# controlplane:true
# worker:true
# 步骤7:复制节点注册命令
# 步骤8:在目标节点执行注册命令
# 步骤9:点击”完成”按钮
# 在目标节点执行注册命令
[root@fgedu-node1 ~]# curl -sfL https://192.168.1.11/v3/import/1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef.sh | sh
# 查看节点状态
[root@fgedu-node1 ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
fgedu-node1 Ready control-plane,etcd,worker 5m v1.28.5
fgedu-node2 Ready control-plane,etcd,worker 5m v1.28.5
fgedu-node3 Ready control-plane,etcd,worker 5m v1.28.5
# 查看Pod状态
[root@fgedu-node1 ~]# kubectl get pods -A
NAMESPACE NAME READY STATUS RESTARTS AGE
cattle-system rancher-1234567890-abcde 1/1 Running 0 10m
cattle-system rancher-webhook-1234567890-abcde 1/1 Running 0 10m
ingress-nginx ingress-nginx-controller-1234567890-abcde 1/1 Running 0 10m
kube-system coredns-1234567890-abcde 1/1 Running 0 10m
kube-system etcd-1234567890-abcde 1/1 Running 0 10m
kube-system kube-apiserver-1234567890-abcde 1/1 Running 0 10m
kube-system kube-controller-manager-1234567890-abcde 1/1 Running 0 10m
kube-system kube-proxy-1234567890-abcde 1/1 Running 0 10m
kube-system kube-scheduler-1234567890-abcde 1/1 Running 0 10m
4.3 Rancher数据库离线应用部署
4.3.1 Rancher数据库部署Nginx应用
[root@fgedu-server ~]# kubectl create deployment fgedu-nginx –image=harbor.fgedu.net.cn/rancher/mirrored-nginx:latest –replicas=3
deployment.apps/fgedu-nginx created
# 查看部署状态
[root@fgedu-server ~]# kubectl get deployments fgedu-nginx
NAME READY UP-TO-DATE AVAILABLE AGE
fgedu-nginx 3/3 3 3 1m
# 查看Pod状态
[root@fgedu-server ~]# kubectl get pods -l app=fgedu-nginx
NAME READY STATUS RESTARTS AGE
fgedu-nginx-1234567890-abcde 1/1 Running 0 1m
fgedu-nginx-1234567890-fghij 1/1 Running 0 1m
fgedu-nginx-1234567890-klmno 1/1 Running 0 1m
# 创建Service
[root@fgedu-server ~]# kubectl expose deployment fgedu-nginx –port=80 –type=NodePort
service/fgedu-nginx exposed
# 查看Service状态
[root@fgedu-server ~]# kubectl get svc fgedu-nginx
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
fgedu-nginx NodePort 10.43.123.45
# 测试应用访问
[root@fgedu-server ~]# curl http://192.168.1.20:31234
Welcome to nginx!
If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.
For online documentation and support please refer to
nginx.org.
Commercial support is available at
nginx.com.
Thank you for using nginx.
Part05-风哥经验总结与分享
5.1 Rancher数据库离线安装最佳实践
Rancher数据库离线安装最佳实践:
- 镜像准备:提前下载所有需要的镜像,包括Rancher、Kubernetes组件、应用镜像
- 镜像仓库:搭建Harbor镜像仓库,配置SSL证书,设置访问权限
- 网络规划:合理规划内网IP地址,配置DNS解析,确保网络互通
- 安全加固:配置防火墙规则,限制访问来源,定期更新镜像
- 备份策略:定期备份Rancher数据和配置文件,配置异地备份
- 监控告警:配置监控和告警系统,及时发现和处理问题
- 文档记录:记录安装过程和配置,便于知识传承
5.2 Rancher数据库离线安装问题排查
Rancher数据库离线安装问题排查:
# 问题1:镜像拉取失败
# 现象:docker pull报错,无法拉取镜像
# 原因:镜像仓库配置错误、网络不通、镜像不存在
# 解决:
[root@fgedu-server ~]# docker info | grep -A 5 “Registry Mirrors”
[root@fgedu-server ~]# ping harbor.fgedu.net.cn
[root@fgedu-server ~]# curl -k https://harbor.fgedu.net.cn/v2/_catalog
[root@fgedu-server ~]# docker login harbor.fgedu.net.cn
# 问题2:Rancher容器启动失败
# 现象:docker ps看不到rancher容器
# 原因:镜像拉取失败、配置错误、资源不足
# 解决:
[root@fgedu-server ~]# docker logs rancher
[root@fgedu-server ~]# docker inspect rancher
[root@fgedu-server ~]# free -h
[root@fgedu-server ~]# df -h
# 问题3:集群节点无法注册
# 现象:节点状态显示为Unknown或Error
# 原因:网络不通、镜像拉取失败、配置错误
# 解决:
[root@fgedu-node1 ~]# kubectl get nodes
[root@fgedu-node1 ~]# kubectl get pods -A
[root@fgedu-node1 ~]# docker images | grep rancher
[root@fgedu-node1 ~]# ping 192.168.1.11
# 问题4:应用部署失败
# 现象:Pod状态显示为ImagePullBackOff或ErrImagePull
# 原因:镜像不存在、镜像仓库配置错误、权限不足
# 解决:
[root@fgedu-server ~]# kubectl describe pod
[root@fgedu-server ~]# docker login harbor.fgedu.net.cn
[root@fgedu-server ~]# kubectl create secret docker-registry harbor-secret \
–docker-server=harbor.fgedu.net.cn \
–docker-username=admin \
–docker-password=Harbor@123456
5.3 Rancher数据库离线环境维护
Rancher数据库离线环境维护:
# 1. 镜像同步
– 定期同步Rancher官方镜像
– 更新Kubernetes组件镜像
– 更新应用镜像
– 清理过期镜像
# 2. 系统更新
– 更新操作系统补丁
– 更新Docker版本
– 更新Rancher版本
– 更新Kubernetes版本
# 3. 备份恢复
– 定期备份Rancher数据
– 定期备份ETCD数据
– 定期备份镜像仓库
– 测试备份恢复
# 4. 监控告警
– 监控Rancher服务状态
– 监控Kubernetes集群状态
– 监控镜像仓库状态
– 配置告警规则
# 5. 安全加固
– 定期更新SSL证书
– 配置访问控制
– 定期审计日志
– 更新安全策略
本文由风哥教程整理发布,仅用于学习测试使用,转载注明出处:http://www.fgedu.net.cn/10327.html
联系我们
在线咨询:
微信号:itpux-com
工作日:9:30-18:30,节假日休息
