Rancher教程FG025-Rancher生产环境高可用架构设计项目实战

本篇文章详细介绍Rancher生产环境高可用架构设计，包括多节点部署、负载均衡、故障切换、数据备份、监控告警等实战内容。风哥教程参考Rancher官方文档高可用部署与架构设计相关章节。

目录大纲

Part01-基础概念与理论知识
- 1.1 高可用架构设计原则
- 1.2 Rancher高可用架构组件
Part02-生产环境规划与建议
- 2.1 硬件资源规划
- 2.2 网络架构设计
Part03-生产环境项目实施方案
Part04-生产案例与实战讲解
Part05-风哥经验总结与分享
- 5.1 生产环境最佳实践
- 5.2 常见问题与解决方案

Part01-基础概念与理论知识

1.1 高可用架构设计原则

高可用架构遵循无单点故障原则，每个组件至少3个副本。包括控制平面高可用、etcd集群、负载均衡器、数据库集群等。RPO（恢复点目标）和RTO（恢复时间目标）是关键指标。生产环境要求99.99%可用性，年停机时间不超过52分钟。更多视频教程www.fgedu.net.cn

1.2 Rancher高可用架构组件

Rancher高可用架构包括：3个Rancher Server节点、3个etcd节点、外部负载均衡器（Nginx/HAProxy）、PostgreSQL数据库集群、对象存储（S3/MinIO）。Rancher Server通过负载均衡器分发流量，etcd使用Raft协议保证数据一致性。学习交流加群风哥微信: itpux-com

Part02-生产环境规划与建议

2.1 硬件资源规划

Rancher Server节点建议配置：8核CPU、16GB内存、100GB SSD存储。etcd节点建议配置：4核CPU、8GB内存、50GB SSD存储。负载均衡器建议配置：4核CPU、8GB内存。数据库节点建议配置：8核CPU、32GB内存、500GB SSD存储。学习交流加群风哥QQ113257174

2.2 网络架构设计

生产环境建议使用VPC隔离，不同子网部署不同组件。Rancher Server和etcd部署在管理子网，负载均衡器部署在DMZ区。配置防火墙规则，只开放必要端口：80、443、6443、2379-2380。使用SSL证书加密通信。更多学习教程公众号风哥教程itpux_com

Part03-生产环境项目实施方案

3.1 多节点Rancher部署

部署3节点高可用Rancher集群。

Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirrors.aliyun.com
 * extras: mirrors.aliyun.com
 * updates: mirrors.aliyun.com
Resolving Dependencies
--> Running transaction check
---> Package docker.x86_64 0:1.13.1-209.git7d71120.el7.centos will be installed
--> Finished Dependency Resolution
Dependencies Resolved

================================================================================
 Package         Arch             Version                          Repository
                                                                   Size
================================================================================
Installing:
 docker          x86_64           1.13.1-209.git7d71120.el7.centos   base            18 M

Transaction Summary
================================================================================
Install  1 Package

Total download size: 18 M
Installed size: 67 M
Is this ok [y/d/N]: y
Downloading packages:
docker-1.13.1-209.git7d71120.el7.centos.x86_64.rpm           |  18 MB   00:02
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : docker-1.13.1-209.git7d71120.el7.centos.x86_64        1/1
  Verifying  : docker-1.13.1-209.git7d71120.el7.centos.x86_64        1/1

Installed:
  docker.x86_64 0:1.13.1-209.git7d71120.el7.centos

Complete!

abc123def4567890123456789012345678901234567890123456789012345678901234

def4567890123456789012345678901234567890123456789012345678901234567

ghi7890123456789012345678901234567890123456789012345678901234567890

from Rancher视频:www.itpux.com

1, started, fgedu-etcd-1, http://192.168.1.100:2380, http://192.168.1.100:2379, false
2, started, fgedu-etcd-2, http://192.168.1.101:2380, http://192.168.1.101:2379, false
3, started, fgedu-etcd-3, http://192.168.1.102:2380, http://192.168.1.102:2379, false

jkl0123456789012345678901234567890123456789012345678901234567890123
mno3456789012345678901234567890123456789012345678901234567890123
pqr4567890123456789012345678901234567890123456789012345678901234

abc123def4567890123456789012345678901234567890123456789012345678901234   rancher/rancher:latest   "entrypoint.sh"   5 minutes ago   Up 5 minutes   0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp   rancher-server

3.2 负载均衡配置

配置Nginx负载均衡器。

Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirrors.aliyun.com
 * extras: mirrors.aliyun.com
 * updates: mirrors.aliyun.com
Resolving Dependencies
--> Running transaction check
---> Package nginx.x86_64 0:1.20.1-10.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved

================================================================================
 Package         Arch             Version                      Repository      Size
================================================================================
Installing:
 nginx           x86_64           1.20.1-10.el7               base            589 k

Transaction Summary
================================================================================
Install  1 Package

Total download size: 589 k
Installed size: 1.5 M
Is this ok [y/d/N]: y
Downloading packages:
nginx-1.20.1-10.el7.x86_64.rpm                             | 589 kB   00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : nginx-1.20.1-10.el7.x86_64                         1/1
  Verifying  : nginx-1.20.1-10.el7.x86_64                         1/1

Installed:
  nginx.x86_64 0:1.20.1-10.el7

Complete!

/etc/nginx/conf.d/rancher.conf <

Generating a 2048 bit RSA private key
.....................+++
.......................................................+++
writing new private key to '/etc/nginx/ssl/rancher.key'
-----

Created symlink from /etc/systemd/system/multi-user.target.wants/nginx.service to /usr/lib/systemd/system/nginx.service.

● nginx.service - The nginx HTTP and reverse proxy server
   Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
   Active: active (running) since Fri 2026-04-10 18:00:00 CST; 5s ago
     Docs: man:nginx(8)
  Process: 12345 ExecStart=/usr/sbin/nginx (code=exited, status=0/SUCCESS)
 Main PID: 12346 (nginx)
   CGroup: /system.slice/nginx.service
           ├─12346 nginx: master process /usr/sbin/nginx
           ├─12347 nginx: worker process
           ├─12348 nginx: worker process
           └─12349 nginx: worker process

Apr 10 18:00:00 fgedu-lb systemd[1]: Starting The nginx HTTP and reverse proxy server...
Apr 10 18:00:00 fgedu-lb nginx[12345]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
Apr 10 18:00:00 fgedu-lb nginx[12345]: nginx: configuration file /etc/nginx/nginx.conf test is successful
Apr 10 18:00:00 fgedu-lb systemd[1]: Started The nginx HTTP and reverse proxy server.

pong

3.3 故障切换配置

配置健康检查和自动故障切换。

Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirrors.aliyun.com
 * extras: mirrors.aliyun.com
 * updates: mirrors.aliyun.com
Resolving Dependencies
--> Running transaction check
---> Package keepalived.x86_64 0:1.3.5-19.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved

================================================================================
 Package         Arch             Version                      Repository      Size
================================================================================
Installing:
 keepalived      x86_64           1.3.5-19.el7                base            332 k

Transaction Summary
================================================================================
Install  1 Package

Total download size: 332 k
Installed size: 1.1 M
Is this ok [y/d/N]: y
Downloading packages:
keepalived-1.3.5-19.el7.x86_64.rpm                         | 332 kB   00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : keepalived-1.3.5-19.el7.x86_64                         1/1
  Verifying  : keepalived-1.3.5-19.el7.x86_64                         1/1

Installed:
  keepalived.x86_64 0:1.3.5-19.el7

Complete!

/etc/keepalived/keepalived.conf <

Created symlink from /etc/systemd/system/multi-user.target.wants/keepalived.service to /usr/lib/systemd/system/keepalived.service.

2: eth0:  mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:12:34:56 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.150/24 brd 192.168.1.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet 192.168.1.200/32 scope global eth0
       valid_lft forever preferred_lft forever

Part04-生产案例与实战讲解

4.1 高可用架构验证

验证高可用架构的可用性。

pong
pong
pong
pong
pong
pong
pong
pong
pong
pong
pong

time="2026-04-10T18:30:00Z" level=info msg="Starting Rancher"
time="2026-04-10T18:30:01Z" level=info msg="Connecting to database"
time="2026-04-10T18:30:02Z" level=info msg="Database connection established"
time="2026-04-10T18:30:03Z" level=info msg="Starting API server"
time="2026-04-10T18:30:04Z" level=info msg="API server started on :80"
time="2026-04-10T18:30:05Z" level=info msg="Starting HTTPS server"
time="2026-04-10T18:30:06Z" level=info msg="HTTPS server started on :443"
time="2026-04-10T18:30:07Z" level=info msg="Rancher is ready"

http://192.168.1.100:2379 is healthy: successfully committed proposal: took = 12.345ms
http://192.168.1.101:2379 is healthy: successfully committed proposal: took = 11.234ms
http://192.168.1.102:2379 is healthy: successfully committed proposal: took = 13.456ms

1, started, fgedu-etcd-1, http://192.168.1.100:2380, http://192.168.1.100:2379, false
2, started, fgedu-etcd-2, http://192.168.1.101:2380, http://192.168.1.101:2379, false
3, started, fgedu-etcd-3, http://192.168.1.102:2380, http://192.168.1.102:2379, false

4.2 故障切换演练

模拟节点故障并验证自动切换。

rancher-server

pong

192.168.1.1 - - [10/Apr/2026:18:35:00 +0800] "GET /ping HTTP/2.0" 200 4 "-" "curl/7.64.1"
192.168.1.1 - - [10/Apr/2026:18:35:01 +0800] "GET /ping HTTP/2.0" 200 4 "-" "curl/7.64.1"
192.168.1.1 - - [10/Apr/2026:18:35:02 +0800] "GET /ping HTTP/2.0" 200 4 "-" "curl/7.64.1"

2: eth0:  mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:12:34:56 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.150/24 brd 192.168.1.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet 192.168.1.200/32 scope global eth0
       valid_lft forever preferred_lft forever

rancher-server

abc123def4567890123456789012345678901234567890123456789012345678901234   rancher/rancher:latest   "entrypoint.sh"   1 minute ago   Up 1 minute   0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp   rancher-server

4.3 性能测试与优化

执行性能测试并优化配置。

This is ApacheBench, Version 2.3 <$Revision: 1843412 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/

Benchmarking rancher.fgedu.net.cn (be patient)
Completed 1000 requests
Completed 2000 requests
Completed 3000 requests
Completed 4000 requests
Completed 5000 requests
Completed 6000 requests
Completed 7000 requests
Completed 8000 requests
Completed 9000 requests
Completed 10000 requests
Finished 10000 requests


Server Software:
Server Hostname:        rancher.fgedu.net.cn
Server Port:            443
SSL/TLS Protocol:       TLSv1.2,TLSv1.3
TLS Server Name:        rancher.fgedu.net.cn

Document Path:          /ping
Document Length:        4 bytes

Concurrency Level:      100
Time taken for tests:   45.234 seconds
Complete requests:      10000
Failed requests:        0
Total transferred:      2800000 bytes
HTML transferred:       40000 bytes
Requests per second:    221.12 [#/sec] (mean)
Time per request:       452.340 [ms] (mean)
Time per request:       4.523 [ms] (mean, across all concurrent requests)
Transfer rate:          60.46 [Kbytes/sec] received

Connection Times (ms)
              min  mean[+/-sd] median   max
Connect:        5   10   3.2      9      25
Processing:     10   440  125.6    445     890
Waiting:        8   435  123.4    440     885
Total:         15   450  128.8    455     915

Percentage of the requests served within a certain time (ms)
  50%    455
  66%    520
  75%    540
  80%    560
  90%    620
  95%    680
  98%    750
  99%    820
 100%    915 (longest request)

/etc/nginx/nginx.conf <

Requests per second:    345.67 [#/sec] (mean)
Time per request:       289.234 [ms] (mean)
Transfer rate:          95.23 [Kbytes/sec] received

Part05-风哥经验总结与分享

5.1 生产环境最佳实践

1. 部署至少3个Rancher Server节点
2. 使用外部负载均衡器分发流量
3. 配置etcd集群保证数据一致性
4. 使用SSL证书加密通信
5. 配置健康检查和自动故障切换
6. 定期备份etcd和数据库
7. 监控集群性能和可用性
8. 定期进行故障演练

5.2 常见问题与解决方案

1. 节点宕机：检查keepalived状态、验证VIP漂移
2. 负载不均：调整负载均衡算法、检查节点健康
3. etcd集群分裂：检查网络连通性、验证时钟同步
4. 性能下降：优化Nginx配置、增加节点资源
5. 数据不一致：检查etcd日志、验证集群状态
6. SSL证书过期：更新证书、配置自动续期
7. 健康检查失败：检查应用状态、验证配置
8. 故障切换延迟：调整keepalived参数、优化网络

本文由风哥教程整理发布,仅用于学习测试使用,转载注明出处:http://www.fgedu.net.cn/10327.html