# 環境資訊
為了要快速安裝一套Rancher環境使用,需要一個小的K8s叢集,為此,我們有K3s跟RKE2兩種快速安裝的方法可以使用。
:::warning
不用裝Docker。
K3s與RKE2為SUSE的K8s發行版本,版號與K8s版一致(e.g. K3s 1.31.4 = K8s 1.31.4)。
SUSE提供K3s、RKE2與Rancher的商用支援。
舊版的RKE將在2025七月EoL。
有其他安裝方法,畢竟Rancher是container,需要搭配ingress使用。
:::
:::info
K3s對資源的需求低,本文主要使用K3s作為快速安裝說明,Production環境請改用RKE2。
:::
1. Rancher K3s單節點VM,也可相容於ARM架構,例如樹莓派環境,K8s環境為Rancher下轄之叢集,具備完整K8s架構,在Rancher Production環境建立時,請使用RKE2。
2. 最低資源需求,可參考[K3S](https://docs.k3s.io/installation/requirements#hardware)官方網站
1. Rancher管理節點:
1.1. 建議CPU: 4 core, RAM: 8G, Disk: 80G, 1 NIC可聯外。
2. K8S叢集:
2.1. Master(3 node): 4 core, RAM: 8G, Disk: 80G, 1 NIC可聯外。
2.2. Worker(1+N node): 4 core, RAM: 8G, Disk: 80G, 1 NIC可聯外。
4. K3S版本:v1.31.4+k3s1
5. Rancher版本:2.10.2
6. RKE2版本:1.31+
7. Helm版本:3.16.4
:::info
為什麼要用nip.io?
因為另外架DNS花時間跟資源,用nip.io的方式直接指向到單節點上去解析就好。
:::
# 1. K3S安裝
```shell=
k3snode:~ # export INSTALL_K3S_VERSION=v1.31.4+k3s1
k3snode:~ # curl -sfL https://get.k3s.io | sh -
[INFO] Using v1.31.4+k3s1 as release
[INFO] Downloading hash https://github.com/k3s-io/k3s/releases/download/v1.31.4+k3s1/sha256sum-amd64.txt
[INFO] Downloading binary https://github.com/k3s-io/k3s/releases/download/v1.31.4+k3s1/k3s
[INFO] Verifying binary download
[INFO] Installing k3s to /usr/local/bin/k3s
[INFO] Skipping installation of SELinux RPM
[INFO] Creating /usr/local/bin/kubectl symlink to k3s
[INFO] Creating /usr/local/bin/crictl symlink to k3s
[INFO] Creating /usr/local/bin/ctr symlink to k3s
[INFO] Creating killall script /usr/local/bin/k3s-killall.sh
[INFO] Creating uninstall script /usr/local/bin/k3s-uninstall.sh
[INFO] env: Creating environment file /etc/systemd/system/k3s.service.env
[INFO] systemd: Creating service file /etc/systemd/system/k3s.service
[INFO] systemd: Enabling k3s unit
Created symlink /etc/systemd/system/multi-user.target.wants/k3s.service → /etc/systemd/system/k3s.service.
[INFO] systemd: Starting k3s
```
## 1.1. 檢查k3s狀態
```shell=
k3snode:~ # systemctl status k3s
● k3s.service - Lightweight Kubernetes
Loaded: loaded (/etc/systemd/system/k3s.service; enabled; preset: disabled)
Active: active (running) since Mon 2025-02-03 09:15:26 CST; 44s ago
Docs: https://k3s.io
Process: 20398 ExecStartPre=/bin/sh -xc ! /usr/bin/systemctl is-enabled --quiet nm-cloud-setup.service 2>/dev/null>
Process: 20400 ExecStartPre=/sbin/modprobe br_netfilter (code=exited, status=0/SUCCESS)
Process: 20406 ExecStartPre=/sbin/modprobe overlay (code=exited, status=0/SUCCESS)
Main PID: 20408 (k3s-server)
Tasks: 92
CPU: 34.880s
```
## 1.2. 檢查pod是否全部啟動
```shell=
k3snode:~ # kubectl get po -A
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system coredns-ccb96694c-bqzn4 1/1 Running 0 84s
kube-system helm-install-traefik-crd-x4pmm 0/1 Completed 0 84s
kube-system helm-install-traefik-wwtkk 0/1 Completed 1 84s
kube-system local-path-provisioner-5cf85fd84d-kr8x4 1/1 Running 0 84s
kube-system metrics-server-5985cbc9d7-7qlm4 1/1 Running 0 84s
kube-system svclb-traefik-f6012ca2-6gwjz 2/2 Running 0 60s
kube-system traefik-57b79cf995-xm4h5 1/1 Running 0 60s
```
## 1.3. 檢察節點狀態
```shell=
k3snode:~ # kubectl get no
NAME STATUS ROLES AGE VERSION
k3snode Ready control-plane,master 4m2s v1.31.4+k3s1
```
# 2. Helm安裝
Helm需對應K8s的發行版,請參照[Helm Version Support Policy](https://helm.sh/docs/topics/version_skew/)
```shell=
k3snode:~ # wget https://get.helm.sh/helm-v3.16.4-linux-amd64.tar.gz
--2025-02-03 09:26:40-- https://get.helm.sh/helm-v3.16.4-linux-amd64.tar.gz
Resolving get.helm.sh (get.helm.sh)... 13.107.246.73, 2620:1ec:bdf::73
Connecting to get.helm.sh (get.helm.sh)|13.107.246.73|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 17344287 (17M) [application/x-tar]
Saving to: ‘helm-v3.16.4-linux-amd64.tar.gz’
helm-v3.16.4-linux-amd64.tar. 100%[================================================>] 16.54M 1.74MB/s in 10s
2025-02-03 09:26:52 (1.63 MB/s) - ‘helm-v3.16.4-linux-amd64.tar.gz’ saved [17344287/17344287]
k3snode:~ # tar -zxvf helm-v3.16.4-linux-amd64.tar.gz
linux-amd64/
linux-amd64/LICENSE
linux-amd64/README.md
linux-amd64/helm
k3snode:~ # sudo cp linux-amd64/helm /usr/local/bin/
k3snode:~ # helm --help
The Kubernetes package manager
Common actions for Helm:
- helm search: search for charts
...
...
...
```
## 2.1. 指定helm使用k3s產出的kubeconfig
:::warning
需要指定K8s config file給helm使用。
RKE2不用這個步驟。
:::
```shell=
k3snode:~ # export KUBECONFIG=/etc/rancher/k3s/k3s.yaml
```
# 3. cert-manager安裝
Rancher需要使用憑證,可以透過Cert-manager處理。
如果想要自簽憑證的話,可以透過openssl來產生,對指令覺得很生澀的話,可以透過xca來處理,但是要裝GUI才能使用。
```shell=
k3snode:~ # helm repo add jetstack https://charts.jetstack.io
"jetstack" has been added to your repositories
k3snode:~ # kubectl create namespace cert-manager
namespace/cert-manager created
k3snode:~ # kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.1/cert-manager.crds.yaml
customresourcedefinition.apiextensions.k8s.io/certificaterequests.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/certificates.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/challenges.acme.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/clusterissuers.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/issuers.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/orders.acme.cert-manager.io created
k3snode:~ # helm install cert-manager jetstack/cert-manager \
--namespace cert-manager \
--create-namespace \
--version v1.13.1
NAME: cert-manager
LAST DEPLOYED: Mon Feb 3 09:41:44 2025
NAMESPACE: cert-manager
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
cert-manager v1.13.1 has been deployed successfully!
In order to begin issuing certificates, you will need to set up a ClusterIssuer
or Issuer resource (for example, by creating a 'letsencrypt-staging' issuer).
More information on the different types of issuers and how to configure them
can be found in our documentation:
https://cert-manager.io/docs/configuration/
For information on how to configure cert-manager to automatically provision
Certificates for Ingress resources, take a look at the `ingress-shim`
documentation:
https://cert-manager.io/docs/usage/ingress/
k3snode:~ # kubectl -n cert-manager get po
NAME READY STATUS RESTARTS AGE
cert-manager-6f8689cf7-bxqwk 1/1 Running 0 68s
cert-manager-cainjector-7f4fbb5c79-mqkq5 1/1 Running 0 68s
cert-manager-webhook-b4bff58b5-xmvz8 1/1 Running 0 68s
```
# 4. Rancher安裝
:::info
1. 商用版本Rancher有指定的repo位置。
2. 社群跟商用版本在新功能支援、安規上會有差異,請多留意。
3. 如果你有自架DNS,可以把hostname換成你要的fqdn,只要全部的節點可以透過DNS解析到即可。
:::
:::danger
從主機上面加fqdn進hosts是沒用的。
:::
```shell=
k3snode:~ # helm repo add rancher-stable https://releases.rancher.com/server-charts/stable
"rancher-stable" has been added to your repositories
k3snode:~ # helm search repo rancher-stable
NAME CHART VERSION APP VERSION DESCRIPTION
rancher-stable/rancher 2.10.2 v2.10.2 Install Rancher Server to manage Kubernetes clu...
k3snode:~ # helm repo update
Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "jetstack" chart repository
...Successfully got an update from the "rancher-stable" chart repository
Update Complete. ⎈Happy Helming!⎈
k3snode:~ # helm install rancher rancher-stable/rancher --namespace cattle-system \
--create-namespace --set hostname=rancher.192.168.122.112.nip.io \
--version 2.10.2 --set global.cattle.psp.enabled=false --set replicas=1
NAME: rancher
LAST DEPLOYED: Mon Feb 3 09:45:19 2025
NAMESPACE: cattle-system
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
Rancher Server has been installed.
NOTE: Rancher may take several minutes to fully initialize. Please standby while Certificates are being issued, Containers are started and the Ingress rule comes up.
Check out our docs at https://rancher.com/docs/
If you provided your own bootstrap password during installation, browse to https://rancher.192.168.122.112.nip.io to get started.
If this is the first time you installed Rancher, get started by running this command and clicking the URL it generates:
echo https://rancher.192.168.122.112.nip.io/dashboard/?setup=$(kubectl get secret --namespace cattle-system bootstrap-secret -o go-template='{{.data.bootstrapPassword|base64decode}}')
To get just the bootstrap password on its own, run:
kubectl get secret --namespace cattle-system bootstrap-secret -o go-template='{{.data.bootstrapPassword|base64decode}}{{ "\n" }}'
Happy Containering!
```
# 4.1. Check cattle-system與取得隨機密碼
```shell!
k3snode:~ # kubectl get po -n cattle-system
NAME READY STATUS RESTARTS AGE
helm-operation-4mvzp 0/2 Completed 0 3m7s
helm-operation-56rf7 0/2 Completed 0 74s
helm-operation-87wln 0/2 Completed 0 3m31s
helm-operation-htkds 0/2 Completed 0 2m38s
helm-operation-jkpgj 0/2 Completed 0 115s
helm-operation-js9s7 0/2 Completed 0 2m27s
helm-operation-z4zxq 0/2 Completed 0 101s
rancher-6fffd8796c-6srtv 1/1 Running 0 5m8s
rancher-webhook-554ffd94d8-5h77h 1/1 Running 0 2m23s
system-upgrade-controller-5fb67f585d-9zd2q 1/1 Running 0 111s
k3snode:~ # kubectl get secret --namespace cattle-system bootstrap-secret -o go-template='{{.data.bootstrapPassword|base64decode}}{{"\n"}}'
xfwbrnv6j4r8wcm9tldzjt567tkpmxbsr27hprv4g4t6q94xfq9tfw
```
:::info
登入瀏覽器,進入rancher.192.168.122.112.nip.io
貼上隨機密碼、修改密碼後再次登入。
:::
# 5. 新增k3s叢集
## 5.1. 建立叢集基本資訊
建立叢集時先點選RKE2/K3s後,點選下方 **Custom**
輸入基本資訊
## 5.2. 複製建立指令
:::danger
1. 注意,節點腳色需要特別注意etcd,建議為奇數台,例如1, 3, 5,不可偶數。
2. 不建議把etcd、Control跟worker node在Production環境混用,你可能沒遇過壞人?
:::
## 5.3. 貼上註冊腳本
:::info
1. OS可先把防火牆關閉。
2. OS可參考support matrix上所指定的版本。
:::
```shell=
k3scluster1:~ # curl --insecure -fL https://rancher.192.168.122.112.nip.io/system-agent-install.sh | sudo sh -s - --server https://rancher.192.168.122.112.nip.io --label 'cattle.io/os=linux' --token lfj97gnn7r786j9njtrt9z9jbtl9c6lq7m7xzk5gbhw4hn998c5kvt --ca-checksum e8891a52d7b74b83131d744ece0f6e97d2639da48974355c9bbe075f54d10516 --etcd --controlplane --worker
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 33698 0 33698 0 0 102k 0 --:--:-- --:--:-- --:--:-- 102k
[INFO] Label: cattle.io/os=linux
[INFO] Role requested: etcd
[INFO] Role requested: controlplane
[INFO] Role requested: worker
[INFO] CA strict verification is set to true
[INFO] Using default agent configuration directory /etc/rancher/agent
[INFO] Using default agent var directory /var/lib/rancher/agent
[WARN] /usr/local is read-only or a mount point; installing to /opt/rancher-system-agent
[INFO] Successfully downloaded CA certificate
[INFO] Value from https://rancher.192.168.122.112.nip.io/cacerts is an x509 certificate
[INFO] Successfully tested Rancher connection
[INFO] Downloading rancher-system-agent binary from https://rancher.192.168.122.112.nip.io/assets/rancher-system-agent-amd64
[INFO] Successfully downloaded the rancher-system-agent binary.
[INFO] Downloading rancher-system-agent-uninstall.sh script from https://rancher.192.168.122.112.nip.io/assets/system-agent-uninstall.sh
[INFO] Successfully downloaded the rancher-system-agent-uninstall.sh script.
[INFO] Generating Cattle ID
[INFO] Successfully downloaded Rancher connection information
[INFO] systemd: Creating service file
[INFO] Creating environment file /etc/systemd/system/rancher-system-agent.env
[INFO] /usr/local is unsuitable for installation: adding fallback path to systemd unit env file.
[INFO] Enabling rancher-system-agent.service
Created symlink /etc/systemd/system/multi-user.target.wants/rancher-system-agent.service → /etc/systemd/system/rancher-system-agent.service.
[INFO] Starting/restarting rancher-system-agent.service
```
## 5.4. 確認節點進度
部署中。
部署完畢。
點擊上方的Explore就可以查看建立好叢集囉。
## 5.5. 確認環境
確認目前叢集資源狀態
點選右上角的指令圖示 >_ 確認容器相關狀態
:::info
安裝參考影片:https://drive.google.com/file/d/1FlEn7QM-pPMcqIZ_m79ajgqQrVzJnXOC/view?usp=drive_link
其他參考影片:https://drive.google.com/drive/folders/1AZDKx7XTZY6gq_tE24f8kjudJvfF46RX?usp=drive_link
RKE2, also known as RKE Government, is Rancher's next-generation Kubernetes distribution.
K3s, Lightweight Kubernetes. Easy to install, half the memory, all in a binary of less than 100 MB.
:::
Sign in with Wallet
Connect another wallet