---
# System prepended metadata

title: Rancher快速安裝 - K3S與nip.io篇
tags: [rancher, k3s, nip.io]

---

# 環境資訊

為了要快速安裝一套Rancher環境使用，需要一個小的K8s叢集，為此，我們有K3s跟RKE2兩種快速安裝的方法可以使用。
:::warning
不用裝Docker。
K3s與RKE2為SUSE的K8s發行版本，版號與K8s版一致(e.g. K3s 1.31.4 = K8s 1.31.4)。
SUSE提供K3s、RKE2與Rancher的商用支援。
舊版的RKE將在2025七月EoL。
有其他安裝方法，畢竟Rancher是container，需要搭配ingress使用。
:::

:::info
K3s對資源的需求低，本文主要使用K3s作為快速安裝說明，Production環境請改用RKE2。
:::

1. Rancher K3s單節點VM，也可相容於ARM架構，例如樹莓派環境，K8s環境為Rancher下轄之叢集，具備完整K8s架構，在Rancher Production環境建立時，請使用RKE2。
2. 最低資源需求，可參考[K3S](https://docs.k3s.io/installation/requirements#hardware)官方網站
    1. Rancher管理節點：
        1.1. 建議CPU: 4 core, RAM: 8G, Disk: 80G, 1 NIC可聯外。
    2. K8S叢集：
        2.1. Master(3 node): 4 core, RAM: 8G, Disk: 80G, 1 NIC可聯外。
        2.2. Worker(1+N node): 4 core, RAM: 8G, Disk: 80G, 1 NIC可聯外。
4. K3S版本：v1.31.4+k3s1
5. Rancher版本：2.10.2
6. RKE2版本：1.31+
7. Helm版本：3.16.4

:::info
為什麼要用nip.io?
因為另外架DNS花時間跟資源，用nip.io的方式直接指向到單節點上去解析就好。
:::

# 1. K3S安裝
```shell=
k3snode:~ # export INSTALL_K3S_VERSION=v1.31.4+k3s1
k3snode:~ # curl -sfL https://get.k3s.io | sh -
[INFO]  Using v1.31.4+k3s1 as release
[INFO]  Downloading hash https://github.com/k3s-io/k3s/releases/download/v1.31.4+k3s1/sha256sum-amd64.txt
[INFO]  Downloading binary https://github.com/k3s-io/k3s/releases/download/v1.31.4+k3s1/k3s
[INFO]  Verifying binary download
[INFO]  Installing k3s to /usr/local/bin/k3s
[INFO]  Skipping installation of SELinux RPM
[INFO]  Creating /usr/local/bin/kubectl symlink to k3s
[INFO]  Creating /usr/local/bin/crictl symlink to k3s
[INFO]  Creating /usr/local/bin/ctr symlink to k3s
[INFO]  Creating killall script /usr/local/bin/k3s-killall.sh
[INFO]  Creating uninstall script /usr/local/bin/k3s-uninstall.sh
[INFO]  env: Creating environment file /etc/systemd/system/k3s.service.env
[INFO]  systemd: Creating service file /etc/systemd/system/k3s.service
[INFO]  systemd: Enabling k3s unit
Created symlink /etc/systemd/system/multi-user.target.wants/k3s.service → /etc/systemd/system/k3s.service.
[INFO]  systemd: Starting k3s
```

## 1.1. 檢查k3s狀態
```shell=
k3snode:~ # systemctl status k3s
● k3s.service - Lightweight Kubernetes
     Loaded: loaded (/etc/systemd/system/k3s.service; enabled; preset: disabled)
     Active: active (running) since Mon 2025-02-03 09:15:26 CST; 44s ago
       Docs: https://k3s.io
    Process: 20398 ExecStartPre=/bin/sh -xc ! /usr/bin/systemctl is-enabled --quiet nm-cloud-setup.service 2>/dev/null>
    Process: 20400 ExecStartPre=/sbin/modprobe br_netfilter (code=exited, status=0/SUCCESS)
    Process: 20406 ExecStartPre=/sbin/modprobe overlay (code=exited, status=0/SUCCESS)
   Main PID: 20408 (k3s-server)
      Tasks: 92
        CPU: 34.880s
```

## 1.2. 檢查pod是否全部啟動
```shell=
k3snode:~ # kubectl get po -A
NAMESPACE     NAME                                      READY   STATUS      RESTARTS   AGE
kube-system   coredns-ccb96694c-bqzn4                   1/1     Running     0          84s
kube-system   helm-install-traefik-crd-x4pmm            0/1     Completed   0          84s
kube-system   helm-install-traefik-wwtkk                0/1     Completed   1          84s
kube-system   local-path-provisioner-5cf85fd84d-kr8x4   1/1     Running     0          84s
kube-system   metrics-server-5985cbc9d7-7qlm4           1/1     Running     0          84s
kube-system   svclb-traefik-f6012ca2-6gwjz              2/2     Running     0          60s
kube-system   traefik-57b79cf995-xm4h5                  1/1     Running     0          60s
```

## 1.3. 檢察節點狀態
```shell=
k3snode:~ # kubectl get no
NAME      STATUS   ROLES                  AGE     VERSION
k3snode   Ready    control-plane,master   4m2s   v1.31.4+k3s1
```

# 2. Helm安裝
Helm需對應K8s的發行版，請參照[Helm Version Support Policy](https://helm.sh/docs/topics/version_skew/)

```shell=
k3snode:~ # wget https://get.helm.sh/helm-v3.16.4-linux-amd64.tar.gz
--2025-02-03 09:26:40--  https://get.helm.sh/helm-v3.16.4-linux-amd64.tar.gz
Resolving get.helm.sh (get.helm.sh)... 13.107.246.73, 2620:1ec:bdf::73
Connecting to get.helm.sh (get.helm.sh)|13.107.246.73|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 17344287 (17M) [application/x-tar]
Saving to: ‘helm-v3.16.4-linux-amd64.tar.gz’

helm-v3.16.4-linux-amd64.tar. 100%[================================================>]  16.54M  1.74MB/s    in 10s     

2025-02-03 09:26:52 (1.63 MB/s) - ‘helm-v3.16.4-linux-amd64.tar.gz’ saved [17344287/17344287]

k3snode:~ # tar -zxvf helm-v3.16.4-linux-amd64.tar.gz
linux-amd64/
linux-amd64/LICENSE
linux-amd64/README.md
linux-amd64/helm
k3snode:~ # sudo cp linux-amd64/helm /usr/local/bin/

k3snode:~ # helm --help
The Kubernetes package manager

Common actions for Helm:

- helm search:    search for charts
...
...
...
```

## 2.1. 指定helm使用k3s產出的kubeconfig

:::warning
需要指定K8s config file給helm使用。
RKE2不用這個步驟。
:::

```shell=
k3snode:~ # export KUBECONFIG=/etc/rancher/k3s/k3s.yaml
```

# 3. cert-manager安裝
Rancher需要使用憑證，可以透過Cert-manager處理。
如果想要自簽憑證的話，可以透過openssl來產生，對指令覺得很生澀的話，可以透過xca來處理，但是要裝GUI才能使用。

```shell=
k3snode:~ # helm repo add jetstack https://charts.jetstack.io
"jetstack" has been added to your repositories

k3snode:~ # kubectl create namespace cert-manager
namespace/cert-manager created

k3snode:~ # kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.1/cert-manager.crds.yaml
customresourcedefinition.apiextensions.k8s.io/certificaterequests.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/certificates.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/challenges.acme.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/clusterissuers.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/issuers.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/orders.acme.cert-manager.io created

k3snode:~ # helm install cert-manager jetstack/cert-manager \
--namespace cert-manager \
--create-namespace \
--version v1.13.1

NAME: cert-manager
LAST DEPLOYED: Mon Feb  3 09:41:44 2025
NAMESPACE: cert-manager
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
cert-manager v1.13.1 has been deployed successfully!

In order to begin issuing certificates, you will need to set up a ClusterIssuer
or Issuer resource (for example, by creating a 'letsencrypt-staging' issuer).

More information on the different types of issuers and how to configure them
can be found in our documentation:

https://cert-manager.io/docs/configuration/

For information on how to configure cert-manager to automatically provision
Certificates for Ingress resources, take a look at the `ingress-shim`
documentation:

https://cert-manager.io/docs/usage/ingress/

k3snode:~ # kubectl -n cert-manager get po
NAME                                       READY   STATUS    RESTARTS   AGE
cert-manager-6f8689cf7-bxqwk               1/1     Running   0          68s
cert-manager-cainjector-7f4fbb5c79-mqkq5   1/1     Running   0          68s
cert-manager-webhook-b4bff58b5-xmvz8       1/1     Running   0          68s

```

# 4. Rancher安裝
:::info
1. 商用版本Rancher有指定的repo位置。
2. 社群跟商用版本在新功能支援、安規上會有差異，請多留意。
3. 如果你有自架DNS，可以把hostname換成你要的fqdn，只要全部的節點可以透過DNS解析到即可。
:::

:::danger
從主機上面加fqdn進hosts是沒用的。
:::

```shell=
k3snode:~ # helm repo add rancher-stable https://releases.rancher.com/server-charts/stable
"rancher-stable" has been added to your repositories

k3snode:~ # helm search repo rancher-stable
NAME                  	CHART VERSION	APP VERSION	DESCRIPTION                                       
rancher-stable/rancher	2.10.2       	v2.10.2    	Install Rancher Server to manage Kubernetes clu...

k3snode:~ # helm repo update
Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "jetstack" chart repository
...Successfully got an update from the "rancher-stable" chart repository
Update Complete. ⎈Happy Helming!⎈

k3snode:~ # helm install rancher rancher-stable/rancher --namespace cattle-system \
--create-namespace --set hostname=rancher.192.168.122.112.nip.io \
--version 2.10.2 --set global.cattle.psp.enabled=false --set replicas=1

NAME: rancher
LAST DEPLOYED: Mon Feb  3 09:45:19 2025
NAMESPACE: cattle-system
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
Rancher Server has been installed.

NOTE: Rancher may take several minutes to fully initialize. Please standby while Certificates are being issued, Containers are started and the Ingress rule comes up.

Check out our docs at https://rancher.com/docs/

If you provided your own bootstrap password during installation, browse to https://rancher.192.168.122.112.nip.io to get started.

If this is the first time you installed Rancher, get started by running this command and clicking the URL it generates:

echo https://rancher.192.168.122.112.nip.io/dashboard/?setup=$(kubectl get secret --namespace cattle-system bootstrap-secret -o go-template='{{.data.bootstrapPassword|base64decode}}')

To get just the bootstrap password on its own, run:

kubectl get secret --namespace cattle-system bootstrap-secret -o go-template='{{.data.bootstrapPassword|base64decode}}{{ "\n" }}'

Happy Containering!
```

# 4.1. Check cattle-system與取得隨機密碼
```shell!
k3snode:~ # kubectl get po -n cattle-system
NAME                                         READY   STATUS      RESTARTS   AGE
helm-operation-4mvzp                         0/2     Completed   0          3m7s
helm-operation-56rf7                         0/2     Completed   0          74s
helm-operation-87wln                         0/2     Completed   0          3m31s
helm-operation-htkds                         0/2     Completed   0          2m38s
helm-operation-jkpgj                         0/2     Completed   0          115s
helm-operation-js9s7                         0/2     Completed   0          2m27s
helm-operation-z4zxq                         0/2     Completed   0          101s
rancher-6fffd8796c-6srtv                     1/1     Running     0          5m8s
rancher-webhook-554ffd94d8-5h77h             1/1     Running     0          2m23s
system-upgrade-controller-5fb67f585d-9zd2q   1/1     Running     0          111s

k3snode:~ # kubectl get secret --namespace cattle-system bootstrap-secret -o go-template='{{.data.bootstrapPassword|base64decode}}{{"\n"}}'

xfwbrnv6j4r8wcm9tldzjt567tkpmxbsr27hprv4g4t6q94xfq9tfw
```

:::info
登入瀏覽器，進入rancher.192.168.122.112.nip.io
貼上隨機密碼、修改密碼後再次登入。
:::


# 5. 新增k3s叢集

## 5.1. 建立叢集基本資訊

建立叢集時先點選RKE2/K3s後，點選下方 **Custom**
![截圖 2024-08-02 09.58.24](https://hackmd.io/_uploads/r1jQx6KK0.png)

輸入基本資訊
![截圖 2025-02-03 09.57.16](https://hackmd.io/_uploads/rkFnGoT_kx.png)


## 5.2. 複製建立指令

:::danger
1. 注意，節點腳色需要特別注意etcd，建議為奇數台，例如1, 3, 5，不可偶數。
2. 不建議把etcd、Control跟worker node在Production環境混用，你可能沒遇過壞人？
:::

![截圖 2024-07-01 12.52.09](https://hackmd.io/_uploads/r1yaInkwC.png)

## 5.3. 貼上註冊腳本
:::info
1. OS可先把防火牆關閉。
2. OS可參考support matrix上所指定的版本。
:::
```shell=
k3scluster1:~ # curl --insecure -fL https://rancher.192.168.122.112.nip.io/system-agent-install.sh | sudo  sh -s - --server https://rancher.192.168.122.112.nip.io --label 'cattle.io/os=linux' --token lfj97gnn7r786j9njtrt9z9jbtl9c6lq7m7xzk5gbhw4hn998c5kvt --ca-checksum e8891a52d7b74b83131d744ece0f6e97d2639da48974355c9bbe075f54d10516 --etcd --controlplane --worker
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 33698    0 33698    0     0   102k      0 --:--:-- --:--:-- --:--:--  102k
[INFO]  Label: cattle.io/os=linux
[INFO]  Role requested: etcd
[INFO]  Role requested: controlplane
[INFO]  Role requested: worker
[INFO]  CA strict verification is set to true
[INFO]  Using default agent configuration directory /etc/rancher/agent
[INFO]  Using default agent var directory /var/lib/rancher/agent
[WARN]  /usr/local is read-only or a mount point; installing to /opt/rancher-system-agent
[INFO]  Successfully downloaded CA certificate
[INFO]  Value from https://rancher.192.168.122.112.nip.io/cacerts is an x509 certificate
[INFO]  Successfully tested Rancher connection
[INFO]  Downloading rancher-system-agent binary from https://rancher.192.168.122.112.nip.io/assets/rancher-system-agent-amd64
[INFO]  Successfully downloaded the rancher-system-agent binary.
[INFO]  Downloading rancher-system-agent-uninstall.sh script from https://rancher.192.168.122.112.nip.io/assets/system-agent-uninstall.sh
[INFO]  Successfully downloaded the rancher-system-agent-uninstall.sh script.
[INFO]  Generating Cattle ID
[INFO]  Successfully downloaded Rancher connection information
[INFO]  systemd: Creating service file
[INFO]  Creating environment file /etc/systemd/system/rancher-system-agent.env
[INFO]  /usr/local is unsuitable for installation: adding fallback path to systemd unit env file.
[INFO]  Enabling rancher-system-agent.service
Created symlink /etc/systemd/system/multi-user.target.wants/rancher-system-agent.service → /etc/systemd/system/rancher-system-agent.service.
[INFO]  Starting/restarting rancher-system-agent.service
```

## 5.4. 確認節點進度
部署中。
![截圖 2025-02-03 10.06.06](https://hackmd.io/_uploads/B1ntHiauke.png)

部署完畢。
![截圖 2025-02-03 10.09.24](https://hackmd.io/_uploads/r1f5rja_Jg.png)


點擊上方的Explore就可以查看建立好叢集囉。

## 5.5. 確認環境
確認目前叢集資源狀態
![截圖 2025-02-03 10.11.50](https://hackmd.io/_uploads/r18VUi6_Je.png)

點選右上角的指令圖示 >_ 確認容器相關狀態
![截圖 2025-02-03 10.14.38](https://hackmd.io/_uploads/r11i0iad1e.png)


:::info
安裝參考影片：https://drive.google.com/file/d/1FlEn7QM-pPMcqIZ_m79ajgqQrVzJnXOC/view?usp=drive_link
其他參考影片：https://drive.google.com/drive/folders/1AZDKx7XTZY6gq_tE24f8kjudJvfF46RX?usp=drive_link
RKE2, also known as RKE Government, is Rancher's next-generation Kubernetes distribution.
K3s, Lightweight Kubernetes. Easy to install, half the memory, all in a binary of less than 100 MB.
:::