# 单节点rancher快速部署

我们知道kubernetes学习成本非常高,如果想要快速体验Paas云平台的话，连部署搭建对于新手来说都是难以下手。

rancher是一个`kubernetes-as-a-service`解决方案,也就是说rancher将kubernetes集群搭建与应用编排实现了打包一体化,可以通过图形界面的操作就可以来部署kubernetes集群与应用了。

参考官网: https://rancher.com/

下面我们来使用容器方式快速部署单节点rancher

## 环境准备

| 系统      | docker版本 | rancher版本 | IP             |

| --------- | ---------- | ----------- | -------------- |

| centos7.6 | 19.03.1    | 2.X         | 192.168.122.12 |

准备工作: 

1, 配置静态IP地址(要求能上公网,因为要拉取镜像)

~~~powershell

# vim /etc/sysconfig/network-scripts/ifcfg-eth0

BOOTPROTO="static"

NAME="eth0"

DEVICE="eth0"

ONBOOT="yes"

IPADDR=192.168.122.12

NETMASK=255.255.255.0

GATEWAY=192.168.122.1

DNS1=192.168.122.1

# systemctl stop NetworkManager

# systemctl disable NetworkManager

# systemctl restart network

# systemctl enable network

~~~

2, 主机名和主机名绑定

~~~powershell

# hostnamectl set-hostname --static rancher

~~~

~~~powershell

# vim /etc/hosts

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4

::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

192.168.122.12  rancher

~~~

3, **所有节点**关闭centos7的firewalld防火墙,打开iptables并保存为空规则

~~~powershell

# systemctl stop firewalld

# systemctl disable firewalld

# yum install iptables-services -y

# systemctl restart iptables

# systemctl enable iptables

# iptables -F

# iptables -F -t nat

# iptables -F -t mangle

# iptables -F -t raw

# service iptables save

iptables: Saving firewall rules to /etc/sysconfig/iptables:[  OK  ]

~~~

4, **所有节点**关闭selinux

~~~powershell

# vim /etc/selinux/config

# This file controls the state of SELinux on the system.

# SELINUX= can take one of these three values:

#     enforcing - SELinux security policy is enforced.

#     permissive - SELinux prints warnings instead of enforcing.

#     disabled - No SELinux policy is loaded.

SELINUX=disabled  确认为disabled,如果不是请改成disabled(需要reboot重启生效)

# SELINUXTYPE= can take one of three values:

#     targeted - Targeted processes are protected,

#     minimum - Modification of targeted policy. Only selected processes are protected.

#     mls - Multi Level Security protection.

SELINUXTYPE=targeted

~~~

5, **所有节点** 时间同步

~~~powershell

# systemctl restart ntpd

# systemctl enabled ntpd

~~~

## 需要保证安装docker,并启动服务

~~~powershell

# wget https://download.docker.com/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo

# yum install docker-ce -y

# systemctl restart docker 

# systemctl enable docker 

~~~

## 配置镜像加速器

~~~powershell

# vim /etc/docker/daemon.json

{

"registry-mirrors": ["https://42h8kzrh.mirror.aliyuncs.com"]

}

# systemctl daemon-reload

# systemctl restart docker

~~~

## 启动rancher

~~~powershell

[root@rancher ~]# docker run -d --restart=unless-stopped -p 80:80 -p 443:443 --name rancher -v /var/lib/rancher/:/var/lib/rancher/ rancher/rancher:stable

~~~

## 通过浏览器访问配置

直接访问节点IP即可: https://192.168.122.12

注意: 因为我们没有配置SSL证书, 所以浏览器会报不安全的连接,如果要对公网使用，建议使用CA认证的证书。

## 添加kubernetes集群

直接在主页面添加集群

### 选择集群类型

### 集群名称与选项自定义

### 定义集群主机选项

### 安装rancher-agent

**通过下面命令安装rancher-agent后点完成**

~~~powershell

[root@rancher ~]# sudo docker run -d --privileged --restart=unless-stopped --net=host -v /etc/kubernetes:/etc/kubernetes -v /var/run:/var/run rancher/rancher-agent:v2.2.8 --server https://192.168.122.12 --token 66bknpqf44ghdfxsx7rmsmhdf2ggpkvpbz6mr8cfxd8s2684mms2lz --ca-checksum 68fae84b07cb71dd7dfd3c1edb86d2972049bfb93011e65f2c3ba39a48e2f4ee --node-name node1 --internal-address 192.168.122.12 --etcd --controlplane --worker

~~~