Technology sharing

Yiwen discit uti helm ad explicandam Rancher summus disponibilitate botrum portassent

2024-07-12

한어Русский языкEnglishFrançaisIndonesianSanskrit日本語DeutschPortuguêsΕλληνικάespañolItalianoSuomalainenLatina

rancher botrum architecturae diagram

Rancher princeps disponit galeam disponibilitate botrum portassent

Introductio ad Helm

Gubernaculum administrationis instrumenti Kubernetes est, ad faciliorem reddendam instituti ac administrationis applicationes Kubernetes. Galea comparari potest cum instrumento CentOS yum. Helm notiones praecipuas sequentes habet;

Chart: Res institutionis involucrum ab Helm tractatum est, quod involucrum institutionis continet facultates quae explicandae sunt. Charta comparari potest cum fasciculi rpm a CentOS yum adhibito.

Dimittis: Exemplum est instruere chartæ. Chartæ plures emissiones in botro Kubernetes habere possunt, hoc est, chartula multiplicia tempora institui potest.

Repositorium: CELLA CHARTA, chartis evulgandis ac repositorium adhibitum

download:https://github.com/helm/helm/releases

Reprehendo statum siliquae

  1. kubectl get pods --namespace=kube-system
  2. kubectl get pods --all-namespaces

Si eam delere vis, primum instruere et postea eam delere.

  1. kangming@ubuntu26:~$ kubectl get deployment --namespace=kube-system
  2. NAMEREADY UP-TO-DATE AVAILABLE AGE
  3. calico-kube-controllers 1/1 11 4h23m
  4. coredns 2/2 22 4h22m
  5. coredns-autoscaler1/1 11 4h22m
  6. metrics-server1/1 11 4h18m
  7. tiller-deploy 0/1 10 4h15m
  8.  
  9. kangming@ubuntu26:~$ kubectl delete deployment tiller-deploy --namespace=kube-system
  10. deployment.apps "tiller-deploy" deleted

Si vis singillatim videre vasculum, describere potes

kubectl describe pod rke-coredns-addon-deploy-job-qz8v6--namespace=kube-system

helm3 institutionem

Ultima versio stabilis: v3.9.2

download

https://get.helm.sh/helm-v3.9.2-linux-amd64.tar.gz

install

  1. tar -zxvf helm-v3.9.2-linux-amd64.tar.gz
  2. sudo mv linux-amd64/helm /usr/local/bin/helm 
  3. sudo chmod +/usr/local/bin/helm

Reprehendo sicco documenta publica:

Helm | Docs

Helm |

Addere chart CELLA

helm repo add bitnami https://charts.bitnami.com/bitnami

View the list of installable charts

  1. kangming@ubuntu26:~/rancher$ helm search repo bitnami
  2. NAMECHART VERSION APP VERSION DESCRIPTION
  3. bitnami/airflow 13.0.22.3.3 Apache Airflow is a tool to express and execute...
  4. bitnami/apache9.1.162.4.54Apache HTTP Server is an open-source HTTP serve...
  5. bitnami/argo-cd 4.0.6 2.4.8 Argo CD is a continuous delivery tool for Kuber...
  6. bitnami/argo-workflows2.3.8 3.3.8 Argo Workflows is meant to orchestrate Kubernet...

Install chart exemplum

  1. ##确定我们可以拿到最新的charts列表
  2. helm repo update
  3.  
  4. #安装一个mysql的chat示例
  5. helm install bitnami/mysql --generate-name
  6. NAME: mysql-1659686641
  7. LAST DEPLOYED: Fri Aug5 16:04:04 2022
  8. NAMESPACE: default
  9. STATUS: deployed
  10. REVISION: 1
  11. TEST SUITE: None
  12. NOTES:
  13. CHART NAME: mysql
  14. CHART VERSION: 9.2.5
  15. APP VERSION: 8.0.30
  16.  
  17. ** Please be patient while the chart is being deployed **
  18.  
  19. Tip:
  20.  
  21. Watch the deployment status using the command: kubectl get pods -w --namespace default
  22.  
  23. Services:
  24.  
  25. echo Primary: mysql-1659686641.default.svc.cluster.local:3306
  26.  
  27. Execute the following to get the administrator credentials:
  28.  
  29. echo Username: root
  30. MYSQL_ROOT_PASSWORD=$(kubectl get secret --namespace default mysql-1659686641 -o jsonpath="{.data.mysql-root-password}" | base64 -d)
  31.  
  32. To connect to your database:
  33.  
  34. 1Run a pod that you can use as a client:
  35.  
  36. kubectl run mysql-1659686641-client --rm --tty -i --restart='Never' --imagedocker.io/bitnami/mysql:8.0.30-debian-11-r4 --namespace default --env MYSQL_ROOT_PASSWORD=$MYSQL_ROOT_PASSWORD --command -- bash
  37.  
  38. 2To connect to primary service (read/write):
  39.  
  40. mysql -h mysql-1659686641.default.svc.cluster.local -uroot -p"$MYSQL_ROOT_PASSWORD"

In exemplo superiore, chart bitnami/mysql cum nomine mysql-1659686641 evulgatur. Cum omnes siliquas digerimus, plura mysql siliquas reperiemus.

Simpliciter discere potes notitias fundamentales huius chartulae faciendo gubernacula ostende chart bitnami/mysql mandatum. Vel galeam facere potes omnia monstra bitnami/mysql ut omnes informationes de chartula accipias.

Cum galeam institutionem funeris, nova versio emissio creata est. Ergo chartula pluries in eodem botro institui potest, et unumquodque independenter ac agi et upgraded potest.

For more information on use galea, see;https://helm.sh/zh/docs/intro/using_helm/

Apud Helm facile videre potes quae chartulae editae sunt

  1. kangming@ubuntu26:~/rancher$ helm list
  2. NAMENAMESPACE REVISIONUPDATED STATUSCHART APP VERSION
  3. mysql-1659686641default 1 2022-08-05 16:04:04.411386078 +0800 CST deployedmysql-9.2.5 8.0.30

Uninstall versionem

  1. kangming@ubuntu26:~/rancherhelm uninstall mysql-1659686641
  2. release "mysql-1659686641" uninstalled

Hoc mandatum a Kubernetes mysql-1659686641 explicabit. Omnes facultates cognatae delebit (servitium, instruere, vasculum, etc.) huic versioni et etiam historiae versionis pertinentes.

Si optionem historicae artis praeberes cum gubernaculum exsequens amoveas, Helm historiam versionis servabit. Inspicere potes informationem de hac versione per mandatum

helm status mysql-1659686641

gubernaculum auxilium documenta

helm get -h

galeam quaerere

  • gubernacula quaerere centrum eArtificium Hub Find and list helm charts in . Multa alia repositoria in Artificio Hub condita sunt.

  • gubernaculum quaerere repo quaesita e repositoriis quibus adiecisti (galma repo utens addendi) ad clientem loci tui clavum. Praeceptum hoc in loci notitia exquirit nec interretialem connexionem requirit.

Gubernaculo utere instituto imperio ut novam galeam sarcinam instituam. Simplicissima usus methodus solum in duobus parametris transitum requirit: emissio nomen quod tibi nominatum est et nomen chartulae instituendae vis.

helm install happy-panda bitnami/wordpress

Helm3 installs rancher (se libellum modum signati)

1. Add Charta CELLA oratio

helm repo add rancher-latest 
https://releases.rancher.com/server-charts/latest

2. Definitio certificatorium Generale

Nam referat:Generate SSL libellum auto-signatum

One-click libellum generationis litterae, rancher officialis, nisi ut key.sh

  1. #!/bin/bash -e
  2.  
  3. help ()
  4. {
  5. echo' ================================================================ '
  6. echo' --ssl-domain: 生成ssl证书需要的主域名,如不指定则默认为www.rancher.local,如果是ip访问服务,则可忽略;'
  7. echo' --ssl-trusted-ip: 一般ssl证书只信任域名的访问请求,有时候需要使用ip去访问server,那么需要给ssl证书添加扩展IP,多个IP用逗号隔开;'
  8. echo' --ssl-trusted-domain: 如果想多个域名访问,则添加扩展域名(SSL_TRUSTED_DOMAIN),多个扩展域名用逗号隔开;'
  9. echo' --ssl-size: ssl加密位数,默认2048;'
  10. echo' --ssl-cn: 国家代码(2个字母的代号),默认CN;'
  11. echo' 使用示例:'
  12. echo' ./create_self-signed-cert.sh --ssl-domain=www.test.com --ssl-trusted-domain=www.test2.com  '
  13. echo' --ssl-trusted-ip=1.1.1.1,2.2.2.2,3.3.3.3 --ssl-size=2048 --ssl-date=3650'
  14. echo' ================================================================'
  15. }
  16.  
  17. case "$1" in
  18. -h|--helphelpexit;;
  19. esac
  20.  
  21. if [[ $1 == '' ]];then
  22. help;
  23. exit;
  24. fi
  25.  
  26. CMDOPTS="$*"
  27. for OPTS in $CMDOPTS;
  28. do
  29. key=$(echo ${OPTS} | awk -F"=" '{print $1}' )
  30. value=$(echo ${OPTS} | awk -F"=" '{print $2}' )
  31. case "$key" in
  32. --ssl-domain) SSL_DOMAIN=$value ;;
  33. --ssl-trusted-ip) SSL_TRUSTED_IP=$value ;;
  34. --ssl-trusted-domain) SSL_TRUSTED_DOMAIN=$value ;;
  35. --ssl-size) SSL_SIZE=$value ;;
  36. --ssl-date) SSL_DATE=$value ;;
  37. --ca-date) CA_DATE=$value ;;
  38. --ssl-cn) CN=$value ;;
  39. esac
  40. done
  41.  
  42. # CA相关配置
  43. CA_DATE=${CA_DATE:-3650}
  44. CA_KEY=${CA_KEY:-cakey.pem}
  45. CA_CERT=${CA_CERT:-cacerts.pem}
  46. CA_DOMAIN=cattle-ca
  47.  
  48. # ssl相关配置
  49. SSL_CONFIG=${SSL_CONFIG:-$PWD/openssl.cnf}
  50. SSL_DOMAIN=${SSL_DOMAIN:-'www.rancher.local'}
  51. SSL_DATE=${SSL_DATE:-3650}
  52. SSL_SIZE=${SSL_SIZE:-2048}
  53.  
  54. ## 国家代码(2个字母的代号),默认CN;
  55. CN=${CN:-CN}
  56.  
  57. SSL_KEY=$SSL_DOMAIN.key
  58. SSL_CSR=$SSL_DOMAIN.csr
  59. SSL_CERT=$SSL_DOMAIN.crt
  60.  
  61. echo -e "033[32m ---------------------------- 033[0m"
  62. echo -e "033[32m | 生成 SSL Cert | 033[0m"
  63. echo -e "033[32m ---------------------------- 033[0m"
  64.  
  65. if [[ -e ./${CA_KEY} ]]; then
  66. echo -e "033[32m ====> 1. 发现已存在CA私钥,备份"${CA_KEY}"为"${CA_KEY}"-bak,然后重新创建 033[0m"
  67. mv ${CA_KEY} "${CA_KEY}"-bak
  68. openssl genrsa -out ${CA_KEY} ${SSL_SIZE}
  69. else
  70. echo -e "033[32m ====> 1. 生成新的CA私钥 ${CA_KEY} 033[0m"
  71. openssl genrsa -out ${CA_KEY} ${SSL_SIZE}
  72. fi
  73.  
  74. if [[ -e ./${CA_CERT} ]]; then
  75. echo -e "033[32m ====> 2. 发现已存在CA证书,先备份"${CA_CERT}"为"${CA_CERT}"-bak,然后重新创建 033[0m"
  76. mv ${CA_CERT} "${CA_CERT}"-bak
  77. openssl req -x509 -sha256 -new -nodes -key ${CA_KEY} -days ${CA_DATE} -out ${CA_CERT} -subj "/C=${CN}/CN=${CA_DOMAIN}"
  78. else
  79. echo -e "033[32m ====> 2. 生成新的CA证书 ${CA_CERT} 033[0m"
  80. openssl req -x509 -sha256 -new -nodes -key ${CA_KEY} -days ${CA_DATE} -out ${CA_CERT} -subj "/C=${CN}/CN=${CA_DOMAIN}"
  81. fi
  82.  
  83. echo -e "033[32m ====> 3. 生成Openssl配置文件 ${SSL_CONFIG} 033[0m"
  84. cat > ${SSL_CONFIG} <<EOM
  85. [req]
  86. req_extensions = v3_req
  87. distinguished_name = req_distinguished_name
  88. [req_distinguished_name]
  89. [ v3_req ]
  90. basicConstraints = CA:FALSE
  91. keyUsage = nonRepudiation, digitalSignature, keyEncipherment
  92. extendedKeyUsage = clientAuth, serverAuth
  93. EOM
  94.  
  95. if [[ -n ${SSL_TRUSTED_IP} || -n ${SSL_TRUSTED_DOMAIN} || -n ${SSL_DOMAIN} ]]; then
  96. cat >> ${SSL_CONFIG} <<EOM
  97. subjectAltName = @alt_names
  98. [alt_names]
  99. EOM
  100. IFS=","
  101. dns=(${SSL_TRUSTED_DOMAIN})
  102. dns+=(${SSL_DOMAIN})
  103. for i in "${!dns[@]}"do
  104. echo DNS.$((i+1)) = ${dns[$i]} >> ${SSL_CONFIG}
  105. done
  106.  
  107. if [[ -n ${SSL_TRUSTED_IP} ]]; then
  108. ip=(${SSL_TRUSTED_IP})
  109. for i in "${!ip[@]}"do
  110. echo IP.$((i+1)) = ${ip[$i]} >> ${SSL_CONFIG}
  111. done
  112. fi
  113. fi
  114.  
  115. echo -e "033[32m ====> 4. 生成服务SSL KEY ${SSL_KEY} 033[0m"
  116. openssl genrsa -out ${SSL_KEY} ${SSL_SIZE}
  117.  
  118. echo -e "033[32m ====> 5. 生成服务SSL CSR ${SSL_CSR} 033[0m"
  119. openssl req -sha256 -new -key ${SSL_KEY} -out ${SSL_CSR} -subj "/C=${CN}/CN=${SSL_DOMAIN}" -config ${SSL_CONFIG}
  120.  
  121. echo -e "033[32m ====> 6. 生成服务SSL CERT ${SSL_CERT} 033[0m"
  122. openssl x509 -sha256 -req -in ${SSL_CSR} -CA ${CA_CERT} 
  123. -CAkey ${CA_KEY} -CAcreateserial -out ${SSL_CERT} 
  124. -days ${SSL_DATE} -extensions v3_req 
  125. -extfile ${SSL_CONFIG}
  126.  
  127. echo -e "033[32m ====> 7. 证书制作完成 033[0m"
  128. echo
  129. echo -e "033[32m ====> 8. 以YAML格式输出结果 033[0m"
  130. echo "----------------------------------------------------------"
  131. echo "ca_key: |"
  132. cat $CA_KEY | sed 's/^//'
  133. echo
  134. echo "ca_cert: |"
  135. cat $CA_CERT | sed 's/^//'
  136. echo
  137. echo "ssl_key: |"
  138. cat $SSL_KEY | sed 's/^//'
  139. echo
  140. echo "ssl_csr: |"
  141. cat $SSL_CSR | sed 's/^//'
  142. echo
  143. echo "ssl_cert: |"
  144. cat $SSL_CERT | sed 's/^//'
  145. echo
  146.  
  147. echo -e "033[32m ====> 9. 附加CA证书到Cert文件 033[0m"
  148. cat ${CA_CERT} >> ${SSL_CERT}
  149. echo "ssl_cert: |"
  150. cat $SSL_CERT | sed 's/^//'
  151. echo
  152.  
  153. echo -e "033[32m ====> 10. 重命名服务证书 033[0m"
  154. echo "cp ${SSL_DOMAIN}.key tls.key"
  155. cp ${SSL_DOMAIN}.key tls.key
  156. echo "cp ${SSL_DOMAIN}.crt tls.crt"
  157. cp ${SSL_DOMAIN}.crt tls.crt

implement

bash ./key.sh --ssl-domain=rancher.k8s-test.com--ssl-size=2048 --ssl-date=3650

Scapus genitus hoc modo

3 crea secretum spatio nominali

kubectl create namespace cattle-system

4. Service certificatorium et privata clavis ciphertext

  1. kubectl -n cattle-system create secret tls tls-rancher-ingress 
  2. --cert=tls.crt 
  3. --key=tls.key

Si opus est libellum reponere, uti poteskubectl -n cattle-system delete secret tls-rancher-ingressdeleretls-rancher-ingress ciphertextum, et deinde utere mandato suprascripto ad novum ciphertextum creandum. Si libellum a privato CA signatum uteris, novum libellum reponere tantum potes, si ab eodem CA signatur ac currens certificatorium.

5.ca libellum ciphertext

  1. kubectl -n cattle-system create secret generic tls-ca 
  2. --from-file=cacerts.pem=./cacerts.pem

6 Facite institutionem rancher

  1. helm install rancher rancher-latest/rancher 
  2. --namespace cattle-system 
  3. --set hostname=rancher.k8s-test.com 
  4. --set bootstrapPassword=admin 
  5. --set ingress.tls.source=secret 
  6. --set privateCA=true

7. Reprehendo status et exspecta rollout ut bene sit.

  1. kangming@ubuntu26:~$ kubectl -n cattle-system rollout status deploy/rancher
  2. deployment "rancher" successfully rolled out
  3. kangming@ubuntu26:~$ kubectl -n cattle-system get deploy rancher
  4. NAMEREADY UP-TO-DATE AVAILABLE AGE
  5. rancher 3/3 33 40m

Perscriptio leguminis status. Hoc nomen domain nomen deformari potest ad nodi librationem oneris. Quia praedictam institutionem incipit vasculum in omnibus nodis laborantibus per defaltam. Sic infra nginx figuras 80 & 443 tres nodos configurat.

  1. kubectl get pods --all-namespaces
  2. 或者
  3. kubectl get pods -n cattle-system
  4.  
  5. #查看rancher pod状态
  6. kubectl describe podrancher-ff955865-29ljr --namespace=cattle-system
  7. #一次看所有rancher pod
  8. kubectl -n cattle-system describe pods -l app=rancher

HostnameC superius solvendae sunt oneris nodi librationis, quae plerumque VIP virtualised per conservationem servatur. Ad commodum, una tantum nodi LB hic adhibetur, quae directe ad 24 solvenda est, et tunc onus libratio fit per nginx of 24 .

fermentum

Videre tabulata rancherii legumen

  1. kubectl get pods -n cattle-system
  2.  
  3. kubectl -n cattle-system logs -f rancher-5d9699f4cf-72wgp

Configurare pondera pondera

Modo configurare eam in 24 onere nodum aequante ac testimonium generatum a scripto ad 24 . effingo

sudo vi /etc/nginx/nignx.conf

  1. stream {
  2. upstream rancher_servers_http {
  3. least_conn;
  4. server 192.168.43.26:80 max_fails=3 fail_timeout=5s;
  5. server 192.168.43.27:80 max_fails=3 fail_timeout=5s;
  6. server 192.168.43.28:80 max_fails=3 fail_timeout=5s;
  7. }
  8. server {
  9. listen 80;
  10. proxy_pass rancher_servers_http;
  11. }
  12.  
  13. upstream rancher_servers_https {
  14. least_conn;
  15. server 192.168.43.26:443 max_fails=3 fail_timeout=5s;
  16. server 192.168.43.27:443 max_fails=3 fail_timeout=5s;
  17. server 192.168.43.28:443 max_fails=3 fail_timeout=5s;
  18. }
  19. server {
  20. listen 443;
  21. proxy_pass rancher_servers_https;
  22. }
  23. }

aditus;https://rancher.k8s-test.com

Tessera Bootstrap est admin, ratio login est admin, temere uti in tessera: 1BgV0yLx19YkIhOv

Preme paginam administrationis ingredi pergo.

helm3 installs rancher (per libellum procurator sui rancher venit)

Refer ad praevia requisita, botrum k8s per rke institue, et gubernaculum environment para.

1. Add galeam CELLA

  1. helm repo add rancher-latest 
  2. https://releases.rancher.com/server-charts/latest

2. crea in spatio nominali

kubectl create namespace cattle-system

3. TLS certificatorium modum pro administratione certificatorium in Rancher-generato elige.

4. Installatio cert-procurator tantum requiritur, si modum certificatorium TLS Rancher generatum eligis.

  1. If you have installed the CRDs manually instead of with the `--set installCRDs=true` option added to your Helm install command, you should upgrade your CRD resources before upgrading the Helm chart:
  2.  
  3. kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.7.1/cert-manager.crds.yaml
  4.  
  5. Add the Jetstack Helm repository
  6. helm repo add jetstack https://charts.jetstack.io
  7.  
  8. # Update your local Helm chart repository cache
  9. helm repo update
  10.  
  11. # Install the cert-manager Helm chart
  12. helm install cert-manager jetstack/cert-manager 
  13. --namespace cert-manager 
  14. --create-namespace 
  15. --version v1.7.1

Cognoscere quod cert-procurator installatur recte

kubectl get pods --namespace cert-manager

5. Rancher inaugurare et nomen domain fictum pro hostname utere, ita rancher IP patebit.

  1. helm install rancher rancher-latest/rancher 
  2. --namespace cattle-system 
  3. --set hostname=rancher.my.org 
  4. --set bootstrapPassword=admin

6. Exspecta rollout succedere

  1. kangming@ubuntu26:~$ kubectl -n cattle-system rollout status deploy/rancher
  2. deployment "rancher" successfully rolled out
  3. kangming@ubuntu26:~$ kubectl -n cattle-system get deploy rancher
  4. NAMEREADY UP-TO-DATE AVAILABLE AGE
  5. rancher 3/3 33 40m

Post successum, mox tabula nomen regio rancher.my.org tribus nodis probandis Postea, solum opus est onus configurare in libramen introitus unificati. Postquam paginam sequentem viso, probat nullum esse problema de institutione hodierna. Nota nomen regio modo ad accessum adhiberi posse, et pagina normaliter per IP accessum videri non potest.

Configurare pondera portal

Postquam manually tentans omnes nodi rancher accedere possunt, debes configurare nginx oneris conpensationem. Potes directe configurare quattuor tabulatum missum est, ut libellum configurare non debes.

sudo vi /etc/nginx/nignx.conf

  1. stream {
  2. upstream rancher_servers_http {
  3. least_conn;
  4. server 192.168.43.26:80 max_fails=3 fail_timeout=5s;
  5. server 192.168.43.27:80 max_fails=3 fail_timeout=5s;
  6. server 192.168.43.28:80 max_fails=3 fail_timeout=5s;
  7. }
  8. server {
  9. listen 80;
  10. proxy_pass rancher_servers_http;
  11. }
  12.  
  13. upstream rancher_servers_https {
  14. least_conn;
  15. server 192.168.43.26:443 max_fails=3 fail_timeout=5s;
  16. server 192.168.43.27:443 max_fails=3 fail_timeout=5s;
  17. server 192.168.43.28:443 max_fails=3 fail_timeout=5s;
  18. }
  19. server {
  20. listen 443;
  21. proxy_pass rancher_servers_https;
  22. }
  23. }

Configurare fasciculi huius exercituum, transitum test, et rancher ordinarie accedere potest cum nginx LB portae accessus.

Personal profile

technologiae technologiae plus quam 30 annos operam dedit et in variis linguis proficit ut java, linux, javascript, php, css, etc. Multas contributiones in aperto fonte campo fecit elit documentorum statione ad communicandas quaestiones technologiarum progressus ad futuram referentiam

mihi contactus notitia

Mail