rke2+rancher

[GunSik2]

RKE2

• Env : Ubuntu 20.04
• Install RKE2

  curl -sfL https://get.rke2.io | sh -
  systemctl enable rke2-server.service
  systemctl start rke2-server.service
  journalctl -u rke2-server -f

• Check

  
  sudo usermod -aG docker YOUR_USERNAME
  // su - YOUR_USERNAME
  // sudo chmod a+r /etc/rancher/rke2/rke2.yaml

export PATH=$PATH:/var/lib/rancher/rke2/bin export KUBECONFIG=/etc/rancher/rke2/rke2.yaml

kubectl get nodes kubectl get pods --all-namespaces

curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash helm ls --all-namespaces

- Remove RKE2

rke2-uninstall.sh

## Rancher 2.5
- repo

helm repo add rancher-stable https://releases.rancher.com/server-charts/stable kubectl create namespace cattle-system

- cert-manager 
  We will be using self-signed certificates for now. The cert-manager tool can generate these automatically. 
  Note: if you bring your own certificates, this step is not required.

kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.7.1/cert-manager.yaml

kubectl get pods -n cert-manager

- Rancher

helm upgrade --install rancher rancher-stable/rancher \ --namespace cattle-system \ --set hostname=rancher.example.com \ --set replicas=1

--set proxy="http://proxy.example.com:80/" \

--set noProxy=".example.com\,169.254.169.254\,10.0.0.0/24"

kubectl get pods -A

- 확인

$ kubectl -n cattle-system rollout status deploy/rancher deployment "rancher" successfully rolled out

$ kubectl -n cattle-system get deploy rancher NAME READY UP-TO-DATE AVAILABLE AGE rancher 1/1 1 1 16m

- haproxy 설정 
  : 80, 443 의 기본 rke 포트 접속이 허용되지 않는 경우, haproxy 이용한 프록시 포트 설정

$ cat /etc/haproxy/haproxy.conf listen tcp8443 bind *:8443 log global mode tcp option tcplog server tcpserver localhost:443 $ systemctl restart haproxy

- helm 삭제

$ helm uninstall rancher -n cattle-system

## longhorn
- Rancher 카탈로그에서 실행 vs Helm chart 직접 설치
- Error(iscsiadm/open-iscsi is missing) 발생시 호스트 실행 

$ sudo yum install -y iscsi-initiator-utils $ sudo systemctl enable iscsid && sudo systemctl start iscsid && systemctl status iscsid

LVM 설치

$ sudo yum install -y lvm2*

볼륨 확인

$ lsblk

볼륨 그룹 묶기

$ sudo vgcreate vg01 /dev/vdb /dev/vdc /dev/vdd /dev/vde

볼륨 그룹 정보 확인

$ sudo vgdisplay

논리볼륨 생성

$ sudo lvcreate -L 399.98G -n lv_data vg01

논리볼륨 확인

$ sudo lvdisplay

논리볼륨 초기화

$ sudo mkfs.ext4 /dev/mapper/vg01-lv_data

볼륨 mount

$ sudo mount /dev/mapper/vg01-lv_data /data/longhorn

mount 확인

$ df -h | grep longhorn

$ sudo vi /etc/rc.d/rc.local

mount /dev/mapper/vg01-lv_data /data/longhorn
$ sudo chmod +x /etc/rc.d/rc.local
```
- Longhorn UI 오픈
```
kubectl expose deployment longhorn-ui --namespace=longhorn-system --type=NodePort --name=longhorn-ui
kubectl describe service longhorn-ui --namespace=longhorn-system
```
- longhorn 노드 down 정책 설정
![image](https://user-images.githubusercontent.com/11453229/153982859-e1b1f3b3-ab37-443f-a8da-3f7f8f37d8f0.png)

## 참고자료
https://artifacthub.io/packages/helm/rancher-stable/rancher

[GunSik2]

Rancher 2.6

• repo

  helm repo add rancher-latest https://releases.rancher.com/server-charts/latest
  kubectl create namespace cattle-system

• cert-manager We will be using self-signed certificates for now. The cert-manager tool can generate these automatically. Note: if you bring your own certificates, this step is not required.

  
  kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.7.1/cert-manager.yaml

kubectl get pods -n cert-manager

- Rancher

helm upgrade --install rancher rancher-latest/rancher \ --namespace cattle-system \ --set hostname=rancher.example.com \ --set replicas=1

--set proxy="http://proxy.example.com:80/" \

--set noProxy=".example.com\,169.254.169.254\,10.0.0.0/24"

kubectl get pods -A

- 확인

$ kubectl -n cattle-system rollout status deploy/rancher deployment "rancher" successfully rolled out

$ kubectl -n cattle-system get deploy rancher NAME READY UP-TO-DATE AVAILABLE AGE rancher 1/1 1 1 16m

- haproxy 설정 
  : 80, 443 의 기본 rke 포트 접속이 허용되지 않는 경우, haproxy 이용한 프록시 포트 설정

$ cat /etc/haproxy/haproxy.conf listen tcp8443 bind *:8443 log global mode tcp option tcplog server tcpserver localhost:443 $ systemctl restart haproxy

참고자료
- https://github.com/rancher/rancher/tree/release/v2.6/chart
- https://artifacthub.io/packages/helm/rancher-stable/rancher

[GunSik2]

• rancher password reset

  
  $ sudo crictl --config /var/lib/rancher/rke2/agent/etc/crictl.yaml ps | grep rancher
  34d1b2244304a       c18d03bea7c6f       2 months ago        Running             rancher-operator                0                   276a6d81a43d4
  657c4ab77f663       55843e1adcf3e       2 months ago        Running             rancher-webhook                 0                   0bf8baed4da85
  08bf86e93c8fe       d7329a56a8e40       2 months ago        Running             rancher                         0                   a627a08018781

$ sudo crictl --config /var/lib/rancher/rke2/agent/etc/crictl.yaml exec -ti 08bf86e93c8fe reset-password

참고자료
- https://rancher.com/docs/rancher/v2.5/en/faq/technical/

[GunSik2]

multus helm 설치

git clone https://github.com/rancher/rke2-charts/
cd rke2-charts/packages/rke2-multus/charts
helm install multus .
kubectl get pods --all-namespaces | grep -i multus

참고자료

• https://github.com/harvester/harvester/tree/v1.0/deploy/charts/harvester