- kubernetes menggunakan microk8s
- versi kubernetes v1.28.13
- nginx untuk expose rancher
- Create directory dan masuk dir untuk persiapan instalasi rancher
[root@yys-oci yoni]# mkdir -p rancher
[root@yys-oci yoni]# cd rancher/
- Create config untuk generate certificate yg akan digunakan oleh Rancher
[root@yys-oci rancher]# cat rancher.conf
[req]
distinguished_name = req_distinguished_name
x509_extensions = v3_req
prompt = no
[req_distinguished_name]
C = ID
ST = DIY
L = Yogyakarta
O = your-domain
OU = yys
CN = rancher.your-domain.com
[v3_req]
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = rancher.your-domain.com
DNS.2 = your-domain.com
- Generate certificate menggunakan openssl
[root@yys-oci rancher]# openssl req -x509 -nodes -days 365300 -newkey rsa:2048 -keyout tls.key -out tls.crt -config rancher.conf
Generating a RSA private key...+++++
............................................+++++
writing new private key to 'tls.key'
-----
- Pastikan certificate berhasil tergenarate terdapat dua file (tls.crt dan tls.key)
[root@yys-oci rancher]# ll
total 12
-rw-r--r--. 1 root root 357 Aug 7 20:06 rancher.conf
-rw-r--r--. 1 root root 1350 Aug 9 21:56 tls.crt
-rw-------. 1 root root 1704 Aug 9 21:56 tls.key
- Create namespace pada kubernetes
[root@yys-oci rancher]# kubectl create namespace cattle-system
namespace/cattle-system created
- Create secret yg berisi certificate hasil generate pada point 2
[root@yys-oci rancher]# kubectl -n cattle-system create secret tls tls-rancher-ingress --cert=tls.crt --key=tls.key
secret/tls-rancher-ingress created
- Menambahkan repo rancher menggunakan 'helm'
[root@yys-oci rancher]# helm repo add rancher-stable https://releases.rancher.com/server-charts/stable
"rancher-stable" has been added to your repositories
- Instalasi rancher
[root@yys-oci rancher]# helm install rancher rancher-stable/rancher --namespace cattle-system --set hostname=rancher.your-domain.com --set bootstrapPassword=your-password --set ingress.tls.source=secret --set ingress.tls.secretName=tls-rancher-ingress --version=2.8.5
NAME: rancher
LAST DEPLOYED: Sun Aug 11 09:42:55 2024
NAMESPACE: cattle-system
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
Rancher Server has been installed.
NOTE: Rancher may take several minutes to fully initialize. Please standby while Certificates are being issued, Containers are started and the Ingress rule comes up.
Check out our docs at https://rancher.com/docs/
If you provided your own bootstrap password during installation, browse to https://rancher.your-domain.com to get started.
If this is the first time you installed Rancher, get started by running this command and clicking the URL it generates:
```
echo https://rancher.your-domain.com/dashboard/?setup=$(kubectl get secret --namespace cattle-system bootstrap-secret -o go-template='{{.data.bootstrapPassword|base64decode}}')
```
To get just the bootstrap password on its own, run:
```
kubectl get secret --namespace cattle-system bootstrap-secret -o go-template='{{.data.bootstrapPassword|base64decode}}{{ "\n" }}'
```
Happy Containering!
[root@yys-oci rancher]#
- Pengecekan service rancher
[root@yys-oci rancher]# kubectl get pod -A | grep rancher
cattle-system rancher-7d8b95f8-5mm77 1/1 Running 2 (19d ago) 22d
cattle-system rancher-webhook-684fb7899b-kdrcv 1/1 Running 2 (19d ago) 22d
[root@yys-oci rancher]#
- Describe svc rancher, nantinya akan disesuaikan svc rancher
Bisa dilihat untuk svc rancher default menggunakan type ClusterIP[root@yys-oci rancher]# kubectl describe svc rancher -n cattle-system
Name: rancher
Namespace: cattle-system
Labels: app=rancher
app.kubernetes.io/managed-by=Helm
chart=rancher-2.8.5
heritage=Helm
release=rancher
Annotations: meta.helm.sh/release-name: rancher
meta.helm.sh/release-namespace: cattle-system
Selector: app=rancher
Type: ClusterIP
IP Family Policy: SingleStack
IP Families: IPv4
IP: 10.152.183.25
IPs: 10.152.183.25
Port: http 80/TCP
TargetPort: 80/TCP
Endpoints: 10.1.138.134:80
Port: https-internal 443/TCP
TargetPort: 444/TCP
Endpoints: 10.1.138.134:444
Session Affinity: None
Events: <none>
- Penyesuaian svc rancher agar dapat diakses melalui browser
[root@yys-oci rancher]# kubectl edit svc rancher -n cattle-system
service/rancher edited
# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: v1
kind: Service
metadata:
annotations:
field.cattle.io/publicEndpoints: '[{"port":32141,"protocol":"TCP","serviceName":"cattle-system:rancher","allNodes":true},{"port":32443,"protocol":"TCP","serviceName":"cattle-system:rancher","allNodes":true}]'
meta.helm.sh/release-name: rancher
meta.helm.sh/release-namespace: cattle-system
creationTimestamp: "2024-08-11T02:42:56Z"
labels:
app: rancher
app.kubernetes.io/managed-by: Helm
chart: rancher-2.8.5
heritage: Helm
release: rancher
name: rancher
namespace: cattle-system
resourceVersion: "14610"
uid: f66721b2-67c9-4e4f-88b4-2c8cd8675aa1
spec:
clusterIP: 10.152.183.25
clusterIPs:
- 10.152.183.25
externalTrafficPolicy: Cluster
internalTrafficPolicy: Cluster
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
ports:
- name: http
nodePort: 32141 >>>> menambahkan nodePort (bebas menggunakan port berapapun)
port: 80
protocol: TCP
targetPort: 80
- name: https-internal
nodePort: 32443 >>>> menambahkan nodePort (bebas menggunakan port berapapun)
port: 443
protocol: TCP
targetPort: 444
selector:
app: rancher
sessionAffinity: None
type: NodePort >>>> merubah dari type ClusterIP menjadi NodePort
status:
loadBalancer: {}
- Cek kembali svc rancher, pastikan perubahan type dan penambahan nodeport sudah sesuai
[root@yys-oci rancher]# kubectl describe svc rancher -n cattle-system
Name: rancher
Namespace: cattle-system
Labels: app=rancher
app.kubernetes.io/managed-by=Helm
chart=rancher-2.8.5
heritage=Helm
release=rancher
Annotations: field.cattle.io/publicEndpoints:
[{"port":32141,"protocol":"TCP","serviceName":"cattle-system:rancher","allNodes":true},{"port":32443,"protocol":"TCP","serviceName":"cattl...
meta.helm.sh/release-name: rancher
meta.helm.sh/release-namespace: cattle-system
Selector: app=rancher
Type: NodePort
IP Family Policy: SingleStack
IP Families: IPv4
IP: 10.152.183.25
IPs: 10.152.183.25
Port: http 80/TCP
TargetPort: 80/TCP
NodePort: http 32141/TCP
Endpoints: 10.1.138.134:80
Port: https-internal 443/TCP
TargetPort: 444/TCP
NodePort: https-internal 32443/TCP
Endpoints: 10.1.138.134:444
Session Affinity: None
External Traffic Policy: Cluster
Events: <none>
- Akses Rancher bisa menggunakan ssh tunnel atau expose menggunakan web server (nginx/apache)
Contoh menggunakan ssh tunnel
Port 32443 depan : merupakan port nodePort https dari svc rancher.┌──(yys㉿yys)-[~]
└─$ ssh -L 32443:localhost:32443 yoni@192.168.94.94
Activate the web console with: systemctl enable --now cockpit.socket
Last login: Sat Sep 21 10:37:14 2024 from 124.40.251.124
[yoni@yys-oci ~]$
localhost:32443 : ini digunakan untuk akses via browser (32443 yg belakang bisa disesuaikan dengan port lain).
yoni@192.168.94.94 : yoni sebagai user akses server, dan 192.168.94.94 merupakan ip server.
Jadi node port bisa diakses dari semua node master kubernetes. - Akses via browser menggunakan https://localhost:32443Login menggunakan admin dan password menggunakan password yg dibuat waktu proses instalasi rancher atau bisa dicek di secret rancher pada kubernetes.
- --Finish--
Tidak ada komentar:
Posting Komentar