Rancher Series - RHEL7.8 Installing Single-Node Rancher with Proxy Offline
This article was last updated on: July 24, 2024 am
I. Basic information
1.1 Prerequisites
- This installation is the latest version of 20220129: Rancher v2.6.3
- VM versions are RHEL 7.8, 7.9 or 8.2, 8.3, 8.4 (required by Rancher’s official website)
- VM YUM repository: The RHEL and EPEL YUM repositories of the corresponding versions are configured
- The VM provides root privileges
- NTP configured (to prevent weird problems due to time inconsistencies)
- Provide proxy access to Internet Rancher-related domain names;
- Port requirements, in order to function properly, Rancher needs to open some ports on Rancher nodes and downstream Kubernetes cluster nodes. Port Requirements lists all the necessary ports for Rancher and downstream clusters for different cluster types. The following table is detailed:
Inbound rules for the Rancher node
Agreement | Port | Source | Purpose | Description |
---|---|---|---|---|
TCP | 80 | Client, operating machine | Rancher node | Rancher UI/API |
TCP | 443 | Client, operator, all K3S nodes | Rancher node | Rancher agent,Rancher UI/API,kubectl |
Outbound rules for Rancher nodes
Agreement | Port | Source | Purpose | Description |
---|---|---|---|---|
TCP | 22 | Rancher node | All K3S nodes | SSH configuration of the node using the Node Driver |
TCP | 2376 | Rancher node | All K3S nodes | Docker daemon TLS port |
TCP | 6443 | Rancher node | K3S Server | Kubernetes API server |
✅ Succeed:
If all of the above preconditions have been met.
That is, you can pass through the “Offline - there is a proxy” to install.
1.2 VM Information
ℹ️ Information:
The OS configuration proxy process is omitted
1.2 Proxy Information
1 |
|
The doamin that the proxy needs to allow is as follows:
Domain name | Purpose |
---|---|
http://mirror.cnrancher.com | Rancher domestic component source |
https://registry.cn-hangzhou.aliyuncs.com | Rancher domestic mirror source |
https://dockerauth.cn-hangzhou.aliyuncs.com | Rancher domestic mirror source |
https://gitee.com | Rancher Domestic Helm Charts Source |
http://mirrors.aliyun.com | YUM Source |
https://mirrors.aliyun.com | YUM Source |
https://rpm.rancher.com | Rancher Source |
🧠 Comments:
The above allowed domain may not be complete and needs to be supplemented.
2. “Offline - with agent” mode installation
🧠 Comments:
This environment is: offline, with agents.
PassbrokerInstall the deployment.
Suppose the IP address of the host where Rancher resides is: 192.168.0.100
2.1 Rancher installation configuration
2.1.1 Install and configure Docker and docker-compose
The RHEL 7.8 installation command is as follows:
1 |
|
ℹ️ Information:
The Docker version is: 1.13, and it comes with 3 Docker-related services after installation:
1
2
3
4
5
# systemctl list-unit-files|grep docker
docker-cleanup.service disabled
docker-storage-setup.service disabled
docker.service disabled
docker-cleanup.timer disabled
docker.service
The directory is:/usr/lib/systemd/system/docker.service
docker-compose version 1.18.0, build 8dd22a9
RHEL registries.conf
Disposition:
disposition insecure-registry
:
1 |
|
1 |
|
**Docker configuration Proxy (optional, recommended configuration to ensure that docker uses 100% of the proxy) \
First create the configuration file:
1 |
|
Then add the configuration:
1 |
|
Finally restart the container and verify:
1 |
|
🧠 Comments:
Linux
NO_PROXY
The CIDR mode configuration does not take effect, only the IP address does.
2.1.2 Generate a certificate with a validity period of 100 years
🧠 Comments:
df -h
View the file system as follows:
1
2
3
4
5
6
7
# df -h
Filesystem Size Used Avail Use% Mounted on
...
/dev/mapper/rhel-root 67G 5.5G 62G 9% /
...
/dev/mapper/vgdata-lvdata 100G 33M 100G 1% /data
...
/data
Directory 100G, so rancher is installed/data/rancher
directory.
1 |
|
1 |
|
1 |
|
To generate a 100-year certificate:
1 |
|
Certificate renaming (to comply with the requirements for the Rancher Docker installation):
1 |
|
2.1.3 Install Rancher
Start it in docker-compose mode to facilitate viewing the relevant configuration in the form of a file.
1 |
|
The YAML configuration is referenced here<sup id=“fnref:2” class=“footnote-ref”>[2] and here<sup id=“fnref:3” class=“footnote-ref”>[3]
1 |
|
Start rancher:
1 |
|
You can view the startup log with the following command:
1 |
|
Once launched, access via browser:https://192.168.0.100/, the first display is as follows:
Enter the following command in Terminal to get the bootstrap password:
1 |
|
And enter the password into the input box, and then generate an admin password, as follows:
CheckI agree...
click Continue
Enter the Rancher homepage, as shown below:
The installation of Rancher is complete.
2.1.4 Rancher China optimized configuration
Use code clouds instead of Github
By default, Rancher uses repo on Github as the URL of the Chart repository, and if there is a timeout situation, you can replace the Chart repository URL with the address of the code cloud.
The correspondence for each repo is as follows:
So how do I modify the Chart repository URL?
- Click on the hamburger menu in the upper left corner of the home page, select “Manage Cluster”->“Advanced”-> “Chart Repository”
- Click the ellipsis -> Edit to the right of the list
- Replace the Chart repository URL with the address in the code cloud and click Save
- At this point, the status of the corresponding Chart repository changes to Refreshed, and it can be used normally after it becomes active
The amendments are as follows:
summary
At this point, the Rancher single-node installation is complete. 🎉🎉🎉
- Address:https://192.168.0.100
- Directory:
/data/rancher
- Certificate Directory:
/data/rancher/certs
- Audit log directory:
/data/rancher/log/auditlog
<section class=“footnotes”>