kkk
2022 年4 月 11 日 03:16
1
rancher版本 2.5.12
helm 安装命令 :
helm repo add stable https://releases.rancher.com/server-charts/stable
helm repo add jetstack https://charts.jetstack.io
helm repo update
kubectl create namespace cattle-system
kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.5.3/cert-manager.crds.yaml
helm install cert-manager jetstack/cert-manager --namespace cert-manager --create-namespace --version v1.5.3
helm install rancher stable/rancher --namespace cattle-system --set hostname=ranchertest.aaaa.info --set replicas=1 --version v2.5.12
等cert-manager 完全拉起来以后安装rancher ,容器一直CrashLoopBackOff
通过查询资源 看到 issuer.cert-manager.io/rancher False
通过log 查看提示 cert-manager Error initializing issuer: secret “tls-rancher” not found cert-manager Error getting keypair for CA issuer: secret "tls-rancher" not found
通过 命令查看 kubectl get secret -A | grep rancher 确实没有这个证书
之前一直都是通过这种方式创建的rancher 正常 现在就不行了 环境是新的 没有重复安装过
ksd
2022 年4 月 11 日 06:39
2
刚才看了眼 2.5 的文档,里面用的 cert-manager 的版本是 1.5.1,不确定是否有影响。
kkk
2022 年4 月 11 日 06:42
3
1.5.1 这个版本也试过了 1.7.0、1.8.0 都尝试过 一样的问题
ksd
2022 年4 月 11 日 07:26
5
ksd
2022 年4 月 11 日 07:34
6
我也按照你的方式在我的环境上没有重现,我的 local 集群是 k3s v1.20.15+k3s1
ksd ~ kubectl get pods -A
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system local-path-provisioner-5ff76fc89d-sbqhz 1/1 Running 0 2m32s
kube-system metrics-server-86cbb8457f-cxscd 1/1 Running 1 2m32s
kube-system coredns-6488c6fcc6-vfv5d 1/1 Running 0 2m32s
kube-system helm-install-traefik-8s9x2 0/1 Completed 0 2m32s
kube-system svclb-traefik-zk9k9 2/2 Running 0 62s
kube-system traefik-799bbc5bd6-znwvw 1/1 Running 0 62s
ksd ~
ksd ~
ksd ~ helm repo add stable https://releases.rancher.com/server-charts/stable
"stable" has been added to your repositories
ksd ~ helm repo add jetstack https://charts.jetstack.io
"jetstack" already exists with the same configuration, skipping
ksd ~ helm repo update
Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "rancher-stable" chart repository
...Successfully got an update from the "ingress-nginx" chart repository
...Successfully got an update from the "stable" chart repository
...Successfully got an update from the "pandaria" chart repository
...Successfully got an update from the "rancher-latest" chart repository
...Successfully got an update from the "jetstack" chart repository
...Successfully got an update from the "bitnami" chart repository
Update Complete. ⎈Happy Helming!⎈
ksd ~ kubectl create namespace cattle-system
namespace/cattle-system created
ksd ~ kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.5.3/cert-manager.crds.yaml
customresourcedefinition.apiextensions.k8s.io/certificaterequests.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/certificates.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/challenges.acme.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/clusterissuers.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/issuers.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/orders.acme.cert-manager.io created
ksd ~ helm install cert-manager jetstack/cert-manager --namespace cert-manager --create-namespace --version v1.5.3
NAME: cert-manager
LAST DEPLOYED: Mon Apr 11 15:12:48 2022
NAMESPACE: cert-manager
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
cert-manager v1.5.3 has been deployed successfully!
In order to begin issuing certificates, you will need to set up a ClusterIssuer
or Issuer resource (for example, by creating a 'letsencrypt-staging' issuer).
More information on the different types of issuers and how to configure them
can be found in our documentation:
https://cert-manager.io/docs/configuration/
For information on how to configure cert-manager to automatically provision
Certificates for Ingress resources, take a look at the `ingress-shim`
documentation:
https://cert-manager.io/docs/usage/ingress/
ksd ~ kubectl get pods --namespace cert-manager
NAME READY STATUS RESTARTS AGE
cert-manager-cainjector-856d4df858-vwwxt 1/1 Running 0 35s
cert-manager-66b6d6bf59-pkn4v 1/1 Running 0 35s
cert-manager-webhook-6d866ffbc7-dhzlh 1/1 Running 0 35s
ksd ~ helm install rancher stable/rancher --namespace cattle-system --set hostname=ranchertest.aaaa.info --set replicas=1 --version v2.5.12
W0411 15:13:42.845083 32977 warnings.go:70] cert-manager.io/v1beta1 Issuer is deprecated in v1.4+, unavailable in v1.6+; use cert-manager.io/v1 Issuer
NAME: rancher
LAST DEPLOYED: Mon Apr 11 15:13:41 2022
NAMESPACE: cattle-system
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
Rancher Server has been installed.
NOTE: Rancher may take several minutes to fully initialize. Please standby while Certificates are being issued and Ingress comes up.
Check out our docs at https://rancher.com/docs/rancher/v2.x/en/
Browse to https://ranchertest.aaaa.info
Happy Containering!
ksd ~
ksd ~ kubectl get pods -A
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system local-path-provisioner-5ff76fc89d-sbqhz 1/1 Running 0 4m42s
kube-system metrics-server-86cbb8457f-cxscd 1/1 Running 1 4m42s
kube-system coredns-6488c6fcc6-vfv5d 1/1 Running 0 4m42s
kube-system helm-install-traefik-8s9x2 0/1 Completed 0 4m42s
kube-system svclb-traefik-zk9k9 2/2 Running 0 3m12s
kube-system traefik-799bbc5bd6-znwvw 1/1 Running 0 3m12s
cert-manager cert-manager-cainjector-856d4df858-vwwxt 1/1 Running 0 68s
cert-manager cert-manager-66b6d6bf59-pkn4v 1/1 Running 0 68s
cert-manager cert-manager-webhook-6d866ffbc7-dhzlh 1/1 Running 0 68s
cattle-system rancher-5b8554484f-7kzgm 0/1 ContainerCreating 0 16s
ksd ~ kubectl get pods -A
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system local-path-provisioner-5ff76fc89d-sbqhz 1/1 Running 0 5m5s
kube-system metrics-server-86cbb8457f-cxscd 1/1 Running 1 5m5s
kube-system coredns-6488c6fcc6-vfv5d 1/1 Running 0 5m5s
kube-system helm-install-traefik-8s9x2 0/1 Completed 0 5m5s
kube-system svclb-traefik-zk9k9 2/2 Running 0 3m35s
kube-system traefik-799bbc5bd6-znwvw 1/1 Running 0 3m35s
cert-manager cert-manager-cainjector-856d4df858-vwwxt 1/1 Running 0 91s
cert-manager cert-manager-66b6d6bf59-pkn4v 1/1 Running 0 91s
cert-manager cert-manager-webhook-6d866ffbc7-dhzlh 1/1 Running 0 91s
cattle-system rancher-5b8554484f-7kzgm 0/1 ContainerCreating 0 39s
ksd ~ kubectl get pods -A
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system local-path-provisioner-5ff76fc89d-sbqhz 1/1 Running 0 10m
kube-system metrics-server-86cbb8457f-cxscd 1/1 Running 1 10m
kube-system coredns-6488c6fcc6-vfv5d 1/1 Running 0 10m
kube-system helm-install-traefik-8s9x2 0/1 Completed 0 10m
kube-system svclb-traefik-zk9k9 2/2 Running 0 9m28s
kube-system traefik-799bbc5bd6-znwvw 1/1 Running 0 9m28s
cert-manager cert-manager-cainjector-856d4df858-vwwxt 1/1 Running 0 7m24s
cert-manager cert-manager-66b6d6bf59-pkn4v 1/1 Running 0 7m24s
cert-manager cert-manager-webhook-6d866ffbc7-dhzlh 1/1 Running 0 7m24s
cattle-system rancher-5b8554484f-7kzgm 1/1 Running 0 6m32s
cattle-system helm-operation-vwjfq 0/2 Completed 0 2m31s
cattle-system helm-operation-rlm82 1/2 Error 0 3m31s
cattle-system helm-operation-dk798 0/2 Completed 0 2m17s
fleet-system fleet-controller-79554fcbf5-7bbvs 1/1 Running 0 2m1s
fleet-system gitjob-568c57cfb9-429rz 1/1 Running 0 2m1s
cattle-system helm-operation-c4rdm 0/2 Completed 0 2m8s
rancher-operator-system rancher-operator-595ddc6db9-wntc9 1/1 Running 0 107s
cattle-system helm-operation-zl28w 0/2 Completed 0 117s
cattle-system helm-operation-ztjjh 2/2 Running 0 76s
fleet-system fleet-agent-d59db746-s74z9 1/1 Running 0 65s
cattle-system helm-operation-trz5f 0/2 Completed 0 15s
cattle-system helm-operation-hgqd4 2/2 Running 0 5s
cattle-system rancher-webhook-5cbd989595-bfjfd 1/1 Running 0 68s
kkk
2022 年4 月 11 日 08:53
7
我尝试了这个方法 状态确实正常了 但是CA证书好像并没有生成 pod 也还是一直CrashLoopBackOff
kkk
2022 年4 月 11 日 08:54
8
我的local 集群是 v1.22.6+rke2r1 我去查一下版本兼容性
ksd
2022 年4 月 11 日 09:21
9
2.5.12 支持的最高K8s 版本是 1.20,可以参考: