Rancher Server 设置
- Rancher 版本:2.7.1
- 安装选项:
- Helm高可用安装
- Local 集群的类型:RKE2 版本v1.25.9+rke2r2
- 在线或离线部署:离线部署
主机操作系统:
Centos7.9 x64
背景:
1、RKE2上通过Helm离线安装好Rancher2.7.1后,pod启动成功,cattle-system命名空间rancher POD运行正常。外部TLS终止方式通过Nginx服务代理出去,RKE2集群Nginx-ingress配置文件如下:
/var/lib/rancher/rke2/server/manifests/rke2-ingress-nginx-config.yaml
apiVersion: helm.cattle.io/v1
kind: HelmChartConfig
metadata:
name: rke2-ingress-nginx
namespace: kube-system
spec:
valuesContent: |-
controller:
config:
use-forwarded-headers: “true”
Nginx配置如下:
worker_processes 4;
worker_rlimit_nofile 40000;
events {
worker_connections 8192;
}
http {
upstream rancher {
server IP_NODE_1:80;
server IP_NODE_2:80;
server IP_NODE_3:80;
}
map $http_upgrade $connection_upgrade {
default Upgrade;
'' close;
}
server {
listen 443 ssl http2;
server_name FQDN;
ssl_certificate /certs/fullchain.pem;
ssl_certificate_key /certs/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://rancher;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
# 此项允许执行的 shell 窗口保持开启,最长可达15分钟。不使用此参数的话,默认1分钟后自动关闭。
proxy_read_timeout 900s;
proxy_buffering off;
}
}
server {
listen 80;
server_name FQDN;
return 301 https://$server_name$request_uri;
}
}
2、通过web页面访问rancher,在页面命令提示的获取随机密码登录时,一直在转圈圈,然后外部Nginx
的access日志如下:
日志
10.3.154.251 - - [13/Jun/2023:10:02:21 +0800] “POST /v3-public/localProviders/local?action=login HTTP/2.0” 200 0 “https://xxhrancher.domain.com/dashboard/auth/login” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36”
10.3.154.251 - - [13/Jun/2023:10:02:21 +0800] “GET /v3/users?me=true HTTP/2.0” 200 414 “https://xxhrancher.domain.com/dashboard/auth/login” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36”
10.3.154.251 - - [13/Jun/2023:10:02:21 +0800] “GET /api/v1/namespaces/cattle-ui-plugin-system/services/http:ui-plugin-operator:80/proxy/index.json HTTP/2.0” 403 402 “https://xxhrancher.domain.com/dashboard/auth/login” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36”
10.3.154.251 - - [13/Jun/2023:10:02:21 +0800] “GET /dashboard/_nuxt/d652e0e7e361584334de.js HTTP/2.0” 200 7289 “https://xxhrancher.domain.com/dashboard/auth/login” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36”
10.3.154.251 - - [13/Jun/2023:10:02:21 +0800] “GET /v1/management.cattle.io.setting HTTP/2.0” 502 552 “https://xxhrancher.domain.com/dashboard/auth/login” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36”
10.3.154.251 - - [13/Jun/2023:10:02:21 +0800] “GET /v3/users?me=true HTTP/2.0” 200 414 “https://xxhrancher.domain.com/dashboard/auth/login” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36”
10.3.154.251 - - [13/Jun/2023:10:02:21 +0800] “GET /v1/management.cattle.io.setting HTTP/2.0” 502 552 “https://xxhrancher.domain.com/dashboard/auth/login” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36”
10.3.154.251 - - [13/Jun/2023:10:02:21 +0800] “GET /v3/settings/ui-pl HTTP/2.0” 200 255 “https://xxhrancher.domain.com/dashboard/auth/login” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36”
10.3.154.251 - - [13/Jun/2023:10:02:21 +0800] “GET /v3/principals HTTP/2.0” 200 420 “https://xxhrancher.domain.com/dashboard/auth/login” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36”
10.3.154.251 - - [13/Jun/2023:10:02:21 +0800] “GET /v1/management.cattle.io.feature/multi-cluster-management HTTP/2.0” 502 552 “https://xxhrancher.domain.com/dashboard/auth/login” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36”
10.3.154.251 - - [13/Jun/2023:10:02:21 +0800] “GET /favicon.png HTTP/2.0” 200 787 “https://xxhrancher.domain.com/dashboard/auth/setup” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36”
10.3.154.251 - - [13/Jun/2023:10:02:21 +0800] “GET /v1/management.cattle.io.setting HTTP/2.0” 502 552 “https://xxhrancher.domain.com/dashboard/auth/setup” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36”
10.3.157.191 - - [13/Jun/2023:10:02:23 +0800] “GET /v3/connect HTTP/1.1” 401 21 “-” “Go-http-client/1.1”
10.3.157.191 - - [13/Jun/2023:10:02:23 +0800] “GET /v3/connect HTTP/1.1” 401 21 “-” “Go-http-client/1.1”
10.3.157.191 - - [13/Jun/2023:10:02:23 +0800] “GET /v3/connect HTTP/1.1” 400 17 “-” “Go-http-client/1.1”
10.3.157.191 - - [13/Jun/2023:10:02:23 +0800] “GET /v3/connect HTTP/1.1” 400 17 “-” “Go-http-client/1.1”
10.3.157.193 - - [13/Jun/2023:10:02:25 +0800] “GET /version HTTP/2.0” 401 129 “-” “fleetagent/v0.0.0 (linux/amd64) kubernetes/$Format”
10.3.157.193 - - [13/Jun/2023:10:02:25 +0800] “GET /version HTTP/2.0” 401 129 “-” “rancher-system-agent/v0.0.0 (linux/amd64) kubernetes/$Format”
10.3.157.191 - - [13/Jun/2023:10:02:28 +0800] “GET /v3/connect HTTP/1.1” 401 21 “-” “Go-http-client/1.1”
10.3.157.191 - - [13/Jun/2023:10:02:28 +0800] “GET /v3/connect HTTP/1.1” 401 21 “-” “Go-http-client/1.1”
10.3.157.194 - - [13/Jun/2023:10:02:32 +0800] “GET /version HTTP/2.0” 401 129 “-” “rancher-system-agent/v0.0.0 (linux/amd64) kubernetes/$Format”
10.3.157.192 - - [13/Jun/2023:10:02:32 +0800] “GET /version HTTP/2.0” 401 129 “-” “rancher-system-agent/v0.0.0 (linux/amd64) kubernetes/$Format”
10.3.157.191 - - [13/Jun/2023:10:02:32 +0800] “GET /version HTTP/2.0” 401 129 “-” “rancher-system-agent/v0.0.0 (linux/amd64) kubernetes/$Format”
10.3.157.191 - - [13/Jun/2023:10:02:33 +0800] “GET /v3/connect HTTP/1.1” 401 21 “-” “Go-http-client/1.1”
10.3.157.191 - - [13/Jun/2023:10:02:33 +0800] “GET /v3/connect HTTP/1.1” 401 21 “-” “Go-http-client/1.1”
10.3.157.191 - - [13/Jun/2023:10:02:33 +0800] “GET /v3/connect HTTP/1.1” 400 17 “-” “Go-http-client/1.1”
10.3.157.191 - - [13/Jun/2023:10:02:33 +0800] “GET /v3/connect HTTP/1.1” 400 17 “-” “Go-http-client/1.1”