RancherCLIからマルチクラスタデプロイを行う

12355 ワード
rancher kubernetes kubernetes テキストリンク

概要

k3sのようなエッジデバイスに対して、Rancherで統合管理してアプリをデプロイしたいと思います。
Rancherの画面上からでもGlobal→AppsからLanchでデプロイすれば可能なのですが、
デバイスの数が増えたときに画面では操作しきれないのでCLIでの操作を覚えます。

CLIの準備

Rancher画面の右下からダウンロードします。

ダウンロードしたファイルを展開します。(mac/linuxの例)

tar xvzf rancher-darwin-amd64-v2.3.2.tar.gz

お好みで.bash_profileなどにパスの追加なども行いましょう。

CLIでログイン

Rancherの画面からキーを発行



CLIでログイン

発行したBearerTokenを設定してログイン

rancher login https://xxx.xxx.xxx.xxx/ -t token-bjbph:9rh....

これでCLIで操作するための準備が完了。

マルチクラスタデプロイ

まずはCLIでできる一覧を出してみる。

demo:project demo$ rancher -h
Rancher CLI, managing containers one UTF-8 character at a time

Usage: rancher [OPTIONS] COMMAND [arg...]

Version: v2.3.2

Options:
  --debug        Debug logging
  --help, -h     show help
  --version, -v  print the version

Commands:
  apps, [app]                                       Operations with apps. Uses helm. Flags prepended with "helm" can also be accurately described by helm documentation.
  catalog                                           Operations with catalogs
  clusters, [cluster]                               Operations on clusters
  context                                           Operations for the context
  globaldns                                         Operations on global DNS providers and entries
  inspect                                           View details of resources
  kubectl                                           Run kubectl commands
  login, [l]                                        Login to a Rancher server
  multiclusterapps, [multiclusterapp mcapps mcapp]  Operations with multi-cluster apps
  namespaces, [namespace]                           Operations on namespaces
  nodes, [node]                                     Operations on nodes
  projects, [project]                               Operations on projects
  ps                                                Show workloads in a project
  server                                            Operations for the server
  settings, [setting]                               Show settings for the current server
  ssh                                               SSH into a node
  up                                                apply compose config
  wait                                              Wait for resources cluster, app, project, multiClusterApp
  help, [h]                                         Shows a list of commands or help for one command

次にmulticlusterapps(mcapps/mcappでも可)

demo:project demo$ rancher mcapps -h
Operations with multi-cluster apps

Usage:
   rancher multiclusterapps command [command options] [arguments...]

Commands:
     ls                  List multi-cluster apps
     delete              Delete a multi-cluster app
     install             Install a multi-cluster app
     rollback            Rollback a multi-cluster app to a previous version
     upgrade             Upgrade an app to a newer version
     add-project         Add target projects to a multi-cluster app
     delete-project      Delete target projects from a multi-cluster app
     add-member          Add members to a multi-cluster app
     delete-member       Delete members from a multi-cluster app
     list-members, lm    List current members of a multi-cluster app
     list-answers, la    List current answers of a multi-cluster app
     list-templates, lt  List templates available for installation
     show-template, st   Show versions available to install for an app template
     show-app, sa        Show an app's available versions and revisions

Options:
   --format value, -o value  'json', 'yaml' or custom format
   --quiet, -q               Only display IDs
   --help, -h                show help

さらにinstallコマンドの中を見る

demo:project demo$ rancher mcapps install -h
Install a multi-cluster app

Install a multi-cluster app in the current Rancher server. This defaults to the newest version of the app template.
Specify a version using '--version' if required.

Example:
  # Install the redis template with no other options
  $ rancher multiclusterapp install redis appFoo

  # Install the redis template and specify an answers file location
  $ rancher multiclusterapp install --answers /example/answers.yaml redis appFoo

  # Install the redis template and set multiple answers and the version to install
  $ rancher multiclusterapp install --set foo=bar --set baz=bunk --version 1.0.1 redis appFoo

  # Install the redis template and set target projects to install
  $ rancher multiclusterapp install --target mycluster:Default --target c-98pjr:p-w6c5f redis appFoo

  # Block cli until installation has finished or encountered an error. Use after multiclusterapp install.
  $ rancher wait <multiclusterapp-id>

Usage: 
  rancher multiclusterapps install [OPTIONS] [TEMPLATE_NAME, APP_NAME]...

Options:
   --answers value, -a value       Path to an answers file, the format of the file is a map with key:value. This supports JSON and YAML.
   --values value                  Path to a helm values file.
   --set value                     Set answers for the template, can be used multiple times. You can set overriding answers for specific clusters or projects by providing cluster ID or project ID as the prefix. Example: --set foo=bar --set c-rvcrl:foo=bar --set c-rvcrl:p-8w2x8:foo=bar
   --version value                 Version of the template to use
   --no-prompt                     Suppress asking questions and use the default values when required answers are not provided
   --target value, -t value        Target project names/ids to install the app into
   --role value                    Set roles required to launch/manage the apps in target projects. For example, set "project-member" role when the app needs to manage resources in the projects in which it is deployed. Or set "cluster-owner" role when the app needs to manage resources in the clusters in which it is deployed. (default: "project-member")
   --member value                  Set members of the app, with the same access type defined by --member-access-type
   --member-access-type value      Access type of the members. Specify only one value, and it applies to all members defined by --member. Valid options are 'owner', 'member' and 'read-only' (default: "owner")
   --upgrade-strategy value        Strategy for upgrade. Valid options are "rolling-update" and "simultaneously" (default: "simultaneously")
   --upgrade-batch-size value      The number of apps in target projects to be upgraded at a time.  Only used if --upgrade-strategy is rolling-update. (default: 1)
   --upgrade-batch-interval value  The number of seconds between updating the next app during upgrade.  Only used if --upgrade-strategy is rolling-update. (default: 1)
   --helm-timeout value            Amount of time for helm to wait for k8s commands (default is 300 secs). Example: --helm-timeout 600 (default: 300)
   --helm-wait                     Helm will wait for as long as timeout value, for installed resources to be ready (pods, PVCs, deployments, etc.). Example: --helm-wait

これでいけそうなので、テスト。まずは対象となるプロジェクトを洗い出しておく。

demo:project demo$ rancher context switch
NUMBER    CLUSTER NAME   PROJECT ID        PROJECT NAME   PROJECT DESCRIPTION
1         gke-cluster1   c-6zc8c:p-4429z   Default        Default project created for the cluster
2         gke-cluster1   c-6zc8c:p-x24pp   System         System project created for the cluster
3         raspberrypi4   c-pnsvk:p-hm4xg   Default        Default project created for the cluster
4         raspberrypi4   c-pnsvk:p-jbb8l   System         System project created for the cluster
5         gke-cluster2   c-xknk6:p-7sggn   Default        Default project created for the cluster
6         gke-cluster2   c-xknk6:p-lmdsz   System         System project created for the cluster
7         raspberrypi3   c-zl5v2:p-9vgrp   Default        Default project created for the cluster
8         raspberrypi3   c-zl5v2:p-rtj9x   System         System project created for the cluster

デフォルトで使えるHelmChartも洗い出しておく。

demo:project demo$ rancher mcapps lt
ID                                                             NAME                                CATEGORY
cattle-global-data:library-artifactory-ha                      artifactory-ha                      repository
cattle-global-data:library-artifactory-jcr                     artifactory-jcr                     repository
cattle-global-data:library-cert-manager                        cert-manager                        
cattle-global-data:library-chartmuseum                         chartmuseum                         
cattle-global-data:library-citrix-k8s-cpx-ingress-controller   citrix-k8s-cpx-ingress-controller   
...
cattle-global-data:library-redis                               redis                               Database,KeyValue
...

gke-cluster1とgke-cluster2のDefaultプロジェクトにRedisをインストールしてみます。

rancher mcapps install -t c-6zc8c:p-4429z -t c-xknk6:p-7sggn --version 9.0.2 redis multi-redis

設定は全部デフォルトのままEnterキーを押しまくると、無事インストールされました。

demo:project demo$ rancher mcapps 
ID                               NAME          STATE     VERSION   TARGET_PROJECTS
cattle-global-data:multi-redis   multi-redis   active    9.0.2     gke-cluster1:Default,gke-cluster2:Default

特定のプロジェクトを外す

demo:project demo$ rancher mcapps delete-project multi-redis c-xknk6:p-7sggn

demo:project demo$ rancher mcapps 
ID                               NAME          STATE     VERSION   TARGET_PROJECTS
cattle-global-data:multi-redis   multi-redis   active    9.0.2     gke-cluster1:Default

ちゃんと外れますね。

おわりに

マルチクラスタデプロイの基本的な操作をCLIでやってみました。
CLIの操作なら対象デバイスが増えてもテキスト管理できるし、自動化もできそう。
全台にアプリを配布とか、グルーピングして配布とか、一部のクラスタのみ切り離して別バージョンを入れてみるとか(カナリアリリース的な)も自在にできるのでいろんな業務要件にも対応できますね。