Installing Rancher 2


It's easy to lose time working on your Kubernetes cluster instead of working with the applications running inside of it. As a developer you want to be coding, not tinkering with systems. At least, that's how I feel.

Kubernetes provides a robust and stable way to run Docker images in production. That's the key selling point for me.

However, Kubernetes is complicated. I have no real desire to learn the ins and outs of Kubernetes. I want to get a stable, maintainable foundation, and move on to developing and deploying robust production software.

Rancher offers this level of freedom to me.

That's why I love it.

And that's why I use it to manage my production pipeline.

Installing Rancher

In order to install Rancher on our cluster we need to tell Kubernetes about Rancher.

This is done using helm, the tool we initialised in the previous video.

Helm is the package manager for Kubernetes. Rancher is a package.

First, we need to add the Helm Chart Repository for releases of Rancher.

Charts are a unfortunate name for packages. I say unfortunate as I don't have a clue about shipping / boating terms. Helm Charts, to me, sound like something Data might use to navigate the Enterprise. This is a personal gripe, in much the same way that I don't much like PHP Cake framework's bake, or Laravel's artisanal cheese based nomenclature.

Anyway, we need to tell Kubernetes that Rancher is a thing. So our first command is thusly:

helm repo add rancher-<CHART_REPO> https://releases.rancher.com/server-charts/<CHART_REPO>

Where CHART_REPO is either latest or stable.

Stable sounds ideal for production, so I'm going with that.

In order to make this a little more sane, another shell script seems suitable:

touch bin/install_rancher.sh
chmod +x bin/install_rancher.sh

Into which I'm adding:

#!/bin/sh

CHART_REPO=stable

make helm cmd="repo add rancher-${CHART_REPO} https://releases.rancher.com/server-charts/${CHART_REPO}"

You can immediately run that bad boy:

./bin/install_rancher.sh

"rancher-stable" has been added to your repositories

Choose Your SSL Configuration

Rancher Server is designed to be secure by default and requires SSL/TLS configuration.

There are three options for choosing an SSL configuration.

Everyone's needs are different. I'm opting for the LetsEncrypt install, which like the Rancher Generated Certificates, which means I need to install cert-manager.

Installing cert-manager

cert-manager is a Kubernetes addon to automate the management and issuance of TLS certificates from various issuing sources.

It will ensure certificates are valid and up to date periodically, and attempt to renew certificates at an appropriate time before expiry.

I'm just quoting from the Readme here.

You'll need to add another Helm Chart, and

At this point you another entry in bin/install_rancher.sh:

#!/bin/sh

CHART_REPO=stable
CERT_MANAGER_VERSION=v0.5.2

make helm cmd="repo add rancher-${CHART_REPO} https://releases.rancher.com/server-charts/${CHART_REPO}"

make helm cmd="install stable/cert-manager \
  --name cert-manager \
  --namespace kube-system \
  --version ${CERT_MANAGER_VERSION}"

You might want to check the docs for the latest version of cert-manager needed by Rancher 2.

Lastly we need to add the entry for installing Rancher, and in our case, the appropriate flags to make use of Lets Encrypt for handling TLS:

make helm cmd="install rancher-${CHART_REPO}/rancher \
  --name rancher \
  --namespace cattle-system \
  --set hostname=rancher.my.org \
  --set ingress.tls.source=letsEncrypt \
  --set letsEncrypt.email=me@example.org

You need to change the hostname and letsEncrypt.email to whatever you are using. These need to be valid.

In my opinion these two aren't worth extracting out into variables. It's very unlikely I will be changing any, any time soon. Hardcoding here, to me, is fine.

We are essentially done with installing Rancher 2 on top of Kubernetes.

./bin/install_rancher.sh                             
"rancher-stable" has been added to your repositories
NAME:   cert-manager
LAST DEPLOYED: Sun Feb 10 21:10:20 2019
NAMESPACE: kube-system
STATUS: DEPLOYED

RESOURCES:
==> v1beta1/Deployment
NAME          DESIRED  CURRENT  UP-TO-DATE  AVAILABLE  AGE
cert-manager  1        1        1           0          0s

==> v1/Pod(related)
NAME                           READY  STATUS             RESTARTS  AGE
cert-manager-7d4bfc44ff-d65xl  0/1    ContainerCreating  0         0s

==> v1/ServiceAccount
NAME          SECRETS  AGE
cert-manager  1        0s

==> v1beta1/ClusterRole
NAME          AGE
cert-manager  0s

==> v1beta1/ClusterRoleBinding
NAME          AGE
cert-manager  0s

NOTES:
cert-manager has been deployed successfully!

In order to begin issuing certificates, you will need to set up a ClusterIssuer
or Issuer resource (for example, by creating a 'letsencrypt-staging' issuer).

More information on the different types of issuers and how to configure them
can be found in our documentation:

https://cert-manager.readthedocs.io/en/latest/reference/issuers.html

For information on how to configure cert-manager to automatically provision
Certificates for Ingress resources, take a look at the `ingress-shim`
documentation:

https://cert-manager.readthedocs.io/en/latest/reference/ingress-shim.html

NAME:   rancher
LAST DEPLOYED: Sun Feb 10 21:10:23 2019
NAMESPACE: cattle-system
STATUS: DEPLOYED

RESOURCES:
==> v1alpha1/Issuer
NAME     AGE
rancher  0s

==> v1/Pod(related)
NAME                      READY  STATUS             RESTARTS  AGE
rancher-5dc9f9b886-6dr2r  0/1    ContainerCreating  0         0s
rancher-5dc9f9b886-g8gmx  0/1    ContainerCreating  0         0s
rancher-5dc9f9b886-gdclc  0/1    ContainerCreating  0         0s

==> v1/ServiceAccount
NAME     SECRETS  AGE
rancher  1        1s

==> v1/ClusterRoleBinding
NAME     AGE
rancher  0s

==> v1/Service
NAME     TYPE       CLUSTER-IP    EXTERNAL-IP  PORT(S)  AGE
rancher  ClusterIP  10.43.107.41  <none>       80/TCP   0s

==> v1/Deployment
NAME     DESIRED  CURRENT  UP-TO-DATE  AVAILABLE  AGE
rancher  3        3        3           0          0s

==> v1beta1/Ingress
NAME     HOSTS                      ADDRESS  PORTS  AGE
rancher  rancher2.a6software.co.uk  80, 443  0s

NOTES:
Rancher Server has been installed.

NOTE: Rancher may take several minutes to fully initialize. Please standby while Certificates are being issued and Ingress comes up.

Check out our docs at https://rancher.com/docs/rancher/v2.x/en/

Browse to https://rancher2.a6software.co.uk

Happy Containering!

With that process complete, we can validate the status of Rancher:

make kubectl cmd="-n cattle-system rollout status deploy/rancher"

deployment "rancher" successfully rolled out

And at last, we are done.

You should now have the beginnings of a Rancher 2 managed Kubernetes HA cluster. As mentioned several times in throughout this tutorial, this should be considered a basic starting point, not a production ready cluster. This is ideal for learning, for practicing, and for people interested in self hosting.

I'd be really interested to hear your thoughts and opinions of the various methods and process used in this tutorial. We have managed to use Docker for pretty much everything. We've covered Terraform for reliably provisioning cloud infrastructure, and Ansible for ensuring each of our servers has the requested software, users, and firewall settings.

At the end of this process I was left with the question of whether self hosting a Kubernetes cluster is a good use of my time. Companies like Digital Ocean offer managed Kubernetes services, where we as developers simply need to provide appropriate workers. Due to the way Kubernetes integrates with specific providers, is this a better approach?

Please do let me know your thoughts and opinions by leaving a comment below, or on any of the other relevant videos in this series.

Thank you very much for watching, and I hope you have found this information to be useful.

Episodes