Installing Rancher 2
It's easy to lose time working on your Kubernetes cluster instead of working with the applications running inside of it. As a developer you want to be coding, not tinkering with systems. At least, that's how I feel.
Kubernetes provides a robust and stable way to run Docker images in production. That's the key selling point for me.
However, Kubernetes is complicated. I have no real desire to learn the ins and outs of Kubernetes. I want to get a stable, maintainable foundation, and move on to developing and deploying robust production software.
Rancher offers this level of freedom to me.
That's why I love it.
And that's why I use it to manage my production pipeline.
Installing Rancher
In order to install Rancher on our cluster we need to tell Kubernetes about Rancher.
This is done using helm
, the tool we initialised in the previous video.
Helm is the package manager for Kubernetes. Rancher is a package.
First, we need to add the Helm Chart Repository for releases of Rancher.
Charts are a unfortunate name for packages. I say unfortunate as I don't have a clue about shipping / boating terms. Helm Charts, to me, sound like something Data might use to navigate the Enterprise. This is a personal gripe, in much the same way that I don't much like PHP Cake framework's bake
, or Laravel's artisanal cheese based nomenclature.
Anyway, we need to tell Kubernetes that Rancher is a thing. So our first command is thusly:
helm repo add rancher-<CHART_REPO> https://releases.rancher.com/server-charts/<CHART_REPO>
Where CHART_REPO
is either latest
or stable
.
Stable sounds ideal for production, so I'm going with that.
In order to make this a little more sane, another shell script seems suitable:
touch bin/install_rancher.sh
chmod +x bin/install_rancher.sh
Into which I'm adding:
#!/bin/sh
CHART_REPO=stable
make helm cmd="repo add rancher-${CHART_REPO} https://releases.rancher.com/server-charts/${CHART_REPO}"
You can immediately run that bad boy:
./bin/install_rancher.sh
"rancher-stable" has been added to your repositories
Choose Your SSL Configuration
Rancher Server is designed to be secure by default and requires SSL/TLS configuration.
There are three options for choosing an SSL configuration.
Everyone's needs are different. I'm opting for the LetsEncrypt install, which like the Rancher Generated Certificates, which means I need to install cert-manager
.
Installing cert-manager
cert-manager
is a Kubernetes addon to automate the management and issuance of TLS certificates from various issuing sources.
It will ensure certificates are valid and up to date periodically, and attempt to renew certificates at an appropriate time before expiry.
I'm just quoting from the Readme here.
You'll need to add another Helm Chart, and
At this point you another entry in bin/install_rancher.sh
:
#!/bin/sh
CHART_REPO=stable
CERT_MANAGER_VERSION=v0.5.2
make helm cmd="repo add rancher-${CHART_REPO} https://releases.rancher.com/server-charts/${CHART_REPO}"
make helm cmd="install stable/cert-manager \
--name cert-manager \
--namespace kube-system \
--version ${CERT_MANAGER_VERSION}"
You might want to check the docs for the latest version of cert-manager
needed by Rancher 2.
Lastly we need to add the entry for installing Rancher, and in our case, the appropriate flags to make use of Lets Encrypt for handling TLS:
make helm cmd="install rancher-${CHART_REPO}/rancher \
--name rancher \
--namespace cattle-system \
--set hostname=rancher.my.org \
--set ingress.tls.source=letsEncrypt \
--set letsEncrypt.email=me@example.org
You need to change the hostname
and letsEncrypt.email
to whatever you are using. These need to be valid.
In my opinion these two aren't worth extracting out into variables. It's very unlikely I will be changing any, any time soon. Hardcoding here, to me, is fine.
We are essentially done with installing Rancher 2 on top of Kubernetes.
./bin/install_rancher.sh
"rancher-stable" has been added to your repositories
NAME: cert-manager
LAST DEPLOYED: Sun Feb 10 21:10:20 2019
NAMESPACE: kube-system
STATUS: DEPLOYED
RESOURCES:
==> v1beta1/Deployment
NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
cert-manager 1 1 1 0 0s
==> v1/Pod(related)
NAME READY STATUS RESTARTS AGE
cert-manager-7d4bfc44ff-d65xl 0/1 ContainerCreating 0 0s
==> v1/ServiceAccount
NAME SECRETS AGE
cert-manager 1 0s
==> v1beta1/ClusterRole
NAME AGE
cert-manager 0s
==> v1beta1/ClusterRoleBinding
NAME AGE
cert-manager 0s
NOTES:
cert-manager has been deployed successfully!
In order to begin issuing certificates, you will need to set up a ClusterIssuer
or Issuer resource (for example, by creating a 'letsencrypt-staging' issuer).
More information on the different types of issuers and how to configure them
can be found in our documentation:
https://cert-manager.readthedocs.io/en/latest/reference/issuers.html
For information on how to configure cert-manager to automatically provision
Certificates for Ingress resources, take a look at the `ingress-shim`
documentation:
https://cert-manager.readthedocs.io/en/latest/reference/ingress-shim.html
NAME: rancher
LAST DEPLOYED: Sun Feb 10 21:10:23 2019
NAMESPACE: cattle-system
STATUS: DEPLOYED
RESOURCES:
==> v1alpha1/Issuer
NAME AGE
rancher 0s
==> v1/Pod(related)
NAME READY STATUS RESTARTS AGE
rancher-5dc9f9b886-6dr2r 0/1 ContainerCreating 0 0s
rancher-5dc9f9b886-g8gmx 0/1 ContainerCreating 0 0s
rancher-5dc9f9b886-gdclc 0/1 ContainerCreating 0 0s
==> v1/ServiceAccount
NAME SECRETS AGE
rancher 1 1s
==> v1/ClusterRoleBinding
NAME AGE
rancher 0s
==> v1/Service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
rancher ClusterIP 10.43.107.41 <none> 80/TCP 0s
==> v1/Deployment
NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
rancher 3 3 3 0 0s
==> v1beta1/Ingress
NAME HOSTS ADDRESS PORTS AGE
rancher rancher2.a6software.co.uk 80, 443 0s
NOTES:
Rancher Server has been installed.
NOTE: Rancher may take several minutes to fully initialize. Please standby while Certificates are being issued and Ingress comes up.
Check out our docs at https://rancher.com/docs/rancher/v2.x/en/
Browse to https://rancher2.a6software.co.uk
Happy Containering!
With that process complete, we can validate the status of Rancher:
make kubectl cmd="-n cattle-system rollout status deploy/rancher"
deployment "rancher" successfully rolled out
And at last, we are done.
You should now have the beginnings of a Rancher 2 managed Kubernetes HA cluster. As mentioned several times in throughout this tutorial, this should be considered a basic starting point, not a production ready cluster. This is ideal for learning, for practicing, and for people interested in self hosting.
I'd be really interested to hear your thoughts and opinions of the various methods and process used in this tutorial. We have managed to use Docker for pretty much everything. We've covered Terraform for reliably provisioning cloud infrastructure, and Ansible for ensuring each of our servers has the requested software, users, and firewall settings.
At the end of this process I was left with the question of whether self hosting a Kubernetes cluster is a good use of my time. Companies like Digital Ocean offer managed Kubernetes services, where we as developers simply need to provide appropriate workers. Due to the way Kubernetes integrates with specific providers, is this a better approach?
Please do let me know your thoughts and opinions by leaving a comment below, or on any of the other relevant videos in this series.
Thank you very much for watching, and I hope you have found this information to be useful.