- RKE2 - Security focused Kubernetes
- Rancher - Multi-Cluster Kubernetes Management
- Longhorn - Unified storage layer
We will need a few tools for this guide. We will walk through how to install helm
and kubectl
.
A longer version of this install : Can a 12 y/o install the Rancher Stack?
The prerequisites are fairly simple. We need a linux servers with access to the internet. We just need an ssh
client to connect to the server. The recommended size of the node is 8 Cores and 16GB of memory with at least 100GB of storage.
name | ip | memory | core | disk | os |
---|---|---|---|---|---|
rancher | 142.93.189.52 | 16384 | 8 | 160 | Rocky 9.3 x64 |
Rocky:
# Rocky instructions
# stop the software firewall
systemctl disable --now firewalld
# get updates, install nfs, and apply
yum install -y nfs-utils cryptsetup iscsi-initiator-utils
# enable iscsi for Longhorn
systemctl enable --now iscsid.service
# update all the things
yum update -y
# clean up
yum clean all
Cool, lets move on to the RKE2.
Curl all the things.
# On rancher1
curl -sfL https://get.rke2.io | INSTALL_RKE2_CHANNEL=v1.28 INSTALL_RKE2_TYPE=server sh -
# start and enable for restarts -
systemctl enable --now rke2-server.service
Perfect! Now we can start talking Kubernetes. We need to symlink the kubectl
cli on rancher1
that gets installed from RKE2.
# symlink all the things - kubectl
ln -s $(find /var/lib/rancher/rke2/data/ -name kubectl) /usr/local/bin/kubectl
# add kubectl conf with persistence, as per Duane
echo "export KUBECONFIG=/etc/rancher/rke2/rke2.yaml PATH=$PATH:/usr/local/bin/:/var/lib/rancher/rke2/bin/" >> ~/.bashrc
source ~/.bashrc
# check node status
kubectl get node
For Rancher we will need Helm. We are going to live on the edge! Here are the install docs for reference.
# on the server rancher1
# add helm
curl -#L https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash
# add needed helm charts
helm repo add rancher-latest https://releases.rancher.com/server-charts/latest
helm repo add jetstack https://charts.jetstack.io
Quick note about Rancher. Rancher needs jetstack/cert-manager to create the self signed TLS certificates. We need to install it with the Custom Resource Definition (CRD). Please pay attention to the helm
install for Rancher. The URLrancher.142.93.189.52.nip.io
will need to be changed to fit your FQDN. Also notice I am setting the bootstrapPassword
and replicas. This allows us to skip a step later. :D
# helm install jetstack
helm upgrade -i cert-manager jetstack/cert-manager -n cert-manager --create-namespace --set installCRDs=true
# helm install rancher
helm upgrade -i rancher rancher-latest/rancher --create-namespace --namespace cattle-system --set hostname=rancher.142.93.189.52.nip.io --set bootstrapPassword=bootStrapAllTheThings --set replicas=1
We can also run a kubectl get pod -A
to see if everything is running. Keep in mind it may take a minute or so for all the pods to come up. GUI time...
Navigate to https://rancher.142.93.189.52.nip.io the password is bootStrapAllTheThings
.
Once past that you should see the following screen asking about the password. Remember the helm install? bootStrapAllTheThings
is the password.
We need to validate the Server URL and accept the terms and conditions. And we are in!
Let's take a second and talk about Ranchers Multi-cluster design. Bottom line, Rancher can operate in a Spoke and Hub model. Meaning one k8s cluster for Rancher and then "downstream" clusters for all the workloads. Personally I prefer the decoupled model where there is only one cluster per Rancher install. This allows for continued manageability during networks outages. For the purpose of the is guide we are concentrate on the single cluster deployment. There is good documentation on "importing" downstream clusters.
We are going to use the App Catalog built into Rancher to deploy.
tada!
For more fun check out my list of other content and videos at https://rfed.io/links.
Yes. you will need to add the root CA to both. you will have to add it. Especially since your proxy is re-certing the connection.