Infrastructure at your Service

Daniel Westermann

Rancher, up and running, on EC2 – 3 – Rancher setup

The is the next post in this little Rancher series. After we installed a single node RKE cluster and extended this configurtation to three nodes we will finally install Rancher in this post.

As Rancher is installed with Helm we need to install that first:

[email protected]:~$ wget https://get.helm.sh/helm-v3.5.2-linux-amd64.tar.gz
[email protected]:~$ tar axf helm-v3.5.2-linux-amd64.tar.gz 
[email protected]:~$ sudo mv linux-amd64/helm /usr/local/bin/
[email protected]:~$ sudo chown rancher:rancher /usr/local/bin/helm
[email protected]:~$ sudo chmod 770 /usr/local/bin/helm
[email protected]:~$ helm version
WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: kube_config_cluster.yml
version.BuildInfo{Version:"v3.5.2", GitCommit:"167aac70832d3a384f65f9745335e9fb40169dc2", GitTreeState:"dirty", GoVersion:"go1.15.7"}
[email protected]:~$ chmod 700 kube_config_cluster.yml 
[email protected]:~$ helm version
version.BuildInfo{Version:"v3.5.2", GitCommit:"167aac70832d3a384f65f9745335e9fb40169dc2", GitTreeState:"dirty", GoVersion:"go1.15.7"}

The namespace for Ranger is “cattle-system” so we need to create it:

[email protected]:~$ kubectl create namespace cattle-system
namespace/cattle-system created
[email protected]:~$ kubectl get namespace
NAME              STATUS   AGE
cattle-system     Active   23s
default           Active   5m25s
ingress-nginx     Active   4m38s
kube-node-lease   Active   5m27s
kube-public       Active   5m27s
kube-system       Active   5m27s

When it comes to certificates with Ranger you have three options:

  • Rancher Generated Certificates (Default)
  • Let’s Encrypt
  • Certificates from Files

As this envronment is just for demo purposes we’ll be using the default, which is a self signed certificate. For this to work we need to install cert-manager:

[email protected]:~$ kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v1.0.4/cert-manager.crds.yaml
customresourcedefinition.apiextensions.k8s.io/certificaterequests.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/certificates.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/challenges.acme.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/clusterissuers.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/issuers.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/orders.acme.cert-manager.io created
[email protected]:~$ kubectl create namespace cert-manager
namespace/cert-manager created
[email protected]:~$ helm repo add jetstack https://charts.jetstack.io
WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /home/rancher/kube_config_cluster.yml
"jetstack" has been added to your repositories
[email protected]:~$ helm repo update
WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /home/rancher/kube_config_cluster.yml
Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "jetstack" chart repository
...Successfully got an update from the "rancher-stable" chart repository
Update Complete. ⎈Happy Helming!⎈
[email protected]:~$ helm install cert-manager jetstack/cert-manager --namespace cert-manager --version v1.0.4
WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /home/rancher/kube_config_cluster.yml
NAME: cert-manager
LAST DEPLOYED: Tue Mar  9 10:05:10 2021
NAMESPACE: cert-manager
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
cert-manager has been deployed successfully!

In order to begin issuing certificates, you will need to set up a ClusterIssuer
or Issuer resource (for example, by creating a 'letsencrypt-staging' issuer).

More information on the different types of issuers and how to configure them
can be found in our documentation:

https://cert-manager.io/docs/configuration/

For information on how to configure cert-manager to automatically provision
Certificates for Ingress resources, take a look at the `ingress-shim`
documentation:

https://cert-manager.io/docs/usage/ingress/

This deployment can take some, so please monitor the pods until they are ready:

[email protected]:~$ kubectl get pods --namespace cert-manager
NAME                                       READY   STATUS    RESTARTS   AGE
cert-manager-75dbbd5d6-986cb               1/1     Running   0          49s
cert-manager-cainjector-85c559fd6c-td5nh   1/1     Running   0          49s
cert-manager-webhook-6c77dfbdb8-wqg9c      1/1     Running   0          49s

For installing Rancher with Helm we need the Rancher repository:

[email protected]:~$ helm repo add rancher-stable https://releases.rancher.com/server-charts/stable 
"rancher-stable" has been added to your repositories
[email protected]:~$ helm repo update
Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "rancher-stable" chart repository
Update Complete. ⎈Happy Helming!⎈

Finally, install Ranger:

[email protected]:~$ helm install rancher rancher-stable/rancher --version v2.5.6 --namespace cattle-system --set hostname=ranger.it.dbi-services.com
NAME: rancher
LAST DEPLOYED: Tue Mar  9 07:25:23 2021
NAMESPACE: cattle-system
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
Rancher Server has been installed.

NOTE: Rancher may take several minutes to fully initialize. Please standby while Certificates are being issued and Ingress comes up.

Check out our docs at https://rancher.com/docs/rancher/v2.x/en/

Browse to https://ranger.it.dbi-services.com

Happy Containering!

Wait for the deployment to complete:

[email protected]:~$ kubectl get deployments --namespace cattle-system
NAME      READY   UP-TO-DATE   AVAILABLE   AGE
rancher   3/3     3            3           117s

Get the Rancher endpoints:

[email protected]:~$ kubectl -n cattle-system  get ep rancher -o wide
NAME      ENDPOINTS                                             AGE
rancher   10.42.0.11:80,10.42.1.9:80,10.42.2.8:80 + 3 more...   51m

Pointing your browser to one of the endpoints should bring you to the Rancher GUI:

Set your password and options:

Ignore the following warning, this is just a playground:

… and you’re in:

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Daniel Westermann
Daniel Westermann

Principal Consultant & Technology Leader Open Infrastructure