• Rancher server - manages and provisions kubernetes clusters
• RKE (Rancher Kubernetes Engine) - fully compliant distribution
• K3s (Lightweight Kubernetes) - fully compliant distribution, newer, easier, more lightweight
• RKE2 - has security and compliance for government use

RKE	needs docker
k3s	does NOT need docker
RKE2	does NOT need docker

Rancher Server

Run rancher server in docker:

sudo docker run –privileged -d –restart=unless-stopped -p 80:80 -p 443:443 rancher/rancher

• Acess Web GUI: https://192.168.3.231
• Get key from logs and spedify in web GUI setup
• Specify FQDN for hostname: kube-test1.lab.net

NOTE:

• installs K3s by default ( for local cluster )
• provision worker node VMs
• interact with kubctl
• can access kubectl CLI directly from web UI ( a button )
• node IP for default k3s cluster is not host that rancher was isntalled on, just the container that rancher was installed on

Rancher default cluster:

• k3s cluster but NOT a normal k3s cluster
• k3s cluster run as containers within the rancher container
• container within a container ( why privileged mode was needed to run the container for Rancher )

Get config directly from UI ( copy button ) and paste in here for kubectl to work from any host

vi .kube/config

Can exec into rancher container and:

• run kubectl commands
• view k3s logs

Create a cluster in a hosted Kubernetes provider

• Amazon EKS
• Azure AKS
• google GKE

Provision new nodes and create a cluster using RKE/RKE2/K3s

• Amazon EC2
• Azure
• DigitalOcean
• Harvester <= !
• Linode
• VMware vSphere

Use existing nodes and create a cluster using RKE/RKE2/K3s

• Custom

K3s

curl -sfL https://get.k3s.io | sh -
systemctl status k3s
sudo kubectl get all -n kube-system
sudo chmod 644 /etc/rancher/k3s/k3s.yaml  # no sudo for kubectl commands, doesn't work for everything
/usr/local/bin/k3s-uninstall.sh           # uninstall

This command exists:

k3s

• k3s comes with helm

Config file:

vi /etc/rancher/k3s/k3s.yaml

Get context for kubectl:

• K3s client config:
• on server: /etc/rancher/k3s/k3s.yaml
• copy to client here: .kube/config
• k3s still needs to serve on public IP

Traefik Controller Dashboard

Can’t get this to work and no idea if it is valid:

vi traefik-custom-conf.yaml

apiVersion: helm.cattle.io/v1
kind: HelmChartConfig
metadata:
  name: traefik
  namespace: kube-system
spec:
  valuesContent: |-
    additionalArguments:
      - "--api"
      - "--api.dashboard=true"
      - "--api.insecure=true"
    ports:
      traefik:
        expose: true
    providers:
      kubernetesCRD:
        allowCrossNamespace: true

kubectl apply -f traefik-custom-conf.yaml
cp traefik-custom-conf.yaml /etc/rancher/k3s/server/manifests/

RKE Install

• manual RKE install by itself without using Rancher

Install docker with rancher script:

curl https://releases.rancher.com/install-docker/xxxxxversion-number.sh | sh

sysctl setting:

net.bridge.bridge-nf-call-iptables=1

https://github.com/rancher/rke/#latest-release

chmod +x rke
rke --version

Generate config, prompt:

rke config --name cluster.yml

Generate

rke config --empty --name cluster.yml

Bring it up:

rke up

Save these in a secure location:

• cluster.yml
• kube_config_cluster.yml
• cluster.rkestate