- Rancher server - manages and provisions kubernetes clusters
- RKE (Rancher Kubernetes Engine) - fully compliant distribution
- K3s (Lightweight Kubernetes) - fully compliant distribution, newer, easier, more lightweight
- RKE2 - has security and compliance for government use
RKE | needs docker |
k3s | does NOT need docker |
RKE2 | does NOT need docker |
Rancher Server
Run rancher server in docker:
sudo docker run –privileged -d –restart=unless-stopped -p 80:80 -p 443:443 rancher/rancher
- Acess Web GUI: https://192.168.3.231
- Get key from logs and spedify in web GUI setup
- Specify FQDN for hostname: kube-test1.lab.net
NOTE:
- installs K3s by default ( for local cluster )
- provision worker node VMs
- interact with kubctl
- can access kubectl CLI directly from web UI ( a button )
- node IP for default k3s cluster is not host that rancher was isntalled on, just the container that rancher was installed on
Rancher default cluster:
- k3s cluster but NOT a normal k3s cluster
- k3s cluster run as containers within the rancher container
- container within a container ( why privileged mode was needed to run the container for Rancher )
Get config directly from UI ( copy button ) and paste in here for kubectl to work from any host
vi .kube/config
Can exec into rancher container and:
- run kubectl commands
- view k3s logs
Create a cluster in a hosted Kubernetes provider
- Amazon EKS
- Azure AKS
- google GKE
Provision new nodes and create a cluster using RKE/RKE2/K3s
- Amazon EC2
- Azure
- DigitalOcean
- Harvester <= !
- Linode
- VMware vSphere
Use existing nodes and create a cluster using RKE/RKE2/K3s
- Custom
K3s
curl -sfL https://get.k3s.io | sh -
systemctl status k3s
sudo kubectl get all -n kube-system
sudo chmod 644 /etc/rancher/k3s/k3s.yaml # no sudo for kubectl commands, doesn't work for everything
/usr/local/bin/k3s-uninstall.sh # uninstall
This command exists:
k3s
- k3s comes with helm
Config file:
vi /etc/rancher/k3s/k3s.yaml
Get context for kubectl:
- K3s client config:
- on server: /etc/rancher/k3s/k3s.yaml
- copy to client here: .kube/config
- k3s still needs to serve on public IP
Traefik Controller Dashboard
Can’t get this to work and no idea if it is valid:
vi traefik-custom-conf.yaml
apiVersion: helm.cattle.io/v1
kind: HelmChartConfig
metadata:
name: traefik
namespace: kube-system
spec:
valuesContent: |-
additionalArguments:
- "--api"
- "--api.dashboard=true"
- "--api.insecure=true"
ports:
traefik:
expose: true
providers:
kubernetesCRD:
allowCrossNamespace: true
kubectl apply -f traefik-custom-conf.yaml
cp traefik-custom-conf.yaml /etc/rancher/k3s/server/manifests/
RKE Install
- manual RKE install by itself without using Rancher
Install docker with rancher script:
curl https://releases.rancher.com/install-docker/xxxxxversion-number.sh | sh
sysctl setting:
net.bridge.bridge-nf-call-iptables=1
https://github.com/rancher/rke/#latest-release
chmod +x rke
rke --version
Generate config, prompt:
rke config --name cluster.yml
Generate
rke config --empty --name cluster.yml
Bring it up:
rke up
Save these in a secure location:
- cluster.yml
- kube_config_cluster.yml
- cluster.rkestate