DEV Community

Cover image for Setup Rancher on EKS + ALB

Setup Rancher on EKS + ALB

In this article, I am going to show you how to setup Rancher on EKS with Application Load Balancer (ALB).

In case of using Amazon Certificate Manager (ACM) and want to terminate the SSL certificate on the Load Balancer:

  • Classic Load Balancer: Rancher needs to use WebSocket and Classic Load Balancer is not supporting WebSocket also AWS is not recommended to use it.
  • Network Load Balancer (NLB): is terminating traffic in tcp mode for port 443 rather than tls mode.
    The NLB does not inject the correct headers into requests when terminated at the NLB.

  • Application Load Balancer (ALB):
    if you want to use certificates managed by ACM, you should use ALB.

Rancher documentation is using nginx-ingress-controller and only creates Classic Load Balancer or Network Load Balancer.
We will use AWS Load Balancer Controller to create ALB for our Rancher.


1- Create EKS Cluster
2- Install AWS Load Balancer Controller
3- Register a domain in route53 or create a subdomain, ex:
4- Request a certificate from ACM
5- Install Rancher:

Add the Helm Chart Repository

helm repo add rancher-stable
Enter fullscreen mode Exit fullscreen mode

In the command below add the following:

  • The domain.
  • The ARN of your SSL certificate in step 3.
  • The public subnets ids of your VPC that will be used for the ALB.
helm install rancher rancher-stable/rancher --namespace cattle-system --set --set 'ingress.extraAnnotations.alb\.ingress\.kubernetes\.io/scheme=internet-facing' --set 'ingress.extraAnnotations.alb\.ingress\.kubernetes\.io/success-codes=200\,404\,301\,302' --set 'ingress.extraAnnotations.alb\.ingress\.kubernetes\.io/subnets=subnet-XXX\,subnet-XXX\,subnet-XXX' --set 'ingress.extraAnnotations.alb\.ingress\.kubernetes\.io/listen-ports=[{\"HTTP\": 80}\, {\"HTTPS\": 443}]' --set 'ingress.extraAnnotations.alb\.ingress\.kubernetes\.io/certificate-arn=arn:aws:acm:eu-central-1:XXX:certificate/XXX' --set 'ingress.extraAnnotations.kubernetes\.io/ingress\.class=alb'  --set replicas=3 --set tls=external --create-namespace
Enter fullscreen mode Exit fullscreen mode

6- Change the rancher service to use NodePort rather than ClusterIP, AWS Load Balancer Controller is not using ClusterIP

kubectl -n cattle-system patch svc rancher -p '{"spec": {"type": "NodePort"}}'
Enter fullscreen mode Exit fullscreen mode

7- Update your domain in route53 to point to the Application Load Balancer

8- Create the password first time for the admin user

echo$(kubectl get secret --namespace cattle-system bootstrap-secret -o go-template='{{.data.bootstrapPassword|base64decode}}')
Enter fullscreen mode Exit fullscreen mode


Discussion (3)

lauriekepford profile image
Laurie Kepford

I think my cluster was broken, because I started from scratch it worked like a charm.

lauriekepford profile image
Laurie Kepford

I have been looking everywhere for something like this! I tried to use this but got this error:
Error: UPGRADE FAILED: failed to create resource: Internal error occurred: failed calling webhook "": Post "aws-load-balancer-webhook-service.... no endpoints available for service "aws-load-balancer-webhook-service"

Notice the webhook name starts with a v.

No ALB is created.

mirezwanda profile image
Info Comment hidden by post author - thread only accessible via permalink

we can gain a lot of knowledge through this site . Spell casters near me

Some comments have been hidden by the post's author - find out more