DEV Community

balajivedagiri
balajivedagiri

Posted on

Installing Rancher on a highly available RKE2 cluster

Rancher is a complete software stack for teams adopting containers. It addresses the operational and security challenges of managing multiple Kubernetes clusters across any infrastructure.

Below is a sample rancher architecture.

Image description

We are going to install a 3 node rke2 kubernetes cluster and install rancher in the rke2 cluster using Helm.

1. Create a private Loadbalancer

Create a L4 loadbalancer with the first rke2 node as backendpool( once rest of the two nodes are added to the rke2 cluster, you can add the 2 rke2 nodes to loadbalancer backendpool), and below are ports that loadbalancer and backend traffic should be listening on,

1) 9345 to register new nodes
2) 6443 for Kubernetes API Server

2. Maintain the host entries on the rke2 nodes like below

maintain a hostname/dns for the loadbalancer vip that is created in the first setup. Here i am pointing dns/hostname "rke2.mydomain.ae" to my loadbalancer vip 182.17.12.5

172.17.11.11 rancher01
172.17.11.12 rancher02
172.17.11.13 rancher03
172.17.12.5 rke2.mydomain.ae

3. Launch the first server node

3a. adding hostnames or IP for tls

To avoid certificate errors with the fixed registration address, you should launch the server with the tls-san parameter set. This option adds an additional hostname or IP as a Subject Alternative Name in the server's TLS cert, and it can be specified as a list if you would like to access via both the IP and the hostname.

root@rancher01:~# mkdir -p /etc/rancher/rke2/
Enter fullscreen mode Exit fullscreen mode

Note: below i maintained all my nodes ip's, hostnames and including loadbalancer dns name that points to loadbalancer vip that was created in the first step.

root@rancher01:~# cat /etc/rancher/rke2/config.yaml
tls-san:
  - rke2.mydomain.ae
  - 172.17.11.11
  - rancher01
  - 172.17.11.12
  - rancher02
  - 172.17.11.13
  - rancher03
root@rancher01:~#
Enter fullscreen mode Exit fullscreen mode

3b. Installing rke2

Here i am pulling the latest stable rke2 release.

root@rancher01:~# curl -sfL https://get.rke2.io | sh -
[INFO]  finding release for channel stable
[INFO]  using v1.23.9+rke2r1 as release
[INFO]  downloading checksums at https://github.com/rancher/rke2/releases/download/v1.23.9+rke2r1/sha256sum-amd64.txt
[INFO]  downloading tarball at https://github.com/rancher/rke2/releases/download/v1.23.9+rke2r1/rke2.linux-amd64.tar.gz
[INFO]  verifying tarball
[INFO]  unpacking tarball file to /usr/local
root@rancher01:~#
Enter fullscreen mode Exit fullscreen mode
root@rancher01:~# systemctl start rke2-server.service

Enter fullscreen mode Exit fullscreen mode

Note: When the rke2-server service is started for the first time , it will take few minutes as it needs to pull all the images need to spin up the cluster. So don't panic.
If you want, you can monitor the setup process using the command "journalctl -u rke2-server -f"

root@rancher01:~# systemctl status rke2-server.service
● rke2-server.service - Rancher Kubernetes Engine v2 (server)
     Loaded: loaded (/usr/local/lib/systemd/system/rke2-server.service; enabled; vendor preset: enabled)
     Active: active (running) since Thu 2022-08-25 18:22:05 +04; 1min 15s ago
       Docs: https://github.com/rancher/rke2#readme
    Process: 235133 ExecStartPre=/bin/sh -xc ! /usr/bin/systemctl is-enabled --quiet nm-cloud-setup.service (code=exited, status=0/SUCCESS)
    Process: 235135 ExecStartPre=/sbin/modprobe br_netfilter (code=exited, status=0/SUCCESS)
    Process: 235136 ExecStartPre=/sbin/modprobe overlay (code=exited, status=0/SUCCESS)
   Main PID: 235138 (rke2)
      Tasks: 181
     Memory: 3.4G
     CGroup: /system.slice/rke2-server.service
             ├─235138 /usr/local/bin/rke2 server
             ├─235177 containerd -c /var/lib/rancher/rke2/agent/etc/containerd/config.toml -a /run/k3s/containerd/containerd.sock --state /run/k3s/containerd --root /var/lib/rancher/rke2/a>
             ├─235290 kubelet --volume-plugin-dir=/var/lib/kubelet/volumeplugins --file-check-frequency=5s --sync-frequency=30s --address=0.0.0.0 --alsologtostderr=false --anonymous-auth=f>
Enter fullscreen mode Exit fullscreen mode

Note:

After running this installation rke2-server service will be installed. The rke2-server service will be configured to automatically restart after node reboots or if the process crashes or is killed.

Additional utilities will be installed at /var/lib/rancher/rke2/bin/. They include: kubectl, crictl, and ctr. Note that these are not on your path by default.

Two cleanup scripts will be installed to the path at /usr/local/bin/rke2. They are: rke2-killall.sh and rke2-uninstall.sh.

A kubeconfig file will be written to /etc/rancher/rke2/rke2.yaml.

A token that can be used to register other server or agent nodes will be created at /var/lib/rancher/rke2/server/node-token

3c. Accessing the cluster

rke2 will automatically download the kubectl needed, i will be available in below location.

root@rancher01:~# ll /var/lib/rancher/rke2/bin/
total 315140
drwxr-xr-x 2 root root       176 Aug 25 18:20 ./
drwxr-xr-x 4 root root        31 Aug 25 18:20 ../
-rwxr-xr-x 1 root root  54096264 Aug 25 18:20 containerd*
-rwxr-xr-x 1 root root   7369488 Aug 25 18:20 containerd-shim*
-rwxr-xr-x 1 root root  11527464 Aug 25 18:20 containerd-shim-runc-v1*
-rwxr-xr-x 1 root root  11539944 Aug 25 18:20 containerd-shim-runc-v2*
-rwxr-xr-x 1 root root  35018008 Aug 25 18:20 crictl*
-rwxr-xr-x 1 root root  20463560 Aug 25 18:20 ctr*
-rwxr-xr-x 1 root root  49328448 Aug 25 18:20 kubectl*
-rwxr-xr-x 1 root root 122372296 Aug 25 18:20 kubelet*
-rwxr-xr-x 1 root root  10961304 Aug 25 18:20 runc*
Enter fullscreen mode Exit fullscreen mode
root@rancher01:~# cp /var/lib/rancher/rke2/bin/kubectl /usr/local/bin/

root@rancher01:~# chmod +x /usr/local/bin/kubectl
Enter fullscreen mode Exit fullscreen mode
root@rancher01:~# cat /etc/rancher/rke2/rke2.yaml
apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: 
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    server: https://127.0.0.1:6443
  name: default
contexts:
- context:
    cluster: default
    user: default
  name: default
current-context: default
kind: Config
preferences: {}
users:
- name: default
  user:
    client-certificate-data: 
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    client-key-data: 
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Enter fullscreen mode Exit fullscreen mode

Set the KUBECONFIG env variable as specified below

root@rancher01:~# export KUBECONFIG=/etc/rancher/rke2/rke2.yaml
root@rancher01:~#
root@rancher01:~# kubectl get nodes -o wide
NAME               STATUS   ROLES                       AGE     VERSION          INTERNAL-IP      EXTERNAL-IP   OS-IMAGE             KERNEL-VERSION      CONTAINER-RUNTIME
rancher01   Ready    control-plane,etcd,master   3m31s   v1.23.9+rke2r1   172.17.11.11   <none>        Ubuntu 20.04.4 LTS   5.4.0-100-generic   containerd://1.5.13-k3s1
root@rancher01:~#
Enter fullscreen mode Exit fullscreen mode
root@rancher01:~# kubectl get all -A
NAMESPACE     NAME                                                        READY   STATUS      RESTARTS   AGE
kube-system   pod/cloud-controller-manager-rancher01               1/1     Running     0          5m24s
kube-system   pod/etcd-rancher01                                   1/1     Running     0          5m21s
kube-system   pod/helm-install-rke2-canal-kdm5c                           0/1     Completed   0          5m12s
kube-system   pod/helm-install-rke2-coredns-jnzgh                         0/1     Completed   0          5m12s
kube-system   pod/helm-install-rke2-ingress-nginx-bsxkp                   0/1     Completed   0          5m12s
kube-system   pod/helm-install-rke2-metrics-server-8vn8f                  0/1     Completed   0          5m12s
kube-system   pod/kube-apiserver-rancher01                         1/1     Running     0          4m59s
kube-system   pod/kube-controller-manager-rancher01                1/1     Running     0          5m25s
kube-system   pod/kube-proxy-rancher01                             1/1     Running     0          5m23s
kube-system   pod/kube-scheduler-rancher01                         1/1     Running     0          4m48s
kube-system   pod/rke2-canal-vkr74                                        2/2     Running     0          4m57s
kube-system   pod/rke2-coredns-rke2-coredns-545d64676-s7hhs               1/1     Running     0          4m57s
kube-system   pod/rke2-coredns-rke2-coredns-autoscaler-5dd676f5c7-fvdhw   1/1     Running     0          4m57s
kube-system   pod/rke2-ingress-nginx-controller-67zjf                     1/1     Running     0          4m11s
kube-system   pod/rke2-metrics-server-6564db4569-vllzm                    1/1     Running     0          4m29s

NAMESPACE     NAME                                              TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)         AGE
default       service/kubernetes                                ClusterIP   10.43.0.1       <none>        443/TCP         5m28s
kube-system   service/rke2-coredns-rke2-coredns                 ClusterIP   10.43.0.10      <none>        53/UDP,53/TCP   4m58s
kube-system   service/rke2-ingress-nginx-controller-admission   ClusterIP   10.43.188.253   <none>        443/TCP         4m11s
kube-system   service/rke2-metrics-server                       ClusterIP   10.43.43.187    <none>        443/TCP         4m29s

NAMESPACE     NAME                                           DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR            AGE
kube-system   daemonset.apps/rke2-canal                      1         1         1       1            1           kubernetes.io/os=linux   4m57s
kube-system   daemonset.apps/rke2-ingress-nginx-controller   1         1         1       1            1           kubernetes.io/os=linux   4m11s

NAMESPACE     NAME                                                   READY   UP-TO-DATE   AVAILABLE   AGE
kube-system   deployment.apps/rke2-coredns-rke2-coredns              1/1     1            1           4m58s
kube-system   deployment.apps/rke2-coredns-rke2-coredns-autoscaler   1/1     1            1           4m58s
kube-system   deployment.apps/rke2-metrics-server                    1/1     1            1           4m29s

NAMESPACE     NAME                                                              DESIRED   CURRENT   READY   AGE
kube-system   replicaset.apps/rke2-coredns-rke2-coredns-545d64676               1         1         1       4m58s
kube-system   replicaset.apps/rke2-coredns-rke2-coredns-autoscaler-5dd676f5c7   1         1         1       4m58s
kube-system   replicaset.apps/rke2-metrics-server-6564db4569                    1         1         1       4m29s

NAMESPACE     NAME                                         COMPLETIONS   DURATION   AGE
kube-system   job.batch/helm-install-rke2-canal            1/1           17s        5m23s
kube-system   job.batch/helm-install-rke2-coredns          1/1           17s        5m23s
kube-system   job.batch/helm-install-rke2-ingress-nginx    1/1           68s        5m23s
kube-system   job.batch/helm-install-rke2-metrics-server   1/1           46s        5m23s
root@rancher01:~#
Enter fullscreen mode Exit fullscreen mode

**

4. Adding Second server node to the cluster

**

4a. Setting up the Second server node

First copy the node token generated from the first server node as highlighted below.

root@rancher01:/var/lib/rancher# cat /var/lib/rancher/rke2/server/node-token
K10d11c154bab23851058711225726a1189ba7f00642b87c82e0b7407cdfc25c82d::server:2ffddc9f0d8901c2b6e30bde043850e1
root@rancher01:/var/lib/rancher#
Enter fullscreen mode Exit fullscreen mode
root@rancher01:~# mkdir -p /etc/rancher/rke2/
Enter fullscreen mode Exit fullscreen mode

Maintain the config.yaml as below,

root@rancher01:~# cat /etc/rancher/rke2/config.yaml
token: K10d11c154bab23851058711225726a1189ba7fasfsafalsfasf8a8f9saf::server:2ffddc9f0dasdfasf9a898980
server: https://rke2.mydomain.ae:9345
tls-san:
  - rke2.mydomain.ae
  - 172.17.11.11
  - rancher01
  - 172.17.11.12
  - rancher02
  - 172.17.11.13
  - rancher03
Enter fullscreen mode Exit fullscreen mode

Ensure host entry on the second server node is setup similar to first server node.

cat /etc/hosts
172.17.11.11    rancher01
172.17.11.12    rancher02
172.17.11.13    rancher03
172.16.132.35   rke2.mydomain.ae
Enter fullscreen mode Exit fullscreen mode

4b. Installing rke2 on the second server node

root@rancher02:~# curl -sfL https://get.rke2.io | sh -
[INFO]  finding release for channel stable
[INFO]  using v1.23.9+rke2r1 as release
[INFO]  downloading checksums at https://github.com/rancher/rke2/releases/download/v1.23.9+rke2r1/sha256sum-amd64.txt
[INFO]  downloading tarball at https://github.com/rancher/rke2/releases/download/v1.23.9+rke2r1/rke2.linux-amd64.tar.gz
[INFO]  verifying tarball
[INFO]  unpacking tarball file to /usr/local
root@rancher02:~#
Enter fullscreen mode Exit fullscreen mode

we ran into an issue. Second server nodes didn't start, below is the error

journalctl -u rke2-server -f

Aug 25 18:56:40 rancher02 systemd[1]: Failed to start Rancher Kubernetes Engine v2 (server).
Aug 25 18:56:45 rancher02 systemd[1]: rke2-server.service: Scheduled restart job, restart counter is at 15.
Aug 25 18:56:45 rancher02 systemd[1]: Stopped Rancher Kubernetes Engine v2 (server).
Aug 25 18:56:45 rancher02 systemd[1]: Starting Rancher Kubernetes Engine v2 (server)...
Aug 25 18:56:45 rancher02 sh[195790]: + /usr/bin/systemctl is-enabled --quiet nm-cloud-setup.service
Aug 25 18:56:45 rancher02 sh[195798]: /bin/sh: 1: /usr/bin/systemctl: not found
Aug 25 18:56:45 rancher02 rke2[195804]: time="2022-08-25T18:56:45+04:00" level=warning msg="not running in CIS mode"
Aug 25 18:56:45 rancher02 rke2[195804]: time="2022-08-25T18:56:45+04:00" level=info msg="Starting rke2 v1.23.9+rke2r1 (2d206eba8d0180351408dbed544c852b6b4fdd42)"
Aug 25 18:57:05 rancher02 rke2[195804]: time="2022-08-25T18:57:05+04:00" level=fatal msg="starting kubernetes: preparing server: failed to get CA certs: Get \"https://rke2.mydomain.ae:9345/cacerts\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)"
Aug 25 18:57:05 rancher02 systemd[1]: rke2-server.service: Main process exited, code=exited, status=1/FAILURE
Aug 25 18:57:05 rancher02 systemd[1]: rke2-server.service: Failed with result 'exit-code'.
Aug 25 18:57:05 rancher02 systemd[1]: Failed to start Rancher Kubernetes Engine v2 (server).
Enter fullscreen mode Exit fullscreen mode

As per the log above, it says failed to get CA certs: Get \"https://rke2.mydomain.ae:9345/cacerts\"

When we accessed the same cacerts using first node hostname, it works. It returns the certificate.

root@rancher01:~# curl https://rancher01:9345/cacerts -k
-----BEGIN CERTIFICATE-----
cnZlci1jYUAxNjYxNDM4NDI1MB4XDTIyMDgyNTE0NDAyNVoXDTMyMDgyMjE0NDA
dc5sEBfQUANmtPK4ckGrMYpYmFT5EAyBMnmoNRB0brnfxFCjQjBAMA4GA1UdDwEB
NVowJDEiMCAGA1UEAwwZcmtlMi1zZXJ2ZXItY2FAMTY2MTQzODQyNTBZMBMGByqG
SM49AgEGCCqGSM49AwEHA0IABG7NRoHKS8bDW1IZZE2gGxGrEYCDUfvWtSk/xw3R
dc5sEBfQUANmtPK4ckGrMYpYmFT5EAyBMnmoNRB0brnfxFCjQjBAMA4GA1UdDwEB
/wQEAwICpDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQ/5eGLG0uix3SOpwhc
pDJr95aaEzAKBggqhkjOPQQDAgNIADBFAiEA26zz5tif+FH7UT6VbJp8ig631yMV
APBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQ/5eGLG0uix3SOpwhc
-----END CERTIFICATE-----
root@rancher01:~#
Enter fullscreen mode Exit fullscreen mode
root@rancher01:~# curl https://rke2.mydomain.ae:9345/cacerts
^C
Enter fullscreen mode Exit fullscreen mode

we are able to get the CA cert using node ip or hostname but not with vip. There was an issue in loadbalancer config, after correcting the config in loadbalancer.

root@rancher01:~# curl https://rke2.mydomain.ae:9345/cacerts -k
-----BEGIN CERTIFICATE-----
cnZlci1jYUAxNjYxNDM4NDI1MB4XDTIyMDgyNTE0NDAyNVoXDTMyMDgyMjE0NDA
dc5sEBfQUANmtPK4ckGrMYpYmFT5EAyBMnmoNRB0brnfxFCjQjBAMA4GA1UdDwEB
NVowJDEiMCAGA1UEAwwZcmtlMi1zZXJ2ZXItY2FAMTY2MTQzODQyNTBZMBMGByqG
SM49AgEGCCqGSM49AwEHA0IABG7NRoHKS8bDW1IZZE2gGxGrEYCDUfvWtSk/xw3R
dc5sEBfQUANmtPK4ckGrMYpYmFT5EAyBMnmoNRB0brnfxFCjQjBAMA4GA1UdDwEB
/wQEAwICpDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQ/5eGLG0uix3SOpwhc
pDJr95aaEzAKBggqhkjOPQQDAgNIADBFAiEA26zz5tif+FH7UT6VbJp8ig631yMV
APBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQ/5eGLG0uix3SOpwhc
-----END CERTIFICATE-----
root@rancher01:~#
Enter fullscreen mode Exit fullscreen mode
root@rancher02:~# systemctl status rke2-server.service
● rke2-server.service - Rancher Kubernetes Engine v2 (server)
     Loaded: loaded (/usr/local/lib/systemd/system/rke2-server.service; enabled; vendor preset: enabled)
     Active: active (running) since Thu 2022-08-25 19:10:15 +04; 1min 13s ago
       Docs: https://github.com/rancher/rke2#readme
    Process: 198178 ExecStartPre=/bin/sh -xc ! /usr/bin/systemctl is-enabled --quiet nm-cloud-setup.service (code=exited, status=0/SUCCESS)
    Process: 198180 ExecStartPre=/sbin/modprobe br_netfilter (code=exited, status=0/SUCCESS)
    Process: 198181 ExecStartPre=/sbin/modprobe overlay (code=exited, status=0/SUCCESS)
   Main PID: 198182 (rke2)
      Tasks: 142
     Memory: 3.7G
     CGroup: /system.slice/rke2-server.service
             ├─198182 /usr/local/bin/rke2 server
             ├─198192 containerd -c /var/lib/rancher/rke2/agent/etc/containerd/config.toml -a /run/k3s/containerd/containerd.sock --state /run/k3s/containerd --root /var/lib/rancher/rke2/a>

root@rancher02:~#
Enter fullscreen mode Exit fullscreen mode

4c.Access the cluster from first server node

root@rancher01:~# kubectl get nodes -o wide
NAME               STATUS   ROLES                       AGE    VERSION          INTERNAL-IP      EXTERNAL-IP   OS-IMAGE             KERNEL-VERSION      CONTAINER-RUNTIME
rancher01   Ready    control-plane,etcd,master   30m    v1.23.9+rke2r1   172.17.11.11   <none>        Ubuntu 20.04.4 LTS   5.4.0-100-generic   containerd://1.5.13-k3s1
rancher02   Ready    control-plane,etcd,master   2m8s   v1.23.9+rke2r1   172.17.11.12   <none>        Ubuntu 20.04.4 LTS   5.4.0-100-generic   containerd://1.5.13-k3s1
root@rancher01:~#
Enter fullscreen mode Exit fullscreen mode

5. Adding third server node to the cluster.

root@rancher03:~# mkdir -p /etc/rancher/rke2/
Enter fullscreen mode Exit fullscreen mode
root@rancher03:~# cat /etc/rancher/rke2/config.yaml

token: K10d11c154bab23851058711225726a1189ba7fasfsafalsfasf8a8f9saf::server:2ffddc9f0dasdfasf9a898980
server: https://rke2.mydomain.ae:9345
tls-san:
  - rke2.mydomain.ae
  - 172.17.11.11
  - rancher01
  - 172.17.11.12
  - rancher02
  - 172.17.11.13
  - rancher03
Enter fullscreen mode Exit fullscreen mode
cat /etc/hosts
172.17.11.11    rancher01
172.17.11.12    rancher02
172.17.11.13    rancher03
172.16.132.35   rke2.mydomain.ae
Enter fullscreen mode Exit fullscreen mode
root@rancher03:~# curl -sfL https://get.rke2.io | sh -
[INFO]  finding release for channel stable
[INFO]  using v1.23.9+rke2r1 as release
[INFO]  downloading checksums at https://github.com/rancher/rke2/releases/download/v1.23.9+rke2r1/sha256sum-amd64.txt
[INFO]  downloading tarball at https://github.com/rancher/rke2/releases/download/v1.23.9+rke2r1/rke2.linux-amd64.tar.gz
[INFO]  verifying tarball
[INFO]  unpacking tarball file to /usr/local
root@rancher03:~#
Enter fullscreen mode Exit fullscreen mode
root@rancher03:~# systemctl status rke2-server.service
● rke2-server.service - Rancher Kubernetes Engine v2 (server)
     Loaded: loaded (/usr/local/lib/systemd/system/rke2-server.service; disabled; vendor preset: enabled)
     Active: inactive (dead)
       Docs: https://github.com/rancher/rke2#readme
root@rancher03:~#
Enter fullscreen mode Exit fullscreen mode
root@rancher03:~# systemctl enable rke2-server.service
Created symlink /etc/systemd/system/multi-user.target.wants/rke2-server.service → /usr/local/lib/systemd/system/rke2-server.service.
root@rancher03:~#
Enter fullscreen mode Exit fullscreen mode
root@rancher03:~# systemctl start rke2-server.service
root@rancher03:~#
Enter fullscreen mode Exit fullscreen mode
root@rancher01:~# kubectl get nodes -o wide
NAME               STATUS   ROLES                       AGE   VERSION          INTERNAL-IP      EXTERNAL-IP   OS-IMAGE             KERNEL-VERSION      CONTAINER-RUNTIME
rancher01   Ready    control-plane,etcd,master   39m   v1.23.9+rke2r1   172.17.11.11   <none>        Ubuntu 20.04.4 LTS   5.4.0-100-generic   containerd://1.5.13-k3s1
rancher02   Ready    control-plane,etcd,master   11m   v1.23.9+rke2r1   172.17.11.12   <none>        Ubuntu 20.04.4 LTS   5.4.0-100-generic   containerd://1.5.13-k3s1
rancher03   Ready    control-plane,etcd,master   54s   v1.23.9+rke2r1   172.17.11.13   <none>        Ubuntu 20.04.4 LTS   5.4.0-100-generic   containerd://1.5.13-k3s1
root@rancher01:~#
Enter fullscreen mode Exit fullscreen mode

**

6. Installing Rancher using HELM on the rke2 3 node cluster.

**

root@rancher01:~# wget https://get.helm.sh/helm-v3.9.4-linux-amd64.tar.gz
--2022-08-25 19:37:08--  https://get.helm.sh/helm-v3.9.4-linux-amd64.tar.gz
Resolving get.helm.sh (get.helm.sh)... 152.199.21.175, 2606:2800:233:1cb7:261b:1f9c:2074:3c
Connecting to get.helm.sh (get.helm.sh)|152.199.21.175|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 14026634 (13M) [application/x-tar]
Saving to: ‘helm-v3.9.4-linux-amd64.tar.gz’

helm-v3.9.4-linux-amd64.tar.gz                  100%[====================================================================================================>]  13.38M  --.-KB/s    in 0.06s

2022-08-25 19:37:08 (233 MB/s) - ‘helm-v3.9.4-linux-amd64.tar.gz’ saved [14026634/14026634]

Enter fullscreen mode Exit fullscreen mode
root@rancher01:~# tar -zxvf helm-v3.8.2-linux-amd64.tar.gz
linux-amd64/
linux-amd64/helm
linux-amd64/LICENSE
linux-amd64/README.md
Enter fullscreen mode Exit fullscreen mode
root@rancher01:~# cd linux-amd64/

root@rancher01:~/linux-amd64# ls
helm  LICENSE  README.md
Enter fullscreen mode Exit fullscreen mode
root@rancher01:~/linux-amd64# cp -pr helm /usr/local/bin/
root@rancher01:~/linux-amd64# which helm
/usr/local/bin/helm
Enter fullscreen mode Exit fullscreen mode
root@rancher01:~# helm repo add rancher-stable https://releases.rancher.com/server-charts/stable

"rancher-stable" has been added to your repositories
root@rancher01:~#
Enter fullscreen mode Exit fullscreen mode
root@rancher01:~# helm repo update
Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "rancher-stable" chart repository
Update Complete. ⎈Happy Helming!⎈
root@rancher01:~#
Enter fullscreen mode Exit fullscreen mode
root@rancher01:~# kubectl create namespace cattle-system
namespace/cattle-system created
root@rancher01:~#
Enter fullscreen mode Exit fullscreen mode

Below we have set tls=external since we will be installing the tls/ssl certificates in the loadbalancer. You can setup according to your needs. Refer rancher documentation below for more information.

https://docs.ranchermanager.rancher.io/pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster

root@rancher01:~# helm install rancher rancher-stable/rancher --namespace cattle-system --set hostname=rancher.mydomain.com --set bootstrapPassword='mypassword123' --set tls=external
NAME: rancher
LAST DEPLOYED: Thu Aug 25 19:57:37 2022
NAMESPACE: cattle-system
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
Rancher Server has been installed.

NOTE: Rancher may take several minutes to fully initialize. Please standby while Certificates are being issued, Containers are started and the Ingress rule comes up.

Check out our docs at https://rancher.com/docs/

If you provided your own bootstrap password during installation, browse to https://rancher.mydomain.com to get started.

If this is the first time you installed Rancher, get started by running this command and clicking the URL it generates:


echo https://rancher.mydomain.com/dashboard/?setup=$(kubectl get secret --namespace cattle-system bootstrap-secret -o go-template='{{.data.bootstrapPassword|base64decode}}')


To get just the bootstrap password on its own, run:


kubectl get secret --namespace cattle-system bootstrap-secret -o go-template='{{.data.bootstrapPassword|base64decode}}{{ "\n" }}'



Happy Containering!
root@rancher01:~#
Enter fullscreen mode Exit fullscreen mode
root@rancher01:~# kubectl get all -n cattle-system
NAME                           READY   STATUS              RESTARTS   AGE
pod/rancher-75b7b67cbb-lrh7z   0/1     ContainerCreating   0          9s
pod/rancher-75b7b67cbb-nqt85   0/1     ContainerCreating   0          9s
pod/rancher-75b7b67cbb-rjggf   0/1     ContainerCreating   0          9s

NAME              TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)          AGE
service/rancher   ClusterIP   10.43.251.67   <none>        80/TCP,443/TCP   9s

NAME                      READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/rancher   0/3     3            0           9s

NAME                                 DESIRED   CURRENT   READY   AGE
replicaset.apps/rancher-75b7b67cbb   3         3         0       9s
root@rancher01:~#
Enter fullscreen mode Exit fullscreen mode

After few mins,

root@rancher01:~# kubectl get all -n cattle-system
NAME                           READY   STATUS    RESTARTS   AGE
pod/rancher-75b7b67cbb-lrh7z   1/1     Running   0          93s
pod/rancher-75b7b67cbb-nqt85   1/1     Running   0          93s
pod/rancher-75b7b67cbb-rjggf   1/1     Running   0          93s

NAME              TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)          AGE
service/rancher   ClusterIP   10.43.251.67   <none>        80/TCP,443/TCP   93s

NAME                      READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/rancher   3/3     3            3           93s

NAME                                 DESIRED   CURRENT   READY   AGE
replicaset.apps/rancher-75b7b67cbb   3         3         3       93s
root@rancher01:~#
Enter fullscreen mode Exit fullscreen mode

To login to the UI, use the dns name that was using during the helm installation. For testing you can point the dns/hostname to the loadbalancer ip or any node ip.

https://rancher.mydomain.com or http://rancher.mydomain.com

Image description

Image description

Latest comments (1)

Collapse
 
purewalrs profile image
Ranj Purewal

Hi, Good article, one question , what change did you make to load balancer config to get the second node connected ? I'm trying to use an azure load balancer with my custom cluster setup