1. Introduction to Rancher & RKE

1.1. Rancher Architecture

1.2. Disocvering RKE

  • RKE deploys Kubernetes components as docker containers
  • SSH is used to orchestrate RKE across servers
  • Cluster.yml contains all the information RKE needs to provision a Kubernetes cluster
  • You can supply your own certificates that Rancher will serve for its UI/API
  • RKE will support the Latest patch releases from the three most recent minor releases correct

1.2.1. Node Preparation

Installation Requirements

  • SSH user in docker group
  • Disable sawp on workers

Install docker curl https://releases.rancher.com/install-docker/19.03.sh | sh

  • Download and install RKE from https://github.com/rancher/rke/releases
  • Update path.
~$ rke --version
rke version v1.0.6

1.2.2. Creating the Cluster Configuration File

$ rke config

Answer questions and create cluster.yaml

$ rke up --ssh-agent-auth

Creating the Cluster Configuration File

1.2.3. Certificate Options

1.3. Day Two Operations For RKE

1.3.1. Secure the Installation Files

Save kube_config_cluster.yaml and cluster.rkestate

1.3.2. Backups and DR

  • Snapshot every 6 hours and keep it for 24 hours
  • or take manual snaphort rke etcd snapshort-save, which will save snapshot in /opt/rke/etcd-snapshots/ directory
  • minio to keep snapshots
  • rke etcd snapshot-restore --name BACKUP_FILE to restore

1.3.3. Upgrade an RKE Cluster

  • Use rke config to list the versions of Kubernetes supported by this version of rke
  • modify config to new version - Ref

1.3.4. Certificate Management

  • Automatic Certificate Rotation - rke cert rotate

1.3.5. Adding and Removing Nodes

  • amend the cluster.yaml and do rke up

2. Installing Rancher

$ docker run -d --restart=unless-stopped -p 80:80 -p 443:443 -v \
  /opt/rancher:/var/lib/rancher rancher/rancher:v2.4.1

or rancher/rancher:stable

  • persistent data at /var/lib/rancher (a docker volume)
  • -d daemonize
  • -p 80:80 -p 443:443 to pass throufh ports 80 and 443
  • --restart=undelss-stopped

  • Option A: Default Rancher-generated Self-signed Certificate
    docker run -d --restart=unless-stopped \
    -p 80:80 -p 443:443 \
    --privileged \
    rancher/rancher:latest
    
  • Option B: Bring Your Own Certificate, Self-signed
    docker run -d --restart=unless-stopped \
    -p 80:80 -p 443:443 \
    -v /<CERT_DIRECTORY>/<FULL_CHAIN.pem>:/etc/rancher/ssl/cert.pem \
    -v /<CERT_DIRECTORY>/<PRIVATE_KEY.pem>:/etc/rancher/ssl/key.pem \
    -v /<CERT_DIRECTORY>/<CA_CERTS.pem>:/etc/rancher/ssl/cacerts.pem \
    --privileged \
    rancher/rancher:latest
    
  • Option C: Bring Your Own Certificate, Signed by a Recognized CA
docker run -d --restart=unless-stopped \
  -p 80:80 -p 443:443 \
  -v /<CERT_DIRECTORY>/<FULL_CHAIN.pem>:/etc/rancher/ssl/cert.pem \
  -v /<CERT_DIRECTORY>/<PRIVATE_KEY.pem>:/etc/rancher/ssl/key.pem \
  --privileged \
  rancher/rancher:latest \
  --no-cacert
  • Option D: Let’s Encrypt Certificate
    docker run -d --restart=unless-stopped \
    -p 80:80 -p 443:443 \
    --privileged \
    rancher/rancher:latest \
    --acme-domain <YOUR.DNS.NAME>
    

Open the url(IP) in a browser and set admin password

Upgrading Rancher

Installing and Managing Rancher With Kubernetes - Deploying Into RKE

3. References