• 1. Introduction to Rancher & RKE
  • 1.1. Rancher Architecture
  • 1.2. Disocvering RKE
    • 1.2.1. Node Preparation
    • 1.2.2. Creating the Cluster Configuration File
    • 1.2.3. Certificate Options
  • 1.3. Day Two Operations For RKE
    • 1.3.1. Secure the Installation Files
    • 1.3.2. Backups and DR
    • 1.3.3. Upgrade an RKE Cluster
    • 1.3.4. Certificate Management
    • 1.3.5. Adding and Removing Nodes
• 2. Installing Rancher
  • Open the url(IP) in a browser and set admin password
  • Upgrading Rancher
  • Installing and Managing Rancher With Kubernetes - Deploying Into RKE
• 3. References

1. Introduction to Rancher & RKE

1.1. Rancher Architecture

1.2. Disocvering RKE

• RKE deploys Kubernetes components as docker containers
• SSH is used to orchestrate RKE across servers
• Cluster.yml contains all the information RKE needs to provision a Kubernetes cluster
• You can supply your own certificates that Rancher will serve for its UI/API
• RKE will support the Latest patch releases from the three most recent minor releases correct

1.2.1. Node Preparation

Installation Requirements

• SSH user in docker group
• Disable swap on workers

Install docker curl https://releases.rancher.com/install-docker/19.03.sh | sh

• Download and install RKE from https://github.com/rancher/rke/releases
• Update path.

~$ rke --version
rke version v1.0.6

1.2.2. Creating the Cluster Configuration File

$ rke config

Answer questions and create cluster.yaml

$ rke up --ssh-agent-auth

Creating the Cluster Configuration File

1.2.3. Certificate Options

1.3. Day Two Operations For RKE

1.3.1. Secure the Installation Files

Save kube_config_cluster.yaml and cluster.rkestate

1.3.2. Backups and DR

• Snapshot every 6 hours and keep it for 24 hours
• or take manual snaphort rke etcd snapshort-save, which will save snapshot in /opt/rke/etcd-snapshots/ directory
• minio to keep snapshots
• rke etcd snapshot-restore --name BACKUP_FILE to restore

1.3.3. Upgrade an RKE Cluster

• Use rke config to list the versions of Kubernetes supported by this version of rke
• modify config to new version - Ref

1.3.4. Certificate Management

• Automatic Certificate Rotation - rke cert rotate

1.3.5. Adding and Removing Nodes

• amend the cluster.yaml and do rke up

2. Installing Rancher

$ docker run -d --restart=unless-stopped -p 80:80 -p 443:443 -v \
  /opt/rancher:/var/lib/rancher rancher/rancher:v2.4.1

or rancher/rancher:stable

• persistent data at /var/lib/rancher (a docker volume)
• -d daemonize
• -p 80:80 -p 443:443 to pass throufh ports 80 and 443

• --restart=undelss-stopped

• Option A: Default Rancher-generated Self-signed Certificate

  docker run -d --restart=unless-stopped \
  -p 80:80 -p 443:443 \
  --privileged \
  rancher/rancher:latest
  

• Option B: Bring Your Own Certificate, Self-signed

  docker run -d --restart=unless-stopped \
  -p 80:80 -p 443:443 \
  -v /<CERT_DIRECTORY>/<FULL_CHAIN.pem>:/etc/rancher/ssl/cert.pem \
  -v /<CERT_DIRECTORY>/<PRIVATE_KEY.pem>:/etc/rancher/ssl/key.pem \
  -v /<CERT_DIRECTORY>/<CA_CERTS.pem>:/etc/rancher/ssl/cacerts.pem \
  --privileged \
  rancher/rancher:latest
  

• Option C: Bring Your Own Certificate, Signed by a Recognized CA

docker run -d --restart=unless-stopped \
  -p 80:80 -p 443:443 \
  -v /<CERT_DIRECTORY>/<FULL_CHAIN.pem>:/etc/rancher/ssl/cert.pem \
  -v /<CERT_DIRECTORY>/<PRIVATE_KEY.pem>:/etc/rancher/ssl/key.pem \
  --privileged \
  rancher/rancher:latest \
  --no-cacert

• Option D: Let’s Encrypt Certificate

  docker run -d --restart=unless-stopped \
  -p 80:80 -p 443:443 \
  --privileged \
  rancher/rancher:latest \
  --acme-domain <YOUR.DNS.NAME>
  

Open the url(IP) in a browser and set admin password

• Installing Rancher on a Single Node Using Docker

Upgrading Rancher

Installing and Managing Rancher With Kubernetes - Deploying Into RKE

3. References

• KMC - Hands On with K3s Support in Rancher 2.4 - 2020-06-16 (video)
• What’s the difference between k3s vs k8s