Provision Rancher & RKE Cluster

In this Article I will show about how to create Rancher RKE Cluster

Objective

• provision vm for rancher manger with Terraform
• provision 3 vm for rke cluster with Terraform
• set up rke cluster
• test rke cluster
• install rancher on rke cluster
• access rancher

Prerequisite

• Create UBuntu 20.04 onVCenter for RKE

Provision vm for rancher manger with Terraform

git clone https://github.com/dounpct/terraform-vm-rancher-manager.git

• fill data in terraform.tfvars

terraform init
terraform plan
terraform apply

• we can separate external tfvars that contain secret out of version control such as vsphere_password, vm_password and so on then we can run terraform with override var file
• Example of terraform-rancher-manager.tfvars

vsphere_server      = "10.10.10.1"
vsphere_user        = "jiw@vsphere.local"

vsphere_datacenter  = "DC-01"
vsphere_datastore   = "DS01_PROD"
vsphere_cluster     = "D3P-01"
vsphere_pool        = "POOL-PROD-01"
vsphere_network     = "DVS_PROD_APP_VL001_10.100.100.0"

virtual_template    = "tt2d-jiw-test-ubuntu-template-02"
vm_cpu              = "2"
vm_memory           =  "4096"

network_gateway     = "10.100.100.1"
network_netmask     = "23"
host_domain         = "domain.local"

vm_user         = "jiw"

vsphere_password = "12345678"
vm_password = "12345678"

virtual_machines = {
    tt2d-jiw-test-RancherMng = {
      ip = "10.100.100.10"
    }
  }

dns_server_list = ["10.100.100.1","10.100.100.2"]

terraform apply -var-file="/mnt/d/work-github/tfvar-secret/terraform-rancher-manager.tfvars"

• wait to provision

• you can ssh to your vm

Provision 3 vm for rke cluster with Terraform

git clone https://github.com/dounpct/terraform-vm-rancher-rke.git

• fill data in terraform.tfvars

fill 3 VM name and ip for RKE Cluster

virtual_machines = {
    tt2d-jiw-test-rancher-master-01 = {
      ip = ""
    }
    tt2d-jiw-test-rancher-master-02 = {
      ip = ""
    }
    tt2d-jiw-test-rancher-master-03 = {
      ip = ""
    }
  }

terraform init
terraform plan
terraform apply

• we can separate external tfvars that contain secret out of version control such as vsphere_password, vm_password and so on then we can run terraform with override var file
• Example of terraform-rancher-rke.tfvars

vsphere_server      = "10.10.10.1"
vsphere_user        = "jiw@vsphere.local"

vsphere_datacenter  = "DC-01"
vsphere_datastore   = "DS01_PROD"
vsphere_cluster     = "D3P-01"
vsphere_pool        = "POOL-PROD-01"
vsphere_network     = "DVS_PROD_APP_VL001_10.100.100.0"

virtual_template    = "tt2d-jiw-test-ubuntu-template-02"
vm_cpu              = "2"
vm_memory           =  "4096"

network_gateway     = "10.100.100.1"
network_netmask     = "23"
host_domain         = "domain.local"

vm_user         = "jiw"

vsphere_password = "12345678"
vm_password = "12345678"

virtual_machines = {
    tt2d-jiw-test-rancher-master-01 = {
      ip = "10.100.100.11"
    }
    tt2d-jiw-test-rancher-master-02 = {
      ip = "10.100.100.12"
    }
    tt2d-jiw-test-rancher-master-03 = {
      ip = "10.100.100.13"
    }
  }

dns_server_list = ["10.100.100.1","10.100.100.2"]

terraform apply -var-file="/mnt/d/work-github/tfvar-secret/terraform-rancher-rke.tfvars"

• wait to provision

• you can ssh to your vm

• you can ssh from Rancher Manger to 3 vm for rke cluster (without password need)

Set up rke cluster

• in rke Manager
• download rke

wget https://github.com/rancher/rke/releases/download/v1.4.0/rke_linux-amd64

refer : https://github.com/rancher/rke/#latest-release

mv rke_linux-amd64 rke
chmod +x rke
sudo cp rke /usr/local/bin

• check version kube compatible

rke config - list-version - all

• I recommend to use only version v1.23.12-rancher1–1 because rancher chart stable still how version v2.6.9 now and some chart can not use when we install kubernetes version more than 1.24

example for rancher-vsphere-csi

• create cluster.yml

cat > cluster.yml <<EOF
nodes:
  - address: x.x.x.x
    user: jiw
    role: [controlplane, etcd, worker]
  - address: x.x.x.x
    user: jiw
    role: [controlplane, etcd, worker]
  - address: x.x.x.x
    user: jiw
    role: [controlplane, etcd, worker]

cluster_name: rancher-manager-01
kubernetes_version: "v1.23.12-rancher1–1"

ingress:
  provider: nginx  
  options:
    use-forwarded-headers: "true"
EOF

change ip to your vm

we need 3 vm to create rke cluster each vm have all roles from rancher cluster reference

Architecture Recommendations | Rancher Manager

• Example Cluster.yml https://rancher.com/docs/rke/latest/en/example-yamls/

rke up
#or
rke up --config ./rancher-cluster.yml

• wait to finish

• if error about network or not found node or role . check valid user and ip that vm manager can connect to 3 vm rke cluster
• if you finish to fix may be you need to remove and run rke up again

rke remove
#wait
rke up

• check or restart docker in 3 vm rke cluster :

sudo systemctl restart docker

Test rke cluster

curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl
export KUBECONFIG=kube_config_cluster.yml
kubectl get nodes

Install rancher on rke cluster

• in rancher manager

export KUBECONFIG=kube_config_cluster.yml

kubectl create namespace cattle-system

wget https://get.helm.sh/helm-v3.8.2-linux-amd64.tar.gz
tar -zxvf helm-v3.8.2-linux-amd64.tar.gz
sudo mv linux-amd64/helm /usr/local/bin/helm

helm repo add jetstack https://charts.jetstack.io
helm repo update

helm install \
cert-manager jetstack/cert-manager \
--namespace cert-manager \
--create-namespace \
--version v1.8.0 \
--set installCRDs=true \
--set webhook.timeoutSeconds=30

kubectl get Issuers,ClusterIssuers,Certificates,CertificateRequests,Orders,Challenges --all-namespaces

helm repo add rancher-stable https://releases.rancher.com/server-charts/stable

helm install rancher rancher-stable/rancher \
--namespace cattle-system \
--set hostname=<your-rancher-url> \
--set bootstrapPassword=<admin-password>

• change <your-rancher-url> to your rancher url
• change <admin-password> to your rancher admin password

• get your admin password

kubectl get secret - namespace cattle-system bootstrap-secret -o go-template='{{.data.bootstrapPassword|base64decode}}{{ "\n" }}'

• check component of rancher

kubectl get all -n cattle-system

Access rancher

• set dns name <your-rancher-url> to one of 3 vm ip
• nslookup <your-rancher-url> must point to one of 3 vm ip
• https://<your-rancher-url>

• fill Bootstrap Password with <admin-password>
• fill New Password and Continue

Note: Password need complex and not too short

— — — — — — — — — — — — — — — — — — — — — — — — — — — — —

Credit : TrueDigitalGroup

— — — — — — — — — — — — — — — — — — — — — — — — — — — — —

More Ref:

https://docs.ranchermanager.rancher.io/how-to-guides/new-user-guides/kubernetes-cluster-setup/rke1-for-rancher

Next Topic

• Provision RKE Cluster with Rancher (Customs)
• Provision RKE Cluster with Rancher (Vsphere)