Welcome to the part two of my Kubernetes practical tutorial. It’s time to say a bit more about the Rancher. If you followed my previous installation guide, your new instance should consist of two EC2 t3.medium instances. One is the Rancher management host, the second one is the worker (first k8s cluster node). Let’s go for a quick walk through the Rancher GUI.

rancher1

After the initial login, you should see the main global section where your Kubernetes clusters are listed. So far, you will see only one cluster called “quickstart”, which consist of one node (as defined in our initial terraform setup).

rancher7

Let’s click on the cluster name to open the main dashboard of our cluster. Here you should see some interesting facts, like current CPU and Memory reservations or the number of running PODs.

rancher8

This window also allows us to run the interactive shell with configured kubectl utility, or copy the Kubeconfig File to configure it in our own PCs. For those, still not familiar with the Kubernetes, kubectl is the main CLI to manage the Kubernetes infrastructure.

rancher9

From the top menu, you can configure more options related to our k8s clusters. For example persistent storage, projects / namespaces, members (authorized to access) of our clusters as well as configure alerts and notification. Everything in a nice, user-friendly fashion. Isn’t it really nice?

The truth powerful of the Rancher comes with the configuration of the Kubernetes clusters. Let’s create a new one for the demo purposes. From the top menu, select quick start and go to global section. On the right side, you should see the “Add Cluster” button. Click on it. Let’s have a look what we’ve got here.

rancher10

We can decide, where we want to deploy our new cluster. There are many available options, like hosted Kubernetes providers - Google (GCE), Amazon (EKS) or even Azure (AKS). We can select also from our own managed hosts (Amazon EC2, Microsoft Azure or Digital Ocean), on-premises solutions (vSphere) or finally our own custom setup. Rancher allows also to import our existing cluster which is really good.

For the purpose of this tutorial, I’m going to select Amazon EC2 option. I’ll name it “mycloudfun”. I’ll leave Member Roles as default for now. In the cluster options, we can configure many parameters of our cluster. I’m going to change only Cloud Provider to “Amazon”, in order to allow my Kubernetes cluster use the AWS load balancer.

rancher11

You will get the warning message informed you that this option required some extra perquisites (configured IAM roles). We will take care of them soon. More information about available options can be found in official documentation at https://rancher.com/docs/rancher/v2.x/en/cluster-provisioning/rke-clusters/options/ In the Node Pools section, we must specify the numbers of our cluster nodes and their roles. But before you do this, we must configure the Node Template. Let’s click on it, to start the wizard. The first step is to provide the region and account access details to our AWS account.

rancher12

Next select the Zone and Network details (make sure you selected the subnet, which is located in the same VPC as your Rancher instance – which should be default VPC. Otherwise, you must make sure that communication between the Rancher management host and our cluster nodes is not blocked by the Firewall (Security Groups). Go next, and select Standard security group (Rancher will automatically create the one for your). In the instance options, select the instance type (I’m going to use t3.small to avoid extra costs). You must also specify the AMI version (the lists of available AMIs is available in the link next to the AMI option). Make sure you selected the AMI available in your current region. Another important thing is to create an IAM Instance Profile Policy and attach it to the EC2 instance. You can find, the ready to go template at https://rancher.com/docs/rancher/v2.x/en/cluster-provisioning/rke-clusters/options/cloud-providers/.

You can use my awscli script to create the desired policy:

$ cat << EOF >> rancher-role.json
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "",
            "Effect": "Allow",
            "Principal": {
                "Service": "ec2.amazonaws.com"
            },
            "Action": "sts:AssumeRole"
        }
    ]
}
EOF

$ cat << EOF >> rancher-policy.json
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "ec2:Describe*",
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": "ec2:AttachVolume",
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": "ec2:DetachVolume",
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": ["ec2:*"],
      "Resource": ["*"]
    },
    {
      "Effect": "Allow",
      "Action": ["elasticloadbalancing:*"],
      "Resource": ["*"]
    }
  ]
}
EOF
$ aws iam create-instance-profile --instance-profile-name rancher-node
$ aws iam create-role --role-name rancher-node --assume-role-policy-document file://rancher-role.json
$ aws iam put-role-policy --role-name rancher-node --policy-name rancher-policy --policy-document file://rancher-policy.json
$ aws iam add-role-to-instance-profile --instance-profile rancher-node --role-name rancher-node

Once completed, attach the “rancher-node” policy to our template. What is also important, please use “rancher” as SSH User. The EC2 instance provisioned by Rancher is using this user to communication over SSH. I spent a lot of time struggling with the wrong user (wizard suggest Ubuntu user). Optionally you can add some AWS tags. Name your template and hit create.

rancher13

Finally, select the number of nodes instances and their roles. I’m going to create two nodes, with the following roles:

rancher14

The provisioning process will start now. It takes a couple of minutes, depending on your selected options. You can monitor the status from the global dashboard

rancher15

You will get a small output of what is happening on the configured Kubernetes node. If you need more information, for the debug purpose, login to your Rancher instance and check the logs of your rancher container

# list the running docker images to get the running one
# e.g: docker container ls
# put your name into the below command
docker logs <name> -f

It helped me a lot when I was struggling with wrong IAM policy or ssh username!

Once completed, go to the newly created cluster and see how it works. Depends on selected AWS instances, available resources will be different. However, overall it should be similar to the one I get.

rancher16

rancher17

rancher18

I hope you managed to install new Kubernetes cluster as I do.

Please remember, that the way of creating the cluster here is just for the test purposes. In the real world, you should consider many more facts. For example, you should create two EC2 templates to make sure your instances are created in different Availability Zones for HA. Also, you should be very careful when selecting the cluster options, as some of them are irreversible. And many more. But I hope it at least gave you an overall idea of how the Rancher works.

In the next article, I’m going to set up some small Kubernetes application to show you how it works.

Thank you!