The is the next post in this little Rancher series. After we installed a single node RKE cluster and extended this configurtation to three nodes we will finally install Rancher in this post.
As Rancher is installed with Helm we need to install that first:
[email protected]:~$ wget https://get.helm.sh/helm-v3.5.2-linux-amd64.tar.gz [email protected]:~$ tar axf helm-v3.5.2-linux-amd64.tar.gz [email protected]:~$ sudo mv linux-amd64/helm /usr/local/bin/ [email protected]:~$ sudo chown rancher:rancher /usr/local/bin/helm [email protected]:~$ sudo chmod 770 /usr/local/bin/helm [email protected]:~$ helm version WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: kube_config_cluster.yml version.BuildInfo{Version:"v3.5.2", GitCommit:"167aac70832d3a384f65f9745335e9fb40169dc2", GitTreeState:"dirty", GoVersion:"go1.15.7"} [email protected]:~$ chmod 700 kube_config_cluster.yml [email protected]:~$ helm version version.BuildInfo{Version:"v3.5.2", GitCommit:"167aac70832d3a384f65f9745335e9fb40169dc2", GitTreeState:"dirty", GoVersion:"go1.15.7"}
The namespace for Ranger is “cattle-system” so we need to create it:
[email protected]:~$ kubectl create namespace cattle-system namespace/cattle-system created [email protected]:~$ kubectl get namespace NAME STATUS AGE cattle-system Active 23s default Active 5m25s ingress-nginx Active 4m38s kube-node-lease Active 5m27s kube-public Active 5m27s kube-system Active 5m27s
When it comes to certificates with Ranger you have three options:
- Rancher Generated Certificates (Default)
- Let’s Encrypt
- Certificates from Files
As this envronment is just for demo purposes we’ll be using the default, which is a self signed certificate. For this to work we need to install cert-manager:
[email protected]:~$ kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v1.0.4/cert-manager.crds.yaml customresourcedefinition.apiextensions.k8s.io/certificaterequests.cert-manager.io created customresourcedefinition.apiextensions.k8s.io/certificates.cert-manager.io created customresourcedefinition.apiextensions.k8s.io/challenges.acme.cert-manager.io created customresourcedefinition.apiextensions.k8s.io/clusterissuers.cert-manager.io created customresourcedefinition.apiextensions.k8s.io/issuers.cert-manager.io created customresourcedefinition.apiextensions.k8s.io/orders.acme.cert-manager.io created [email protected]:~$ kubectl create namespace cert-manager namespace/cert-manager created [email protected]:~$ helm repo add jetstack https://charts.jetstack.io WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /home/rancher/kube_config_cluster.yml "jetstack" has been added to your repositories [email protected]:~$ helm repo update WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /home/rancher/kube_config_cluster.yml Hang tight while we grab the latest from your chart repositories... ...Successfully got an update from the "jetstack" chart repository ...Successfully got an update from the "rancher-stable" chart repository Update Complete. ⎈Happy Helming!⎈ [email protected]:~$ helm install cert-manager jetstack/cert-manager --namespace cert-manager --version v1.0.4 WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /home/rancher/kube_config_cluster.yml NAME: cert-manager LAST DEPLOYED: Tue Mar 9 10:05:10 2021 NAMESPACE: cert-manager STATUS: deployed REVISION: 1 TEST SUITE: None NOTES: cert-manager has been deployed successfully! In order to begin issuing certificates, you will need to set up a ClusterIssuer or Issuer resource (for example, by creating a 'letsencrypt-staging' issuer). More information on the different types of issuers and how to configure them can be found in our documentation: https://cert-manager.io/docs/configuration/ For information on how to configure cert-manager to automatically provision Certificates for Ingress resources, take a look at the `ingress-shim` documentation: https://cert-manager.io/docs/usage/ingress/
This deployment can take some, so please monitor the pods until they are ready:
[email protected]:~$ kubectl get pods --namespace cert-manager NAME READY STATUS RESTARTS AGE cert-manager-75dbbd5d6-986cb 1/1 Running 0 49s cert-manager-cainjector-85c559fd6c-td5nh 1/1 Running 0 49s cert-manager-webhook-6c77dfbdb8-wqg9c 1/1 Running 0 49s
For installing Rancher with Helm we need the Rancher repository:
[email protected]:~$ helm repo add rancher-stable https://releases.rancher.com/server-charts/stable "rancher-stable" has been added to your repositories [email protected]:~$ helm repo update Hang tight while we grab the latest from your chart repositories... ...Successfully got an update from the "rancher-stable" chart repository Update Complete. ⎈Happy Helming!⎈
Finally, install Ranger:
[email protected]:~$ helm install rancher rancher-stable/rancher --version v2.5.6 --namespace cattle-system --set hostname=ranger.it.dbi-services.com NAME: rancher LAST DEPLOYED: Tue Mar 9 07:25:23 2021 NAMESPACE: cattle-system STATUS: deployed REVISION: 1 TEST SUITE: None NOTES: Rancher Server has been installed. NOTE: Rancher may take several minutes to fully initialize. Please standby while Certificates are being issued and Ingress comes up. Check out our docs at https://rancher.com/docs/rancher/v2.x/en/ Browse to https://ranger.it.dbi-services.com Happy Containering!
Wait for the deployment to complete:
[email protected]:~$ kubectl get deployments --namespace cattle-system NAME READY UP-TO-DATE AVAILABLE AGE rancher 3/3 3 3 117s
Get the Rancher endpoints:
[email protected]:~$ kubectl -n cattle-system get ep rancher -o wide NAME ENDPOINTS AGE rancher 10.42.0.11:80,10.42.1.9:80,10.42.2.8:80 + 3 more... 51m
Pointing your browser to one of the endpoints should bring you to the Rancher GUI:
Set your password and options: