Rancher Setup (Single node cluster)

Last Updated: July 18, 2020

Installation

Rancher k3s single node cluster setup. This is the recommended setup if you want to expand in the future.

I created an Ubuntu 18.04 VM with 2 vCPU, 8GB of RAM, and 40GB thin provisioned disk.

Installing local database

sudo apt update
sudo apt install mariadb-server
sudo mysql_secure_installation
# Set the root password and disallow remote root login

3MVueKDgKg

mysql -u root -p

CREATE DATABASE rancher;
CREATE USER 'rancher'@'localhost' IDENTIFIED BY '<password>';
GRANT ALL PRIVILEGES ON *.* to 'rancher'@'localhost' identified by '3MVueKDgKg';
FLUSH PRIVILEGES;

Install K3s

K3s is the Kubernetes cluster that rancher will be installed on.

curl -sfL https://get.k3s.io | sh -s - server --datastore-endpoint="mysql://rancher:<password>@tcp(localhost:3306)/rancher"

Install helm

curl https://helm.baltorepo.com/organization/signing.asc | sudo apt-key add -
sudo apt-get install apt-transport-https --yes
echo "deb https://baltocdn.com/helm/stable/debian/ all main" | sudo tee /etc/apt/sources.list.d/helm-stable-debian.list
sudo apt-get update
sudo apt-get install helm

Install Rancher

Generate namespace and cert secrets

helm repo add rancher-latest https://releases.rancher.com/server-charts/latest
kubectl create namespace cattle-system

Generate SSL cert and secrets

I am using a internal Windows CA.

openssl ecparam -out fir.key -name prime256v1 -genkey
openssl req -new -key fir.key -nodes -out fir.csr -subj "/C=US/ST=WA/O=TechStorm PC/OU=IT/CN=fir.techstormpc.net"

Sign the signing request and put the certificate in fir.crt. Download the CA certificate and save as cacert.pem.

kubectl -n cattle-system create secret tls tls-rancher-ingress --cert=fir.crt --key=fir.key
kubectl -n cattle-system create secret generic tls-ca --from-file=cacerts.pem=./cacerts.pem

Deploy rancher

sudo cp /etc/rancher/k3s/k3s.yaml ~/.kube/config
helm install rancher rancher-latest/rancher \
    --namespace cattle-system \
    --set hostname=fir.techstormpc.net \
    --set ingress.tls.source=secret \
    --set privateCA=true

View status of deployment

kubectl -n cattle-system rollout status deploy/rancher

Troubleshooting

Getting kubernetes logs:

kubectl get events --all-namespaces --sort-by='.metadata.creationTimestamp'

Getting rancher pod logs (get the pod name first):

nathan@fir:~$ kubectl -n cattle-system get pods
NAME                       READY   STATUS             RESTARTS   AGE
rancher-64b9795c65-gsl26   0/1     CrashLoopBackOff   6          11m
rancher-64b9795c65-b55cz   0/1     CrashLoopBackOff   6          11m
rancher-64b9795c65-zfv8j   0/1     CrashLoopBackOff   6          11m

nathan@fir:~$ kubectl -n cattle-system logs -f rancher-64b9795c65-gsl26

Setting up worker nodes

Install docker

Lastest guide

Rancher UI -> Clusters -> Add cluster -> From existing nodes
Copy and paste docker run command

Docker registry. Need to add this to ingress annotation:

nginx.ingress.kubernetes.io/proxy-body-size: "0"

Installation

Installing local database​

Install K3s​

Install helm​

Install Rancher​

Generate namespace and cert secrets​

Generate SSL cert and secrets​

Deploy rancher​

View status of deployment​

Troubleshooting​

Setting up worker nodes​

Install docker​