Rancher manages lean Kubernetes workloads

Construction Guide

Rolling Out K3s

The K3s authors make it very easy for you to install their software on your system. To do so, simply run a command in the form

$ curl -sfL https://get.k3s.io | sh -s - server --datastore-endpoint="mysql://<User>:<Password>@tcp(<Host>:3306)/<Database>"

on each machine intended as a Rancher server, replacing <User>, <Password>, <Host>, and <Database> with your MySQL database credentials. Assuming the username rancher , password secret, and database name rancher, the command would be:

$ curl -sfL https://get.k3s.io | sh -s - server --datastore-endpoint="mysql://rancher:secret@tcp(10.42.0.1:3306)/rancher"

Of course, the command specified here will only work if the system has direct access to the Internet. This is not absolutely essential for Rancher because the software can also use a proxy server or run without a network connection in air gap mode. However, describing these installation variants is beyond the scope of this article, so check out the Rancher documentation [3] if you need these options.

Checking K3s

On all future Rancher servers, after successfully completing the installation, the

sudo k3s kubectl get nodes

command should return a list of all Rancher servers in the setup. If the list shows both machines (in this example), the K3s setup worked.

Of course, the K3s tool is K3s-specific. It would be useful to be able to access the K3s cluster with the standard kubectl tool, too. So that you can do so, K3s created an /etc/rancher/k3s/k3s.yaml file during the installation, which every user with execute rights will want to copy to ~/.kube/config. Before that, you have to adapt the file because the host to be managed defaults to localhost. Find the server entry in the YAML file and replace this value with the DNS name pointing to the load balancer mentioned earlier. After doing so, the

kubectl get pods --all-namespaces

command should work. If so, K3s is now ready for the Rancher installation.

Installing the Certificate Manager

Because I want Rancher to pick up its SSL certificates automatically by Let's Encrypt, I now need to install cert-manager. Several commands let you do this. The command in the first line of Listing 1 installs the custom resource definitions (CRDs) required for cert-manager in the local K3s instance, and the command in the second line adds the Helm directory for cert-manager to the K3s instance.

Listing 1

Installing cert-manager

# kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.5.1/cert-manager.crds.yaml
# helm repo add jetstack https://charts.jetstack.io
# helm repo update
# helm install cert-manager jetstack/cert-manager --namespace cert-manager --create-namespace --version v1.5.1
# kubectl get pods --namespace cert-manager

The command in line 3 updates the local metadata of all configured Helm directories before the command in line 4 drops cert-manager into the local K3s installation. If everything works, the call in the last line displays the running containers for cert-manager.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus