Rancher manages lean Kubernetes workloads
Construction Guide
Rolling Out K3s
The K3s authors make it very easy for you to install their software on your system. To do so, simply run a command in the form
$ curl -sfL https://get.k3s.io | sh -s - server --datastore-endpoint="mysql://<User>:<Password>@tcp(<Host>:3306)/<Database>"
on each machine intended as a Rancher server, replacing <User>
, <Password>
, <Host>
, and <Database>
with your MySQL database credentials. Assuming the username rancher
, password secret
, and database name rancher
, the command would be:
$ curl -sfL https://get.k3s.io | sh -s - server --datastore-endpoint="mysql://rancher:secret@tcp(10.42.0.1:3306)/rancher"
Of course, the command specified here will only work if the system has direct access to the Internet. This is not absolutely essential for Rancher because the software can also use a proxy server or run without a network connection in air gap mode. However, describing these installation variants is beyond the scope of this article, so check out the Rancher documentation [3] if you need these options.
Checking K3s
On all future Rancher servers, after successfully completing the installation, the
sudo k3s kubectl get nodes
command should return a list of all Rancher servers in the setup. If the list shows both machines (in this example), the K3s setup worked.
Of course, the K3s tool is K3s-specific. It would be useful to be able to access the K3s cluster with the standard kubectl
tool, too. So that you can do so, K3s created an /etc/rancher/k3s/k3s.yaml
file during the installation, which every user with execute rights will want to copy to ~/.kube/config
. Before that, you have to adapt the file because the host to be managed defaults to localhost
. Find the server
entry in the YAML file and replace this value with the DNS name pointing to the load balancer mentioned earlier. After doing so, the
kubectl get pods --all-namespaces
command should work. If so, K3s is now ready for the Rancher installation.
Installing the Certificate Manager
Because I want Rancher to pick up its SSL certificates automatically by Let's Encrypt, I now need to install cert-manager
. Several commands let you do this. The command in the first line of Listing 1 installs the custom resource definitions (CRDs) required for cert-manager
in the local K3s instance, and the command in the second line adds the Helm directory for cert-manager
to the K3s instance.
Listing 1
Installing cert-manager
# kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.5.1/cert-manager.crds.yaml # helm repo add jetstack https://charts.jetstack.io # helm repo update # helm install cert-manager jetstack/cert-manager --namespace cert-manager --create-namespace --version v1.5.1 # kubectl get pods --namespace cert-manager
The command in line 3 updates the local metadata of all configured Helm directories before the command in line 4 drops cert-manager
into the local K3s installation. If everything works, the call in the last line displays the running containers for cert-manager
.
Buy this article as PDF
(incl. VAT)