Blog

Rancher - The Kaas Platform

The Kubernetes Management Platform

by Nikhil Pandit • 23rd May 2022

tl;dr

  • How to install Rancher on EKS cluster and import k8s clusters from the different cloud platform.
  • Automate processes and apply consistent set of user access and security policies for all your clusters.
  • Provide a rich catalog of services for building, deploying, and scaling containerized applications, including app packaging, CI/CD, logging, monitoring, and service mesh.

Introduction

Rancher - The Kaas Platform

Rancher is a container management platform that helps organizations deploy containers in production environments. Rancher has been quintessential in empowering DevOps teams by enabling them to run Kubernetes everywhere and meet IT requirements. This blog will explain how to set up a rancher, onboard the multi-cloud provider k8s cluster to manage them centrally, continuous deployment pipeline setup, and a demo.

Architecture

The high-level architecture of Rancher

The diagram shows a Rancher Server installation that manages two downstream Kubernetes clusters: one created by RKE and another made by Amazon EKS (Elastic Kubernetes Service). The main Rancher server is the main controller where you manage all downstream k8 clusters via UI/CLI/API. A Rancher agent is deployed to talk to the rancher server in each downstream cluster.

Architecture

Installation

Installation on Kubernetes cluster (on EKS)

Add the Helm Chart Repository

helm repo add rancher-stable https://releases.rancher.com/server-charts/stable

Connect to Kubernetes cluster and create a namespace for the Rancher

kubectl create namespace cattle-system

SSL Configurations [Using Rancher Generated Certificates (Default)]. For other SSL configurations options visit this link.

# Install the CustomResourceDefinition resources separately
kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v1.0.4/cert-manager.crds.yaml
kubectl create namespace cert-manager
helm repo add jetstack https://charts.jetstack.io
helm repo update
# Install the cert-manager Helm chart
helm install cert-manager jetstack/cert-manager \
  --namespace cert-manager \
  --version v1.0.4

Setup Ingress controller to access the Rancher. You can find more options to setup the ingress Nginx controller here.

kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.47.0/deploy/static/provider/aws/deploy.yaml

Install Rancher with Helm

helm install rancher rancher-stable/rancher \
  --namespace cattle-system \
  --set hostname=<hostname> \  # ex.- rancher-server.example.com
  --set replicas=3
# Verify that the rancher server is successfully deployed 
kubectl get pods -n cattle-system  
kubectl -n cattle-system get deploy rancher
NAME      READY   UP-TO-DATE   AVAILABLE   AGE
rancher   3/3     3            3           47h

Update the route 53 DNS zones and map load balancer with the rancher hostname i.e rancher-server.example.com. Once done you can see the cluster is onboard in the Rancher.

Rancher

Kubernetes Cluster

Import the existing Kubernetes clusters

Go to Rancher main page to add cluster and select cluster type

Rancher

Provide any logical name for cluster to create and import cluster

Rancher

Log in to the existing cluster that you want to import to the rancher. And apply the kubectl command that you copied from the "Add Cluster" step.

curl --insecure -sfL https://rancher-server.devops.godmode.in/v3/import/46bvqblb6p68szrk76vks5w2tbgdr5wrz25j8v4bnqgrsmxwl254h7_c-tthw7.yaml | kubectl apply -f -    

Once done you can see the cluster is on-bored in the rancher

Dashboards

Imported Cluster main dashboard

Rancher

Workload View Rancher

Feature

Continuous Deployment

Continuous Deployment provides a feature to deploy your applications on the Kubernetes cluster. This feature allows you to configure the repository path where your manifest resides, watch the changes, and then automatically trigger the pipeline to deploy the application.

Select target cluster and goto cluster explorer

Rancher

Select Continuous Delivery from the drop-down

Rancher

Create a new pipeline and fill out all details

Name : Name of pipeline
Repository : configured the appropriate repo
Paths: The root of the repo is used by default. To use one or more different directories, add them here.
Deploy To: You can select all cluster, group of cluster and individual clusters as target

Rancher

Git hub repo contains sample YAML.

Rancher

# r-app.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  creationTimestamp: null
  labels:
    app: rancher-prod-app
  name: rancher-prod-app
  namespace: demo
spec:
  replicas: 3
  selector:
    matchLabels:
      app: rancher-prod-app
  template:
    metadata:
      creationTimestamp: null
      labels:
        app: rancher-prod-app
    spec:
      containers:
      - image: gcr.io/cloudcover-sandbox/demoapp:v2
        name: demoapp
        resources: {}

# r-svc.yaml
apiVersion: v1
kind: Service
metadata:
  labels:
    app: rancher-prod-app
  name: rancher-prod-app
  namespace: demo
spec:
  ports:
  - port: 80
    protocol: TCP
    targetPort: 80
  selector:
    app: rancher-prod-app
  type: LoadBalancer

Whenever you change the yaml's, this will trigger the pipeline and the application will get deployed on target clusters. For example; Currently our application is running on version v2 on the target cluster

Rancher

Rancher

Rancher

Let's do some changes in the manifest. We are updating the image tag from v2 to v8. You can see the changes in the pipeline itself and in the workload section, our application is updating already.

Rancher

Rancher

Ci/Cd Pipeline

CICD Pipeline for multi-cloud providers

We are going to update the existing application to the newer version on a single Kubernetes cluster via pipeline features. Once the application is deployed on a single cluster, we will be deploying the same application on other clusters via Continues Delivery using the catalog template.

Rancher

PFB the details of the stages mentioned above:

Step 1

Clone: Get the copy of the git repo

Step 2

Build and Publish: Build the docker image and publish it to the google docker registry(GCR)

Step 3

Deploy: Rollout the changes on a single Kubernetes cluster

Step 4

PublishCatalogConfig: Publish the template onto the target git repo, this will trigger the continuous delivery pipeline and update/create the resources on target clusters.

Add external registry to project to upload the docker images

Global → Cluster → Resources → Secrets → Registry Credential → Add Registry

Rancher

Configure CatalogTemplateConfig

Refer to the git-repository to get the stage information.

- name: PublishCatlog
  steps:
  - publishCatalogConfig:
      path: deploy
      catalogTemplate: nginx-web
      version: latest
      gitUrl: git@github.com:nikhil-cldcvr/spinnkaer-canarry-web-app.git
      gitBranch: rancher
      gitAuthor: nikhil
      gitEmail: nikhil.pandit@cldcvr.com
    envFrom:
    - sourceName: git-key
      sourceKey: DEPLOY_KEY
      targetKey: DEPLOY_KEY
    when:
      event:
        include:
        - tag

Create a secret using private ssh-key

cp ~/.ssh/id_rsa /tmp/DEPLOY_KEY
kubectl create secret generic git-key --from-file=/tmp/DEPLOY_KEY -n p-tmmcv-pipeline

Continuous Delivery

Create cluster group using labels and selector

Rancher

Create a git repo to watch the changes from the branch.

Rancher

Workflow

The current version of the application is v2

Rancher

Let's update the code to v3 and deploy it on the target cluster.

Rancher

Once the changes are deployed on one cluster, the PublishCatalogConfig job will update the gitRepo which is configured in the continuous delivery pipeline, then rollout action is triggered to update the existing applications to a newer version.

Rancher

Check the status of the application on target clusters.

Rancher

Summary

Installation of the Rancher server on the EKS cluster via Helm

Summary

  • Rancher Dashboard

    Rancher provides a dashboard to visualize, configure and manage your multiple Kubernetes clusters in a seamless manner.

  • Deploy an Application

    We imported our already created existing k8s cluster and learned how to deploy an application in a cluster using the continuous deployment feature.

  • CI/CD Pipeline

    Finally, we made a fully automated CICD pipeline to build and publish the docker image to the GCR repo and deploy the application inside our cluster.