![rancher](resources/rancher.svg) ![cncp](resources/cncp-bw.svg) Workshop : Deployment strategies for Rancher 2
Alexandre Buisine [@alexbuisine](https://twitter.com/alexbuisine)
![enix](enix/enix.svg)
# Welcome ! * This workshop is a **short introduction** to Rancher 2 based on this [blogpost](https://enix.io/fr/blog/rancher-2-trois-methodes-d-installation/). * It is intended to facilitate Rancher 2 understanding by **installing** it in various ways. * You can find the slides here : https://workshop-rancher-installation.slides.enix.io/ and through this QR code : ![slides](resources/slides-qr.svg)
# Today's mission * Install Rancher `2.4.5` through **3 different approaches** **Option A : Full automation enabled**, for `Rancher 1.6` fans and beginners. **Option B : Keep Kubernetes full control**, for Kubernetes efficient people **Option C : Rancher in Kubernetes through Helm**, because why not * Discover Rancher's **building blocks** _And avoid crashing my first OBS on Mac OS X to Zoom setup_
# Modus operandi For each strategy, * we will spend 10mn on **manipulations**, all we need are * a terminal * a browser * assess **pro**'s and **con**'s * then 5mn of **Questions and Answers** At the end, we will have a little recap.
# Option A : prerequisites ![option-a](resources/option-a.svg) We need : * one machine (virtual or physical) which will host Rancher * two machines that will be used as Kubernetes nodes * all machines shoud run a recent version of Docker
# Option A (1) : Launch Rancher Let's go on our first node and launch Rancher ! * Easy version : ```bash docker run -d --restart=unless-stopped \ -p 80:80 -p 443:443 rancher/rancher:latest ``` * Less easy version : ```bash docker run -d --restart=unless-stopped \ -p 80:80 -p 443:443 --name=rancher-2.4.4 \ -v /opt/rancher:/var/lib/rancher \ rancher/rancher:v2.4.4 \ --acme-domain rancher-a.185.145.251.32.nip.io ``` I use [nip.io](http://nip.io/) which resolves `*.1.2.3.4.nip.io` to `1.2.3.4` ![terminal](resources/browser.svg)
# Option A (2) : Create a cluster Let's now launch a new cluster * You will need to connect to : `rancher-a.
.nip.io` * Add a master node ```bash docker run -d --privileged \ --restart=unless-stopped \ --net=host \ -v /etc/kubernetes:/etc/kubernetes \ -v /var/run:/var/run \ rancher/rancher-agent:v2.4.4 \ --server https://rancher-a.185.145.251.32.nip.io \ --token TOKEN \ --etcd --controlplane ``` * Then a worker node
# Option A : Review ## pros * Most **simple** approach * Very **low maintenance** cost * As similar as it can be to **Rancher `1.6`** ## cons * Existing infrastructure **integration can be complex** * **Limited** access to Kubernetes **advanced features** (ex: alpha) * Does not rely on `kubeadm`
# Option B : prerequisites ![option-a](resources/option-b.svg) We need : * an already installed Kubernetes cluster * one additionnal machine to run Rancher 2
# Option B (1) : Launch Rancher Idem [option A](#/6) ![terminal](resources/terminal.svg)
# Option B (2) : Import a cluster * You will need to connect to : `rancher-a.
.nip.io` * And import your cluster ![cluster import](resources/cluster-import.png) ```bash kubectl apply -f \ https://rancher-a.185.145.251.32.nip.io/v3/import/TOKEN.yaml ``` note that `TOKEN` is in fact a pretty long string generated by Rancher ![terminal](resources/terminal.svg)
# Option B (+) : Observe Let's first check the Kubernetes namespaces : ```bash kubectl get namespaces ``` ![terminal](resources/terminal.svg) And then dig in : ```bash kubectl get all --namespace cattle-system ``` ![terminal](resources/terminal.svg)
# Option B : Review ## pros * Probably the **quickiest** approach * You keep a **total control** over your Kubernetes cluster * With the addition of most of Rancher 2 **functionnalities** ## cons * Full Kubernetes **maintenance cost** * Some Rancher feature (ex: Ingress) might be a bit **harder** to install
# Option C : prerequisites ![option-a](resources/option-c.svg) We need : * an already installed Kubernetes cluster * one node with a public address * Helm 3
# Option C (1) : Install an ingress Let's create a namespace : ```bash kubectl create namespace ingress-system ``` and then install an ingress through Helm ```bash helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx helm install blog-enix-rancher ingress-nginx/ingress-nginx \ --namespace ingress-system \ --set controller.hostPort.enabled=true \ --set controller.kind=DaemonSet ``` I should be able to connect to [`https://rancher-c.185.145.251.67.nip.io/`](https://rancher-c.185.145.251.67.nip.io/) ![terminal](resources/browser.svg)
# Option C (2) : Install cert-manager Again, let's create a namespace : ```bash kubectl create namespace cert-manager ``` and then install `cert-manager` through Helm : ```bash helm repo add jetstack https://charts.jetstack.io helm install cert-manager jetstack/cert-manager \ --namespace cert-manager \ --version v0.15.1 \ --set installCRDs=true ``` A this stage, we just added **automatic certificate management** to our `ingress controller` ![terminal](resources/terminal.svg)
# Option C (3) : Install Rancher No surprise ! let's create a new namespace : ```bash kubectl create namespace cattle-system ``` and then install `Rancher` through Helm : ```bash helm repo add rancher-stable https://releases.rancher.com/server-charts/stable helm install rancher rancher-stable/rancher \ --namespace cattle-system \ --set hostname=rancher-c.185.145.251.67.nip.io \ --set ingress.tls.source=letsEncrypt \ --set letsEncrypt.email=alexandre.buisine@enix.fr ``` Rancher should become up at some point. ![terminal](resources/browser.svg)
# Option C (+) : Observe Let's investigate a bit : ```bash kubectl get namespace ``` Do you see the correspondance between namespaces and Rancher objects ? and then `CustomResourcesDefinitions` : ```bash kubectl get crd ``` ![terminal](resources/terminal.svg)
# Option C : Review ## pros * **Everything** runs **inside** Kubernetes * No `Persistent Volume` needed * Rancher is installed as any other **`Helm chart`** * Did I say **stateless** ? ## cons * Kubernetes is **stuffed** with various resources * Rancher _database_ is now an **extra load** on the Kubernetes **API** * Uninstalling is quite **tricky**
Quick review
Whatever the approach, you will be in good hands with Rancher 2 !
Strategy
PROs
CONs
Option A
As simple as possible
Less control
Option B
Full control
High maintenance
Option C
State & Machine less
Overwhelming
# See you ! A similar content than this workshop is available as a French [blogpost](https://enix.io/fr/blog/rancher-2-trois-methodes-d-installation/) here : ![slides](resources/blogpost-qr.svg)
![rancher](resources/rancher.svg) ![cncp](resources/cncp-bw.svg) ![enix](enix/enix.svg)