Melvin Suter

Menu

Kubernetes Setup - Rancher

2023-10-5
linuxkubernetes

Rancher Setup

Allthough I'll be showing stable here, I used alpha as the current stable version is not compatible with kubernetes 1.27

Lets begin installing rancher on our k3s00 cluster:

# Add Repository
helm repo add rancher-stable https://releases.rancher.com/server-charts/stable

# Create Namespace
kubectl create namespace cattle-system
```yubikey-setup-ssh.md (liquid)
[1] [11ty] Writing ../dist/blog/index.html from ./blog/index.md (liquid)

For rancher we need cert-manager, but I wan't to use let's encrypt for almost everything. So we definitely need cert-manager:

```bash
# If you have installed the CRDs manually instead of with the `--set installCRDs=true` option added to your Helm install command, you should upgrade your CRD resources before upgrading the Helm chart:
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.0/cert-manager.crds.yaml

# Add the Jetstack Helm repository
helm repo add jetstack https://charts.jetstack.io

# Update your local Helm chart repository cache
helm repo update

# Install the cert-manager Helm chart
helm install cert-manager jetstack/cert-manager \
  --namespace cert-manager \
  --create-namespace \
  --version v1.13.0

And we can see the cert-manager working:

[root@k3s00-01 ~]# kubectl get pods --namespace cert-manager
NAME                                       READY   STATUS    RESTARTS   AGE
cert-manager-59b7f65948-mxt69              1/1     Running   0          39s
cert-manager-cainjector-7fd8f6bbbf-vmt4b   1/1     Running   0          39s
cert-manager-webhook-787cd749dc-msscl      1/1     Running   0          39s

We are going to take a little shortcut here.
Usually I would let let's encrypt sign the ingress certs. But because ranger will only be available from controlled jump-hosts, where I can easily add certs, we will use self-signed certificates. This has the advantage of beeing a lot simpler to setup, than Let's Encrypt DNS based issuers.

Let's install ranger:

# All Kubernetes apps will be available with the tld apps.suter.dev, except for some public facing stuff
helm install rancher rancher-stable/rancher \
  --namespace cattle-system \
  --set hostname=rancher.apps.suter.dev \
  --set bootstrapPassword=SuperAdmin1234

After the next chapter we can access it with the browser and change the admin password.