Rancher is a complete software stack to adopt containers in scale. It provides centralized management of multiple Kubernetes clusters, provides cluster lifecycle management, and supports multiple K8s-certified distributions (RKE, RKE2, K3s, EKS, AKS, GKE). It allows to architect of a multi-level RBAC, integration with popular IdPs, centralized app catalog, and partial support for aarch64 architecture.

K3s is the Certified Kubernetes distribution, optimized fro ARM architecture and build for IoT and Edge computing.

1.Installation preparation

Log via console. Using yum or any other tool, update/check if OS is up to date.

Next, permanently disable firewalld.

sudo yum -y update 
sudo systemctl stop firewalld
sudo systemctl disable firewalld

2.K3s  instalation

Install K3s Kubernetes distribution. A detailed list of all configuration options can be found here.

In the current scenario K3s, 1.21 is installed.

curl -sfL https://get.k3s.io | INSTALL_K3S_CHANNEL="v1.21" K3S_KUBECONFIG_MODE="644" sh -

3.Update kubeconfig

Copy k3s kubeconfig into default location (~/.kube/config) and update the server section by providing FQDN server name or IP address.

sudo cp /etc/rancher/k3s/k3s.yaml ~/.kube/config

4.Helm instalation

Use the following command to install Helm (The package manager for Kubernetes). Follow Helm Installation Documentation for more details and support for other OSes.

curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash

5.Rancher repo 

Add Rancher repo and create a dedicated namespace.

helm repo add rancher-stable https://releases.rancher.com/server-charts/stable
kubectl create namespace cattle-system

6.Cert-Manager Installation 

Add Cert-Manager repo and install it using Helm repo and create a dedicated namespace.

helm repo add jetstack https://charts.jetstack.io
helm repo update
helm install cert-manager jetstack/cert-manager \
   --namespace cert-manager \
   --create-namespace \ 
   --set startupapicheck.timeout=5m \
   --set installCRDs=true

7.Create SSL key/csr 

Using openssl command create ssl key and csr file.

mkdir ~/certs
cd ~/certs
openssl genrsa -out tls.key 4096
openssl req -new -key ./tls.key -out tls.csr

8.Create SSL crt 

Sign csr using CA. Save the certificate as tls.crt

9.Create tls secret 

Using the following command create a secret and store both the certificate and the key in it.

kubectl -n cattle-system create secret tls tls-rancher-ingress \
--cert=tls.crt \
--key=tls.key

10.Rancher installation #1

Install Rancher using helm command. Enter:

• FQDN
• number of replicas
• initial admin password

Set ingress.tls.source to secret to inform the installer to use the cert/key stored in a previously created secret.

helm install rancher rancher-stable/rancher \
  --namespace cattle-system \
  --set hostname=rancher.radkowski.cloud \
  --set replicas=3 \
  --set ingress.tls.source=secret \
  --set bootstrapPassword=somepasswordtobechanged

11.Rancher installation #2

Wait up to 5 minutes for all pods to be in RUNNING state.

12.Rancher installation #3

Verify if the installation has been finished successfully.

kubectl get pods --namespace=cattle-system

13.Log into Rancher WebUI #1

Using a browser, open Rancher WebUI and log in using a password defined in step #10.

14.Log into Rancher WebUI #2

Confirm server URL and accept EULA and T&C.

15.Confirm ssl configuration

Confirm if Rancher is using a valid certificate (created in steps #7-#9).