Book Image

Kubernetes - A Complete DevOps Cookbook

By : Murat Karslioglu
Book Image

Kubernetes - A Complete DevOps Cookbook

By: Murat Karslioglu

Overview of this book

Kubernetes is a popular open source orchestration platform for managing containers in a cluster environment. With this Kubernetes cookbook, you’ll learn how to implement Kubernetes using a recipe-based approach. The book will prepare you to create highly available Kubernetes clusters on multiple clouds such as Amazon Web Services (AWS), Google Cloud Platform (GCP), Azure, Alibaba, and on-premises data centers. Starting with recipes for installing and configuring Kubernetes instances, you’ll discover how to work with Kubernetes clients, services, and key metadata. You’ll then learn how to build continuous integration/continuous delivery (CI/CD) pipelines for your applications, and understand various methods to manage containers. As you advance, you’ll delve into Kubernetes' integration with Docker and Jenkins, and even perform a batch process and configure data volumes. You’ll get to grips with methods for scaling, security, monitoring, logging, and troubleshooting. Additionally, this book will take you through the latest updates in Kubernetes, including volume snapshots, creating high availability clusters with kops, running workload operators, new inclusions around kubectl and more. By the end of this book, you’ll have developed the skills required to implement Kubernetes in production and manage containers proficiently.
Table of Contents (12 chapters)

Configuring and managing Kubernetes clusters with Rancher

Rancher is a container management platform with the flexibility to create Kubernetes clusters with Rancher Kubernetes Engine (RKE) or cloud-based Kubernetes services, such as GKE, AKS, and EKS, which we discussed in the previous recipes.

In this section, we will cover recipes for configuring Rancher so that we can deploy and manage Kubernetes services.

Getting ready

Rancher can be installed on Ubuntu, RHEL/CentOS, RancherOS, or even on Windows Server. You can bring up Rancher Server in a high availability configuration or a single node. Refer to the See also... section for links to the alternative installation instructions. In this recipe, we will run Rancher on a single node.

How to do it…

This section will take you through how to configure and manage Kubernetes clusters with Rancher. To that end, this section is further divided into the following subsections to make this process easier:

  • Installing Rancher Server
  • Deploying a Kubernetes cluster
  • Importing an existing cluster
  • Enabling cluster and node providers

Installing Rancher Server

Follow these steps to install Rancher Server:

  1. Install a supported version of Docker. You can skip this step if you have Docker installed already:
$ sudo apt-get -y install apt-transport-https ca-certificates curl \
$ curl -fsSL | sudo apt-key add -
$ sudo add-apt-repository "deb [arch=amd64] $(lsb_release -cs) stable"
$ sudo apt-get -y install docker-ce && docker --version
  1. Add a user to a Docker group:
$ sudo usermod -a -G docker $USER
  1. To install Rancher Server, run the following command:
docker run -d --restart=unless-stopped \
-p 80:80 -p 443:443 rancher/rancher:latest
  1. Open a browser window and go to https://localhost. Replace localhost with your host's IP if necessary.
  2. Set a new password and click on Continue.
  3. Set the public IP address of Rancher server and click on Save URL. This IP needs to be externally accessible from your clusters.

Deploying a Kubernetes cluster

To deploy a new cluster, you need to follow these steps:

  1. Click on Add Cluster.
  2. Choose a provider. In our example, we will use GKE. Some settings for other providers might be slightly different:
  1. Enter a cluster name.

If you have your GCP service account JSON file that we saved previously, skip to step 10.

  1. From the GCP navigation menu, go to IAM and click on the Service accounts link.
  2. Click on Create Service Account.
  3. Enter a service account name and click Create.
  4. Add the required minimum permissions; that is, Compute Viewer, Viewer, Kubernetes Engine Admin, and Service Account User, and click Continue.
  5. Click on Create Key. Use JSON as the key type in order to save your service account.
  6. On the Rancher UI, click on Read from a file and load the service account JSON file you saved previously.
  7. Customize the Cluster Options as needed; otherwise, use the default settings and click on Create to deploy your Kubernetes cluster:

Your cluster will be listed and ready to be managed immediately on your Rancher dashboard.

Importing an existing cluster

To import an existing cluster, you need to follow these steps:

  1. Click on Add Cluster
  2. Click on Import:
  1. Enter a cluster name and click on Create.
  2. Follow the instructions shown and copy and run the kubectl command displayed on the screen to an existing Kubernetes cluster. This command will look similar to the following if you are running with an untrusted/self-signed SSL certificate:
  1. By clicking on Done, your cluster will be listed and ready to manage immediately on your Rancher dashboard:

The last step may take a minute to complete. Eventually, the state of your cluster will turn from Pending to Active when it is ready.

Enabling cluster and node providers

To be able to support multiple providers, Rancher uses cluster and node drivers. If you don't see your provider on the list, then it is most likely not enabled.

To enable additional providers, follow these steps:

  1. From Tools, click on Drivers.
  2. Find your provider on the list and click Activate:

From the same page, you can also deactivate the providers you don't intend to use.

How it works…

This recipe showed you how to quickly run Rancher Server to manage your Kubernetes clusters.

In step 1, we used a single node installation using a default self-signed certificate method. For security purposes, SSL is required to interact with the clusters. Therefore, a certificate is required.

If you prefer to use your own certificate signed by a recognized CA instead, you can use the following command and provide the path to your certificates to mount them in your container by replacing the FULLCHAIN.pem and PRIVATEKEY.pem files with your signed certificates:

$ docker run -d --restart=unless-stopped \
-p 80:80 -p 443:443 \
-v /<CERTDIRECTORY>/<FULLCHAIN.pem>:/etc/rancher/ssl/cert.pem \
-v /<CERTDIRECTORY>/<PRIVATEKEY.pem>:/etc/rancher/ssl/key.pem \
rancher/rancher:latest --no-cacerts

Using a recognized certificate will eliminate the security warning on the login page.

There's more…

It is also useful to have knowledge of the following information:

  • Bind mounting a host volume to keep data
  • Keeping user volumes persistent
  • Keeping data persistent on a host volume
  • Running Rancher on the same Kubernetes nodes

Bind mounting a host volume to keep data

When using the single node installation?, the persistent data is kept on the /var/lib/rancher path in the container.

To keep data on the host, you can bind mount a host volume to a location using the following command:

$ docker run -d --restart=unless-stopped \
-p 80:80 -p 443:443 \
-v /opt/rancher:/var/lib/rancher \
-v /var/log/rancher/auditlog:/var/log/auditlog \


Bind mounts have limited functionality compared to volumes. When Rancher is started using the bind mount, a directory on the host machine will be mounted to the specified directory in the container.

Keeping user volumes persistent

When using RancherOS, only specific directories keep the data defined by the user-volumes parameter persistent.

To add additional persistent user-volumes, for example, add the /var/openebs directory:

$ ros config set \[/home:/home,/opt:/opt,/var/lib/kubelet:/var/lib/kubelet,/etc/kubernetes:/etc/kubernetes,/var/openebs]
$ system-docker rm all-volumes
$ reboot

After rebooting, data in the specified directories will be persistent.

Running Rancher on the same Kubernetes nodes

To add the node where you run Rancher Server on a cluster, replace the default ports -p 80:80 -p 443:443 as follows and use the following command to start Rancher:

$ docker run -d --restart=unless-stopped \
-p 8080:80 -p 8443:443 rancher/rancher:latest

In this case, Rancher Server will be accessible through https://localhost:8443 instead of the standard 443 port.

See also