Kubernetes
Kubernetes cluster on Pritunl Cloud with Rancher
This tutorial will explain configuring Kubernetes on Pritunl Cloud using Rancher. This tutorial will only create one Rancher instance but multiple instances can be created for a high availability production clusters. The tutorial will refer to the public IP address of instance, this IP address will most likely be a local DHCP address assigned by the router on the local network.
Firewall
Below is a list of firewall rules required for Kubernetes on Rancher. This firewall can be applied to all the Kubernetes nodes. The <local_network>
refers to the network that the instance public IP address is on. The <vpc_network>
refers to the VPC network. The port range 30000-32767
is used for the Kubernetes service node ports.
TCP:22
<local_network>
<vpc_network>
TCP:80
<local_network>
<vpc_network>
TCP:443
<local_network>
<vpc_network>
TCP:179
<vpc_network>
TCP:2376
<vpc_network>
TCP:2379
<vpc_network>
TCP:2380
<vpc_network>
UDP:4789
<vpc_network>
TCP:6443
<vpc_network>
UDP:8472
<vpc_network>
TCP:8443
<vpc_network>
TCP:9099
<vpc_network>
TCP:10250
<vpc_network>
TCP:10254
<vpc_network>
TCP:30000-32767
<local_network>
<vpc_network>
UDP:30000-32767
<local_network>
<vpc_network>
Create this firewall and add the tag kubernetes
.
Create Instances
First create the Rancher instance, this instance will be used to launch and manage the Kubernetes cluster. This server will need about 2 GB of RAM. Add the kubernetes
role to associate the firewall rules above. Name the instance kube-rancher0
.
Next create the instances for the Kubernetes cluster. This cluster will use 6 servers with 4 GB RAM and 2 CPUs. The instances should have at least 30 GB of disk space. Add the kubernetes
role to associate the firewall rules above. Set the count to 6 and use the name kube-node%d
to append the instance number when creating multiple instances.
Install Docker
Connect to all the instances including the rancher instance and run the commands below to install Docker.
sudo sed -i 's/^SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config || true
sudo sed -i 's/^SELINUX=.*/SELINUX=disabled/g' /etc/sysconfig/selinux || true
sudo setenforce 0
sudo yum install -y yum-utils device-mapper-persistent-data lvm2
sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
sudo yum install -y docker-ce
sudo systemctl enable docker
sudo systemctl start docker
Install Rancher
On the kube-rancher0
instance run the command below to install and start Rancher.
sudo docker run -d --restart=unless-stopped -p 80:80 -p 443:443 rancher/rancher:latest
Wait a few seconds for the Docker image to download and the Rancher server to start.
Configure Rancher
Open https://<rancher_public_ip>
in a web browser using the public IP of the kube-rancher0
instance. Then set the password for the admin account.
A DNS entry can be created for the kube-rancher0
instance and configured here otherwise use the public IP of the instance.
Once done click Add Cluster and select Custom. Set the Cluster Name to kube
. In the Cluster Options and Network Provider can be used, this example will use Calico. Then click Next.
The node roles will depend on the size of the cluster, the etcd nodes should use an odd number to maintain quorum. For smaller clusters all the nodes can run all three roles. This 6 instance cluster will use 3 control plane+etcd nodes and 3 worker nodes.
To provision a node select the node roles then set the Public Address to the instance Public IPv4 and the Internal Address to the instance Private IPv4. Then set the Node Name, these options will be placed into the generated command shown below. Once all the options are set copy the command shown and run it on the instance. Then change the options for the next node and run the command. Don't click Done until all nodes are provisioned.
The cluster will take 10-15 minutes to deploy and some errors may be shown in the web console as the cluster is being deployed.
Configure Kubectl
Once the cluster is in the Active state then open the Cluster tab.
Click Kubeconfig File to get the Kubectl configuration file. A command line can also be opened in the browser with Launch kubectl.
Create Test Service
Use the commands below to create a configuration for an Nginx server with a node port service on port 30080
.
tee nginx.yaml << EOF
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx
spec:
selector:
matchLabels:
app: nginx
replicas: 3
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:stable
ports:
- containerPort: 80
EOF
tee nginx-svc.yaml << EOF
apiVersion: v1
kind: Service
metadata:
name: nginx
labels:
run: nginx
spec:
selector:
app: nginx
type: NodePort
ports:
- name: nginx
port: 80
targetPort: 80
nodePort: 30080
protocol: TCP
EOF
Then run the commands below to deploy the service.
kubectl create -f nginx.yaml
kubectl create -f nginx-svc.yaml
Once done kubectl get all
should show the service running.
The service should then be accessible on the port 30080
.
Updated over 5 years ago