Provision an on-prems Kubernetes Cluster with Rancher, Terraform and Ansible

What is Rancher

What are we trying to achieve

Create SSH Keys

ssh-keygen

as simple as it gets, this will create a 2048-bit RSA key pair, which is secure enough for our experiment.

ssh-copy-id centos@192.168.1.30

replace the IPv4 address and the account as it fits your environment.

Install Docker

Docker is an open source containerization platform that revolutionized computing industry since 2013 and enabled developers and devops engineers to package, distribute and deploy applications as containers
cd /etc/yum.repos.d/sed -i 's/mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-*sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g' /etc/yum.repos.d/CentOS-*
yum update -y
yum install -y yum-utils
yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo
yum install docker-ce docker-ce-cli containerd.io docker-compose-plugin
systemctl enable --now docker
usermod -aG docker $USER

Install Terraform

Terraform is an Infrastructure as Code tool that helps you define cloud and/or on-prem resources in configuration files. It provides a consistent workflow to deploy and manage all of your infrastructure. It was introduced by HashiCorp in 2014
yum-config-manager --add-repo https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo
yum -y install terraform
terraform  version
Check Terraform installation.

Install Ansible

Ansible is an agentless open source software provisioning, configuration management, and application-deployment tool enabling Infrastructure as Code. Ansible was first released in 2014 from Michael DeHaan and now is part of IBM/Redhat
dnf install epel-release
dnf install ansible
ansible --version
Check Ansible installation.

Install Rancher

Rancher Labs released Rancher back in 2014. Since late 2020 they are a part of SUSE.
docker run -d --restart=unless-stopped -p 80:80 -p 443:443 --privileged --name=rancher-v2.6.3 rancher/rancher:v2.6.3

The latest image of Rancher seems to have an issue that I couldn't overcome as a lot of people as well (you can check github issues of the project as well) that are complaining that the server eventually is not starting. I experienced, with no resolution, this persistent problem while trying the image out in various machines, so I chose eventually the image tagged with version 2.6.3 that I already knew it was working without a problem from previous installations. Arrange exposed ports mapping as you wish and as it better fits your environment.

Rancher’s Cluster Management Explorer

If you are a fan of the old design, like me, you can still access it from protocol://ip:port/g/clusters . No guarantees though for how long this is going to be available and when it will be eventually removed completely.

Rancher’s old Cluster Management Dashboard
Click Account & API Keys to proceed creating the required token.
Click Create API Key
Create the API Key.
Note down the AK & SK values.

Dissecting the configuration files

git clone https://github.com/akyriako/terraform-rancher-cluster.git
export OS_RANCHER_URL="protocol://ip:port/v3"
export OS_RANCHER_ACCESSKEY="..."
export OS_RANCHER_SECRETKEY="..."
export TF_VAR_RANCHER_URL=$OS_RANCHER_URL
export TF_VAR_RANCHER_ACCESSKEY=$OS_RANCHER_ACCESSKEY
export TF_VAR_RANCHER_SECRETKEY=$OS_RANCHER_SECRETKEY

You can find this URI in the Cluster Explorer area, where you create new Access and Secret Key and copy it safely from there. The rest variables are sort of self-explained.

If you want more information about the rancher2 Terraform provider, visit the terraform registry page of the provider, as the purpose of this article is not to present the specific provider.

cluster_node_command value will contain the Registration Command that you can find alternatively in the Cluster Explorer

Can this playbook be improved? Definitely! Another play could be added, that would prepare the nodes and install Docker engine to each one of them so we eliminate even more the manual preparation steps needed. Additionally we could use the flag “become: yes” in order to instruct Ansible to execute the tasks with elevated privileges instead of running the register command with sudo — Ansible nugs a lot for this one . But I leave those to you…

Let’s take it for a spin

source .terraformrc
terraform init
That looks like a successful initialization
terraform plan
That looks like a nice execution plan, all went well so far.
terraform apply -auto-approve
Check the provisioning logs of your nodes.
Inspecting the cluster nodes.
terraform destroy -auto-approve
ssh centos@192.168.1.30 'sudo /tmp/reset_cluster.sh'

Summary

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store