avatarComp Sci User

Summary

This article provides a comprehensive guide on setting up Rancher on Hetzner dedicated servers, detailing the installation process for the operating system, Rancher Kubernetes Engine (RKE), and the necessary configurations for a functional Kubernetes cluster.

Abstract

The article is the first part of a three-part series aimed at guiding readers through the process of establishing a Rancher-enabled Kubernetes cluster on Hetzner dedicated servers. It begins with an explanation of the differences between Rancher and OpenShift, justifying the author's choice of Rancher for its ease of setup and compatibility with Debian-based distributions. The guide caters to readers with varying levels of server knowledge, covering initial server setup, security measures, virtual private network configuration, Docker installation, and the preparation for RKE installation. The author emphasizes the importance of creating a virtual private network for server communication, configuring firewalls, and setting up SSH keys for secure access. The article concludes with instructions on installing kubectl and the RKE command-line tool, preparing the RKE installation, and testing the Kubernetes cluster to ensure its functionality.

Opinions

  • The author suggests that Rancher is a more user-friendly option compared to OpenShift for managing Kubernetes clusters, especially for those who prefer Debian-based Linux distributions.
  • The guide is written with novices in mind, including rudimentary steps and encouraging readers to conduct their own research alongside the instructions provided.
  • The author values security, recommending the creation of a new user with sudo permissions, changing the root password, and setting up a basic firewall with UFW.
  • The author expresses a personal preference for using a Debian-based distribution (Ubuntu) as the operating system for following the instructions, indicating familiarity and comfort with this environment.
  • The author invites feedback and suggestions for improvement, indicating an openness to collaboration and a commitment to refining the guide based on community input.

Installing Rancher on Hetzner Dedicated Servers Part 1: OS and Ranchers Kubernetes Engine (RKE) Setup

Photo by Christina @ wocintechchat.com on Unsplash

This article is part 1 of a 3 part series that goes through the steps I took in setting up a Rancher-enabled Kubernetes cluster on Hetzner dedicated servers.

Two popular Kubernetes management platforms today are Rancher and OpenShift. When comparing the two platforms, people should be aware that OpenShift is an actual Kubernetes distribution, while Rancher is more of a tool for managing Kubernetes clusters. To further these differences, OpenShift requires a Red Hat Linux Distribution, while Rancher is much less picky. These differences ultimately mean that the installation of OpenShift is much more involved. In my evaluation, I ended up going with Rancher because of the easier setup time and the fact that, ultimately, as a hobby, I am much more comfortable running things on a Debian-based distro.

This guide tries to keep assumptions about server knowledge low and may include some rudimentary steps. I am by no means an expert, so do your own research while following this!

While creating my cluster, I noticed there was a lack of such instructions. I hope this guide will be helpful for novice and expert (but not at Rancher) alike. If you see anything you think I missed or would like me to add additional information, let me know in the comments.

Initial Setup

To set up the cluster, I went with three servers from Hetzner to act as the cluster and an additional smaller server as a load balancer (4 servers in all). I also assume you are running a home computer with Ubuntu installed to follow the instructions (you can install it from any other OS, but I leave those instructions to you).

After ordering the servers from Hetzner, you are provided with the IP addresses and root passwords for each. The servers start in Rescue mode, so I ssh’d into them and installed Ubuntu 20.04 on each. Doing so is simple: when you get to the Rescue mode prompt, type installimage and follow the prompts. Choosing the default partition layout is fine, so when you get to the configuration screen, you can save and continue with the installation (if you have trouble using the commands to save, most terminal editors allow you to click on the menu options).

When the systems finish installing, you should consider locking the servers down as much as possible. I changed the root password to something new (passwd), created a new user on each server (adduser node1, adduser node2, adduser node3), and then granted each user sudo permissions (usermod -aG sudo node1, etc.). I also set up a basic firewall with UFW (apt update; apt install ufw; ufw allow OpenSSH; ufw enable). We will also want to open the following ports on each of the servers:

sudo ufw allow from 192.168.100.1 to any proto tcp port 2379
sudo ufw allow from 192.168.100.2 to any proto tcp port 2379
sudo ufw allow from 192.168.100.3 to any proto tcp port 2379
sudo ufw allow from 192.168.100.1 to any proto tcp port 443
sudo ufw allow from 192.168.100.2 to any proto tcp port 443
sudo ufw allow from 192.168.100.3 to any proto tcp port 443
sudo ufw allow from 192.168.100.1 to any proto tcp port 2380
sudo ufw allow from 192.168.100.2 to any proto tcp port 2380
sudo ufw allow from 192.168.100.3 to any proto tcp port 2380
sudo ufw allow from 192.168.100.1 to any proto tcp port 6443
sudo ufw allow from 192.168.100.2 to any proto tcp port 6443
sudo ufw allow from 192.168.100.3 to any proto tcp port 6443
sudo ufw allow from 192.168.100.1 to any proto udp port 8472
sudo ufw allow from 192.168.100.2 to any proto udp port 8472
sudo ufw allow from 192.168.100.3 to any proto udp port 8472
sudo ufw allow from 192.168.100.1 to any proto tcp port 9099
sudo ufw allow from 192.168.100.2 to any proto tcp port 9099
sudo ufw allow from 192.168.100.3 to any proto tcp port 9099
sudo ufw allow from 192.168.100.1 to any proto tcp port 10250
sudo ufw allow from 192.168.100.2 to any proto tcp port 10250
sudo ufw allow from 192.168.100.3 to any proto tcp port 10250
sudo ufw allow from 192.168.100.1 to any proto tcp port 10254
sudo ufw allow from 192.168.100.2 to any proto tcp port 10254
sudo ufw allow from 192.168.100.3 to any proto tcp port 10254
sudo ufw allow 22
sudo ufw allow 2376
sudo ufw allow 6443

At this point, it is always wise to try to ssh into the new account you created and make sure it is all working before you exit on root, as you won’t get another chance to fix things if you don’t. Some people also consider it wise to disable root login by changing PermitRootLogin yes to PermitRootLogin no in the /etc/ssh/sshd_config and running /etc/init.d/sshd restart.

From now on, I will assume you are running commands from your sudo users, and hence, will include the sudo command.

We need to put each of the servers into a virtual private network to allow for local communication. To do this, go to https://robot.your-server.de/vswitch/index (it’s a Hetzner configuration page) and create a new vSwitch with a name (for instance, clusterswitch) and a VLAN ID of 4000. After it is created, add your three servers to the vswitch.

Next, log in to each server and do the following: 1. Run $ ifconfig and note the device name (it will likely look close to enp0s3) 2. Run the commands (replacing enp0s3 with the name of your device): sudo ip link add link enp0s31f6 name enp0s3.4000 type vlan id 4000 sudo ip link set enp0s3.4000 mtu 1400 sudo ip link set dev enp0s3.4000 up Finally, run the following, replacing 192.168.100.1 with the final number (bolded) with the number of the server you are on (if you have three servers, you will have a server with one of 192.168.100.1, 192.168.100.2, or 192.168.100.3): ip addr add 192.168.100.1/24 brd 192.168.100.255 dev enp0s3.4000

Next, we need to install docker.

Docker Installation (Repeat on Each Server)

Run the following commands:

sudo apt-get update

sudo apt-get install ca-certificates curl gnupg lsb-release

curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg

and,

echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \
  $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

Finally, $sudo apt-get update and sudo apt-get install docker-ce docker-ce-cli containerd.io

Preparing to Install the Rancher Kubernetes Engine (RKE):

To prepare, we require three things:

  • An installation of kubectl on your home computer
  • An installation of the RKE command-line tool
  • Your home computer keys added to each server to allow access to the servers from scripts

To install kubectl on your home computer:

  1. Download kubectl with $curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
  2. Install kubectl with $sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl
  3. Check that it is working by running sudo kubectl version --client .

To install the RKE command-line tool:

  1. Go to https://github.com/rancher/rke/releases and download the latest release (v1.3.2 as of this writing, called rke_linux-amd64 if your home computer is a 64-bit Inel/AMD computer).
  2. Rename the file to rke with $mv rke_linux-amd64 rke and run $chmod +x rke to give it executable permissions. Finally, move it using $sudo mv rke /usr/local/bin/rke so that you can use it anywhere.
  3. Check that it is working by running rke --version .

Add your Home Computer Keys to Each server

In order to add your key to each server, you must generate some first. If you have a key you want to use already, skip this step.

To generate a key (on your home computer): $ssh-keygen -t ed25519 -C "[email protected]" and press enter at each step to keep all the settings at their default values (the use of a passphrase is not done here because it involves an additional step of setting up an ssh-agent, but is put here for completeness).

Now, we need to copy each key to the three servers. To do so, issue these commands (substituting in the IP address of each):

ssh-copy-id -i .ssh/id_ed25519.pub node1@node1_ip_address ssh-copy-id -i .ssh/id_ed25519.pub node2@node1_ip_address ssh-copy-id -i .ssh/id_ed25519.pub node3@node1_ip_address

Also, ssh into each server and generate a key (ssh-keygen -t ed25519 -C "[email protected]" ) and grant ssh access from every server to each other. To do so, run the following commands on each server (ssh’ing into the same node is fine and won’t result in an error):

ssh-copy-id -i .ssh/id_ed25519.pub [email protected] ssh-copy-id -i .ssh/id_ed25519.pub [email protected] ssh-copy-id -i .ssh/id_ed25519.pub [email protected]

Now We Prepare to Install RKE:

We are now ready to install our cluster on the three server nodes. To do this, we will create a rancher-cluster configuration file. You will need to replace the IP addresses and users to your configuration.

Create the following file on your home computer):

rancher-cluster.yml

nodes:
  - address: YOUR_PUBLIC_IP_FOR_NODE1
    internal_address: 192.168.100.1
    user: node1
    role: [controlplane, worker, etcd] 
    ssh_key_path: ~/.ssh/id_ed25519
 - address: YOUR_PUBLIC_IP_FOR_NODE2
    internal_address: 192.168.100.2
    user: node2
    role: [controlplane, worker, etcd]
  - address: YOUR_PUBLIC_IP_FOR_NODE3
    internal_address: 192.168.100.3
    user: node3
    role: [controlplane, worker, etcd]

services:
  etcd:
    snapshot: true
    creation: 6h
    retention: 24h

# Required for external TLS termination with
# ingress-nginx v0.22+
# We won't be using this, but it is left here
# for completion
#ingress:
#  provider: nginx
#  options:
#    use-forwarded-headers: "true"

If you get any errors relating to the SSH key, try replacing ~/.ssh/id_ed25519 with /home/YOUR_USER_NAME/.ssh/id_ed25519.

From Here, We Are Ready to Run RKE

In the same folder as your rancher-cluster.yml file, issue the command:

rke up --config ./rancher-cluster.yml

If everything runs correctly you will, after the install is finished (it took close to ten minutes for me), get the message “Finished building Kubernetes cluster successfully.”.

Testing the Cluster

To test that your cluster is set up correctly, you first have to move your configuration file for your RKE cluster. In the same folder as the above, move the newly created file, kube_config_cluster.yml to $HOME/.kube/config (i.e. mv $HOME/.kube/config .

Now, try the following command:

sudo kubectl get nodes which should return the nodes you created, along with the status of ready.

You can also try the following,

sudo kubectl get pods --all-namespaces , which will give you the name of all pods running in the cluster.

Congratulations, you now have a running Kubernetes cluster. In article 2, we will go over installing the latest Rancher (2.6) on the cluster and setting up the load balancer to allow you to control it easily. From here, in article 3, we will cover how to use it to deploy a hello-world container, including the ingress of a domain with HTTPS.

If there is anything you think I have missed, or that you believe I should add, let me know in the comments.

Thank you for reading this article. If you enjoyed it, please follow me for more of my explorations into the world of computing (and feel free to clap as well!).

Cluster
Server
Dedicated Server
Gitops
Rancher
Recommended from ReadMedium
avatarJake Nesler
Bare-metal k3s + Proxmox + 24TB CephFS

3 min read
avatarArmin Aminian
K8S Cluster as a Service with vCluster: Part1

7 min read
avatarSpacelift
26 Top Kubernetes Tools for 2024

Kubernetes is the most popular container orchestration tool, but it gets even better when combined with other tools. The Kubernetes…

12 min read
avatarmahdad ghasemian
Setting Up a Highly Available Kubernetus Cluster (K3S) on Hetzner Cloud with Terraform

Experience an incredible Kubernetes setup complemented by the powerful features of Longhorn and Traefik.

5 min read
avatarThoren Lederer
Host a On-Premise Kubernetes Cloud Using Hetzner and Save a lot of Money. (NFS, Metrics and More)

Avoid high costs from managed Kubernetes clouds by using this tutorial in your Hetzner account. Feel free to copy & paste.

8 min read
avatarLubomir Tobek
Kubernetes Multi-Master Node Cluster

Creating and operating a highly available Kubernetes cluster requires multiple Kubernetes control plane nodes and “Master Nodes”. To…

10 min read