RKE2, Helm, Rancher, and NFS
Table of Contents
1 Complete Install Guide
1.1 Setup Clusters
1.1.1 My install uses 1 Master node and 1 Work node. Tenatively named them master02u and worker02u. Both have the same specs, 4 core 16gb ram.
1.1.2 Installed Alma 8
1.2 Basic Tools Install and Hostname
export HOSTNAME=master02u dnf install tmux hostnamectl set-hostname $HOSTNAME
1.3 Edit the Network Manager to allow Container Networking
I did not need to this the first time, but nothing worked after a reboot until I resolved this. On both hosts I ran the following
vim /etc/NetworkManager/conf.d/rke-canal.conf
With the following contents:
[keyfile] unmanaged-devices=interface-name:cali*;interface-name:flannel*
Followed with restarting Network Manager
systemctl reload NetworkManager
1.4 Install RKE2
1.4.1 On the Master Node
- Do the Actual rke2 Install
curl -sfL https://get.rke2.io | sh - systemctl enable rke2-server.service systemctl start rke2-server.service
- This one will take a while. You can view messages by running in another window/tmux pane
journalctl -u rke2-server.service -f
- Then edit the bashrc to be able to use kubectl. We are also adding the path for helm tools which will help later.
vim ~/.bashrc
export PATH=/usr/local/bin/:/var/lib/rancher/rke2/bin/:$PATH export KUBECONFIG=/etc/rancher/rke2/rke2.yaml
source ~/.bashrc
- Stop your firewall (this needs to be adjusted to just allowed instead)
systemctl stop firewalld systemctl disable firewalld
- Make note of your installation token, this will be used on the worker node
cat /var/lib/rancher/rke2/server/node-token
1.4.2 On the Worker Node
- Follow the same steps for setting up rke2, but dont start yet
curl -sfL https://get.rke2.io | INSTALL_RKE2_TYPE="agent" sh - systemctl enable rke2-agent.service
- Add the config file to connect to the master node
mkdir -p /etc/rancher/rke2/ vim /etc/rancher/rke2/config.yaml
server: https://<server_ip>:9345 token: <token from server node>
- Start the service
systemctl start rke2-agent.service
- If this takes more than a few seconds, watch from another terminal
journalctl -u rke2-agent.service -f
1.4.3 Back onto the Master Node
- Install Helm
curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash
- Add the Cert Manager for Rancher
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.11.0/cert-manager.crds.yaml helm repo add jetstack https://charts.jetstack.io helm repo update helm install cert-manager jetstack/cert-manager --namespace cert-manager --create-namespace --version v1.11.0 --set installCRDs=true --timeout 10m0s
- Finally install Rancher
export INGRESS_NAME=rancher02u.local helm repo add rancher-stable https://releases.rancher.com/server-charts/stable kubectl create namespace cattle-system helm repo update helm install rancher rancher-stable/rancher --namespace cattle-system --set hostname=$INGRESS_NAME --set bootstrapPassword=admin --set global.cattle.psp.enabled=false
1.4.4 On your computer
- Add $INGRESS_NAME to your /etc/hosts (pointing to the master node ip)
- Open a browser and navigate to https://$ingress_name
- Bootstrap password was set in the final helm install command, password is admin
1.5 Setting up NFS
1.5.1 Setup a new VM
I had created a new VM with 8cores and 16gb of ram, 4tb of disk space and named this storage01u
1.5.2 On storage01u
- Initial Setup
hostnamectl set-hostname storage01u systemctl stop firewalld systemctl disable firewalld
- Install Package
dnf install nfs-utils
- Create the shared directory
mkdir /mnt/rancherdata chown nobody:nobody /mnt/rancherdata chmod 777 /mnt/rancherdata
- Define the NFS Clients in /etc/exports
vim /etc/exports
/mnt/rancherdata 192.168.1.0/24 (rw,sync,no_subtree_check)
- Export and Restart the service
exportfs -a systemctl restart nfs-server systemctl enable nfs-server
1.5.3 On worker02u (and every worker node)
1.5.4 On master02u
- Add the helm repo
helm repo add nfs-subdir-external-provisioner https://kubernetes-sigs.github.io/nfs-subdir-external-provisioner/ helm repo update
- Deploy the container
helm install nfs-subdir-external-provisioner nfs-subdir-external-provisioner/nfs-subdir-external-provisioner --set nfs.server=192.168.1.199 --set nfs.path=/mnt/rancherdata
2 Using Rancher
2.1 Storage Classes
2.1.1 After you create a Deployment, you need to add the persistent storage. There is like a way to do this during deployment.
2.2 Helm Charts
2.3 Ingress Controller
3 Kyle Notes
3.1 Uses NFS Provisioner
4 My Installation Notes
4.1 First Steps
4.1.1 install tmux
4.1.2 change hostname
4.2 RKE2 Quickstart
4.3 bashrc
export PATH=/usr/local/bin/:/var/lib/rancher/rke2/bin/:$PATH export KUBECONFIG=/etc/rancher/rke2/rke2.yaml
4.4 Helm Install
5 Meta Install Script
vim /etc/NetworkManager/conf.d/rke-canal.conf curl -sfL https://get.rke2.io | sh - systemctl enable rke2-server.service systemctl start rke2-server.service vim .bashrc source .bashrc cat /var/lib/rancher/rke2/server/node-token systemctl stop firewalld curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash helm repo add rancher-stable https://releases.rancher.com/server-charts/stable kubectl create namespace cattle-system kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.11.0/cert-manager.crds.yaml helm repo add jetstack https://charts.jetstack.io helm repo update helm install cert-manager jetstack/cert-manager --namespace cert-manager --create-namespace --version v1.11.0 --set installCRDs=true helm install rancher rancher-stable/rancher --namespace cattle-system --set hostname=rancher02u.local --set bootstrapPassword=admin --set global.cattle.psp.enabled=false