Deploying and Managing with Rancher
Kube-Hetzner provides seamless integration with Rancher Manager, allowing you to deploy and manage your Kubernetes clusters through Rancher's web-based interface.
Overview
Rancher is a complete software stack for teams adopting containers. It addresses the operational and security challenges of managing multiple Kubernetes clusters across any infrastructure.
Prerequisites
- Powerful Control Plane Nodes: Rancher requires at least 4GB of RAM per control plane node
- DNS Configuration: You need a domain name pointing to your cluster's load balancer
- SSL Certificate: Rancher requires HTTPS, so ensure you have TLS configured
Configuration
Enabling Rancher
Set the enable_rancher variable to deploy Rancher Manager:
enable_rancher = true
rancher_hostname = "rancher.example.com"
rancher_bootstrap_password = "your-secure-password"
Required Variables
rancher_hostname: The fully qualified domain name for Rancher (must have DNS pointing to your load balancer)rancher_bootstrap_password: Initial password for the Rancher admin user
Optional Variables
rancher_install_channel: Rancher installation channel (default:latest)rancher_values: Custom Helm values for Rancher deployment
Complete Example
module "kube-hetzner" {
# ... other configuration ...
enable_rancher = true
rancher_hostname = "rancher.mycompany.com"
rancher_bootstrap_password = "ChangeMe123!"
rancher_install_channel = "stable"
control_plane_nodepools = [
{
name = "control-plane"
server_type = "cx31" # At least 4GB RAM required
location = "nbg1"
count = 3
}
]
# Ensure TLS is configured
ingress_controller = "traefik"
traefik_values = <<EOT
ingressClass:
enabled: true
isDefaultClass: true
EOT
}
Installation Process
- Deploy Cluster: Terraform will deploy your Kubernetes cluster with Rancher
- DNS Setup: Point your
rancher_hostnameto the cluster's load balancer IP - SSL Certificate: Rancher will automatically provision a Let's Encrypt certificate if configured
- Access Rancher: Navigate to
https://rancher_hostnameand log in withadminand your bootstrap password
Rancher Configuration
Custom Helm Values
You can customize Rancher deployment using the rancher_values variable:
rancher_values = <<EOT
replicas: 3
ingress:
tls:
source: "letsEncrypt"
letsEncrypt:
email: "admin@example.com"
EOT
Installation Channels
latest: Latest stable releasestable: Previous stable releasealpha: Alpha releases (not recommended for production)
Post-Installation
First Login
- Open
https://rancher_hostnamein your browser - Accept the self-signed certificate warning (if using self-signed)
- Log in with username
adminand yourrancher_bootstrap_password - Change the default password when prompted
Adding Clusters
Rancher can manage:
- The local cluster (automatically imported)
- Additional Kubernetes clusters
- Imported clusters from other providers
Troubleshooting
Common Issues
- Insufficient RAM: Ensure control plane nodes have at least 4GB RAM
- DNS Resolution: Verify
rancher_hostnameresolves to the load balancer - SSL Issues: Check TLS configuration and certificate validity
- Bootstrap Password: Ensure the password meets Rancher's requirements
Logs
Check Rancher logs:
kubectl logs -n cattle-system deployment/rancher
Resetting Rancher
If you need to reset Rancher:
kubectl delete namespace cattle-system
# Then re-run Terraform apply
Best Practices
- Use External Database: For production, configure an external database for Rancher
- Backup Regularly: Implement regular backups of Rancher and cluster data
- Monitor Resources: Keep an eye on control plane resource usage
- Security: Use strong passwords and enable multi-factor authentication
- Updates: Keep Rancher updated to the latest stable version