Rancher Suite K8S Adventure - Chapter 012 - A first log in and tour of Rancher

Rancher Suite K8S Adventure - Chapter 012 - A first log in and tour of Rancher

A travelogue of converting from OpenStack to Suse's Rancher Suite for K8S including RKE2, Harvester, kubectl, helm.

Today is the first log in and tour of Rancher.

Where we left off yesterday, a 'rollout status' kubectl shows Rancher is up and running.

Go to https://YourClusterHostname where YourClusterHostname is the round robin DNS name not one specific host.  Because you're using a self signed cert you'll have to click "ok" or "proceed" or whatever your web browser requires.

Log in with your bootstrap password from yesterday.

Rancher will want to verify the cluster URL, unless you messed something up the default should be correct.  Also you'll have to click the EULA acceptance checkbox.

This will drop you in the default dashboard page.

One cool feature of Rancher is centralized authorization for cluster control.  I'm not going to configure Active Directory auth.  Partially because I could never get it working; AD has near infinite flexibility therefore if the only feedback is "authentication failed" it can take a near infinite amount of time to configure.  The other problem is my DCs are hosted as VMs and I don't like the idea of being locked out of Rancher due to a cluster problem therefore being unable to log into Rancher to fix the cluster problem.  Kind of like the old joke about hosting your DHCP controllers as VMware images then making your ESXi hosts configure their networks using DHCP.

Anyway, add at least one user for daily use, much as most sysadmins do not use root on a Linux box all day, its probably good to not use admin on Rancher:

Left Hamburger menu, "Configuration" "Users and Authentication"

"Users" "Create" and pay close attention to Global Permissions, Administrator vs Standard User, etc.

To work around the "Password must be at least 12 characters" error:

Left Hamburger menu, "Global Settings" change password-min-length to something that doesn't force people to use post it notes as a password manager.

Log out as admin and log in as a normal-ish user.

Set your preferences in the right icon "Preferences".  The default color theme changes at night which I find incredible disturbing when it happens, so I always force it to "Light" theme.  This is also where you can change the "Login Landing Page" from home to a specific cluster.

Time for a quick tour.  This tour provides a high level view of the rest of the series.

Home

At login you will be dropped in "Home" which you can reach from the left Hamburger menu "Home".  Gives you a list of your clusters, and we will look at clusters later.

List of Clusters

Next hamburger menu entry is a list of your clusters, just local right now.  Again, we will look at clusters later.

Continuous Delivery

After the cluster list in the Hamburger menu is "Continuous Delivery" that Git Ops stuff where committing code results, optimistically, in passed tests and successful deployments.  You will get a "You don't have any Git Repositories in your Workspaces" and we will return to this cool feature another day.  Its an undermarketed feature, very cool...

Cluster Management

"Cluster Management" is the next entry in the Hamburger menu.  The right side is yet another view of your clusters, but the left side is where you enter your cloud credentials, select drivers for Rancher clusters, etc.  AWS is far too expensive to permanently use compared to cheap onsite cluster hardware, but its fun and cool to experiment with.

The Harvester component of the Rancher Suite allows HCI integration of clusters and virtual machines.  This is the page where you import your Harvester Cluster into Rancher.

Users & Authentication

You previously visited "Users & Authentication" when creating a non-admin user for daily Rancher use.  This is also where you configure Authorization Providers.

Extensions

By default, the "Extensions" menu does nothing because the Extension Operator is not enabled.  Clicking the button to enable it adds a new repo full of cool Rancher "stuff".  Obviously you can not install stuff from the internet if your install is air-gapped from the internet.  Anyway after enabling the Extension Operator, note that no extensions are installed by default, click "Available" and as of the time of writing this there are exactly two extensions available, one for elemental OS and one for Kubewarden.

Global Settings

"Global Settings" was where you reconfigured the minimum password length but there are all kinds of cool settings here.  "Home Links" lets you add or change the links on the home page, which is pretty cool.

Examine a typical cluster

Time for a quick glance at a cluster.  The only cluster we have right now is "local", the one running Rancher.  There are at least three different ways to access cluster "local", the home page, the entry in the hamburger menu, and looking at cluster management and clicking local.  Note that cluster management provides more "control" features and fewer "monitoring" features so just use the home page for now, because first stop is the event log.

If you enabled the Extensions Operator that will result in about two dozen events.  I selected them all and deleted them.  This is a much more exciting page when you're troubleshooting a problem.

Looking at the main cluster page, there's an option to add a cluster badge, which AFAIK is purely decorative.  I like to add the URL of my cluster, so a cluster named "local" for Rancher has, in my case, a badge named "rancher.cedar.mulhollon.com"

Note that next to the badge setting there's an option to enable monitoring via the cluster tools charts page.  This is a long story for another day.  Aside from monitoring there's plenty of other cluster scale tools Rancher can install, including the backup system and Longhorn for data storage and various scanning and alerting systems.

Something you'll rapidly discover when looking at the Rancher cluster's workload, etc, is there's a drop down menu at the top of the screen, probably by default set to "Only User Namespaces" and there is no user workload on the Rancher cluster so, for example, the deployment list will be empty.  Simply change the dropdown to something like "All Namspaces" and the list will fill with rancher and cert-manager and so forth.  Its instructive to click thru on the deployment for Rancher, then perhaps selec tthe services or ingresses for that deployment and see there's there is the https port you're using to access Rancher being examined in rancher.  Or click thru on the Rancher deployment to the pod for rancher then the container, then click the three dots to look at the container logs for Rancher.

That was a whirlwind tour of Rancher.  Here's a great operational resource for new Rancher users:

https://ranchermanager.docs.rancher.com/pages-for-subheaders/new-user-guides

At this point you have a great manager of clusters, but no clusters to manage.  Next we work on adding a small Harvester cluster.