Deploy Rancher on Azure AKS using Azure Cli & Helm Charts
Azure Cloud Hands on Lab Practice Series
Project Overview —
This project revolves around Azure AKS where we deploy Rancher (platform for Kubernetes management). Rancher is a Kubernetes management tool to deploy and run clusters anywhere and on any provider. Azure AKS & Rancher is very vital combination when it comes to managing multi-cluster Kubernetes workloads from Single Dashboard.
SOLUTIONS ARCHITECTURE OVERVIEW -
First Let’s understand the real world use case :
- Hybrid Cloud Management for a Global E-Commerce Platform: Imagine a large e-commerce platform that serves customers globally. The platform’s infrastructure spans multiple regions to ensure low-latency access and high availability. The architecture includes microservices running on Kubernetes clusters managed by AWS EKS. Additionally, the company has on-premises data centers hosting legacy applications. Rancher provides a unified dashboard for managing EKS clusters spread across various regions.
- Finance: Multi-Tiered Application Deployment: A financial institution is migrating its legacy monolithic applications to microservices architecture on AWS EKS. The institution operates in multiple regions and requires secure and efficient deployment of multi-tiered applications. Rancher simplifies the deployment of microservices across EKS clusters in different regions.
- Retail: Seasonal Application Scaling: A retail chain experiences significant fluctuations in website traffic during holiday seasons. They need a solution to dynamically scale their applications on EKS to handle increased demand. Rancher enables automated scaling of applications based on predefined policies. Provides visibility into application performance, helping to optimize resource allocation during peak times.
- Manufacturing: Edge Computing for IoT Devices: A manufacturing company utilizes IoT devices across its facilities to monitor and optimize production processes. They need a solution to manage Kubernetes clusters at the edge for real-time data processing. Rancher supports the deployment of Kubernetes clusters at the edge, close to IoT devices. It also enables centralized management of edge clusters for easier monitoring and updates.
- Media and Entertainment: Content Delivery Optimization: A media streaming service operates globally and needs to optimize content delivery for users. They want to deploy and manage Kubernetes clusters efficiently to ensure low-latency streaming. It Integrates with AWS services like Amazon CloudFront for efficient content caching. Allows for easy scaling and updating of streaming applications across clusters. Facilitates the deployment of edge-native applications to process data locally.
These diverse use cases demonstrate the versatility of Rancher on AWS EKS in addressing industry-specific challenges and enhancing the management of Kubernetes clusters in various contexts. Rancher simplifies operations, enhances security, and provides a unified platform for managing the hybrid cloud environment.
Prerequisite —
- AZURE ACCOUNT with valid Subscription ID.
- Resource Group for creating Azure resources.
- AZURE CLI (on local machine)
- HELM
- KUBECTL
Azure Services Usage —
- Azure Resources Group
- Azure AKS
- Azure Vnet
- Azure Loadbalancer
- Azure Managed Identity
- Virtual Machine Scale Set
STEP BY STEP GUIDE -
STEP 1 : Setting environment variables
- Start the new terminal on local machine (linux/ubuntu/wsl)
- Set following env variables :
- AZURE_LOCATION=Azure Region (example uaenorth)
- CERT_MANAGER_VERSION=v1.12.5 (Cert Manager Version)
- KUBERNETES_VERSION=v1.26.6 (K8s Version)
- NODE_COUNT=2 (Number of Nodes required)
- RANCHER_VERSION=2.7.6 (Rancher Manager Version)
- RESOURCE_PREFIX=aks-demo (Name of Resource Group in Azure)
- SUBSCRIPTION_ID=XXXXXXX-XXXXXX (Subscription ID of Azure)
- VM_SIZE=Standard_D2s_v3 (Azure VM Instance Type)
- EMAIL_ADDRESS=youremail@domain.com (Azure account email)
STEP 2 : Add Helm Repositories
- helm repo add devpro https://devpro.github.io/helm-charts
- This repository contains Helm charts to build clusters with all components running in containers.
- helm repo add jetstack https://charts.jetstack.io
- helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
- helm repo add rancher-latest https://releases.rancher.com/server-charts/latest
- helm repo update
- helm repo list
STEP 2 : Login to Azure through Azure CLI for Authentication
- Run az login on local terminal (It will open a window in your browser automatically.)
- If not then you will get a link in CLI output, copy that generated link & paste in your browser to authenticate.
- Set Subscription if you have multiple subscription. (optional if you have only one subscription)
- az account set — subscription $SUBSCRIPTION_ID
- Create the resource group. (optional if you have already created)
- az group create — name ${RESOURCE_PREFIX} — location ${AZURE_LOCATION}
STEP 3 : Creating Kubernetes Cluster (AKS) in NEW VNET
- CASE 1 : AKS in new VNET
az aks create — resource-group ${RESOURCE_PREFIX} — name ${RESOURCE_PREFIX} — kubernetes-version ${KUBERNETES_VERSION} — node-count ${NODE_COUNT} — node-vm-size ${VM_SIZE}
- CASE 2: AKS in existing VNET
az aks create — resource-group ${RESOURCE_PREFIX} — name ${RESOURCE_PREFIX} — kubernetes-version ${KUBERNETES_VERSION} — node-count ${NODE_COUNT} — node-vm-size ${VM_SIZE} — network-plugin azure — vnet-subnet-id /subscriptions/${SUBSCRIPTION_ID}/resourceGroups/${RESOURCE_PREFIX}/providers/Microsoft.Network/virtualNetworks/<AZURE_VNET_NAME>/subnets/<AZURE_SUBNET_NAME>
- We are demonstrating CASE 1 — NEW VNET
- After running the command from CASE 1 — This will take some time to create AKS & store ssh keys at your /home/username/.ssh
- These keys are used to ssh into the worker nodes (VMs)
- Once the AKS is ready it will give you cluster information in the CLI output.
STEP 4 : Access the AKS Cluster through kubectl
- let’s add cluster credentials to local config of kubectl.
- az aks get-credentials — resource-group ${RESOURCE_PREFIX} — name ${RESOURCE_PREFIX}
- Check the nodes & all resources using kubectl.
- kubectl get nodes
- kubectl get all -A
- TIP — If you face any permission issue then change permission for ~/.kube/config
- Vanilla Cluster on AKS is ready with requested worker nodes.
STEP 5 : Ngnix Ingress Installation (exposing to Internet)
- Run below mentioned commands from local machine.
helm upgrade — install ingress-nginx ingress-nginx/ingress-nginx — namespace ingress-nginx — create-namespace — set controller.service.annotations.”service\.beta\.kubernetes\.io/azure-load-balancer-health-probe-request-path”=/healthz
- Check the services: kubectl get services -n ingress-nginx
- Let’s store value of Public IP which needs to be used at the time of Rancher Installation.
- PUBLIC_IP_NGINX=`kubectl get service -n ingress-nginx ingress-nginx-controller — output jsonpath=’{.status.loadBalancer.ingress[0].ip}’`
- echo $PUBLIC_IP_NGINX (It should give Public IP)
STEP 6 : Install Certificates manager.
- Run below mentioned commands from local machine.
- kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/${CERT_MANAGER_VERSION}/cert-manager.crds.yaml
helm upgrade — install cert-manager jetstack/cert-manager — namespace cert-manager — create-namespace — version $CERT_MANAGER_VERSION
- kubectl get pods — namespace cert-manager ( 3 pods should be in Running status)
helm upgrade — install letsencrypt devpro/letsencrypt — set registration.emailAddress=$EMAIL_ADDRESS — namespace cert-manager
- kubectl get clusterissuer -n cert-manager ( 2 Cluster issuers should be True)
STEP 7 : Rancher Installation.
- Run below mentioned commands from local machine.
- kubectl create namespace cattle-system
helm upgrade — install rancher rancher-latest/rancher — namespace cattle-system — set hostname=rancher.${PUBLIC_IP_NGINX}.sslip.io — set ‘ingress.extraAnnotations.cert-manager\.io/cluster-issuer=letsencrypt-prod’ — set ingress.ingressClassName=nginx — set ingress.tls.source=secret — set ingress.tls.secretName=tls-rancher — set replicas=2 — version $RANCHER_VERSION
- Check the status of installation & wait for it to complete.
- kubectl -n cattle-system rollout status deploy/rancher
- Fetch the generated password & copy it
kubectl get secret — namespace cattle-system bootstrap-secret -o go-template=’{{ .data.bootstrapPassword|base64decode}}{{ “\n” }}’
STEP 8 : Accessing the Rancher UI :
- echo https://rancher.${PUBLIC_IP_NGINX}.sslip.io/
- Copy URL & Paste on browser for Initial setup of Rancher.
- Check the logs → kubectl logs -n ingress-nginx -l app.kubernetes.io/component=controller
- You will be asked for password ( copied earlier )
- Hit Log in with Local User.
- Define the admin password, check the box and click on “Continue”. (store it)
- Finally Rancher is running and you can explore “local” cluster.
STEP 10 : Decommission
- Run below command to destroy all resources.
- kubectl delete ns cert-manager
- kubectl delete ns ingress-nginx
- Decommission the resources under the Azure Resources group.
- Delete the Resources Group at the end.
Congrats ! We have successfully completed lab for Deploying Rancher on Azure AKS using Azure CLI & Helm Charts.
I am Kunal Shah, AWS Community Builder, AWS Certified Professional Solutions Architect, helping clients to achieve optimal solutions on the Cloud. Cloud Enabler by choice, DevOps Practitioner having 9+ Years of overall experience in the IT industry.
I love to talk about Cloud Technology, DevOps, Digital Transformation, Analytics, Infrastructure, Dev Tools, Operational efficiency, Serverless, Cost Optimization, Cloud Networking & Security.
#aws #community #builders #devops #eks #managed #kubernetes #solution #rancher #solution #management #centralize #dashboard #easy #management #scalability #operational #efficiency #robust #infrastructure #highly #available #reliable #controlled #design #acloudguy
You can reach out to me @ acloudguy.in