3. Install Rancher

Now that you have a running RKE cluster, you can install Rancher in it. For security reasons all traffic to Rancher must be encrypted with TLS. For this tutorial you are going to automatically issue a self-signed certificate through cert-manager. In a real-world use-case you will likely use Let’s Encrypt or provide your own certificate.

Install the Helm CLI

3. Install Rancher - 图1danger

Helm v2 support is deprecated as of the Rancher v2.7 line and will be removed in Rancher v2.9.

Install the Helm CLI on a host where you have a kubeconfig to access your Kubernetes cluster:

  1. curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
  2. chmod +x get_helm.sh
  3. sudo ./get_helm.sh

Install cert-manager

Add the cert-manager Helm repository:

  1. helm repo add jetstack https://charts.jetstack.io

Create a namespace for cert-manager:

  1. kubectl create namespace cert-manager

Install the CustomResourceDefinitions of cert-manager:

  1. kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/<VERSION>/cert-manager.crds.yaml

And install it with Helm. Note that cert-manager also needs your proxy configured in case it needs to communicate with Let’s Encrypt or other external certificate issuers:

3. Install Rancher - 图2note

To see options on how to customize the cert-manager install (including for cases where your cluster uses PodSecurityPolicies), see the cert-manager docs.

  1. helm upgrade --install cert-manager jetstack/cert-manager \
  2. --namespace cert-manager \
  3. --set http_proxy=http://${proxy_host} \
  4. --set https_proxy=http://${proxy_host} \
  5. --set no_proxy=127.0.0.0/8\\,10.0.0.0/8\\,cattle-system.svc\\,172.16.0.0/12\\,192.168.0.0/16\\,.svc\\,.cluster.local

Now you should wait until cert-manager is finished starting up:

  1. kubectl rollout status deployment -n cert-manager cert-manager
  2. kubectl rollout status deployment -n cert-manager cert-manager-webhook

Install Rancher

Next you can install Rancher itself. First, add the Helm repository:

  1. helm repo add rancher-latest https://releases.rancher.com/server-charts/latest

Create a namespace:

  1. kubectl create namespace cattle-system

And install Rancher with Helm. Rancher also needs a proxy configuration so that it can communicate with external application catalogs or retrieve Kubernetes version update metadata:

  1. helm upgrade --install rancher rancher-latest/rancher \
  2. --namespace cattle-system \
  3. --set hostname=rancher.example.com \
  4. --set proxy=http://${proxy_host} \
  5. --set noProxy=127.0.0.0/8\\,10.0.0.0/8\\,cattle-system.svc\\,172.16.0.0/12\\,192.168.0.0/16\\,.svc\\,.cluster.local

After waiting for the deployment to finish:

  1. kubectl rollout status deployment -n cattle-system rancher

You can now navigate to https://rancher.example.com and start using Rancher.

3. Install Rancher - 图3caution

If you don’t intend to send telemetry data, opt out telemetry during the initial login. Leaving this active in an air-gapped environment can cause issues if the sockets cannot be opened successfully.

Additional Resources

These resources could be helpful when installing Rancher: