What is Rancher?
Rancher is a container management platform for Kubernetes. One Rancher server installation can manage thousands of K8s clusters across a multitude of private and public providers. It enables a host of value adds to Kubernetes including:◊ Centralized Authentication and Role-Based Access Control for multiple
clusters
◊ Centralized Monitoring and Alerting for multiple clusters
◊ Externalization of logs to a central repository
◊ Helm integration globally via an Application Catalog
◊ The use of Fleet to provide CI/CD integration if an existing CI/CD
system isn’t used
Rancher is completely open-source with various support options available for those who want licensing. Rancher has a variety of other projects like RKE, Rancher Desktop, and more.
Where Can I Run Rancher?
Rancher runs on any modern-kernel 64-bit Linux distributions
The minimum supported linux kernel version is 3.10
You can install Rancher on Linux, Windows, or macOS as long as it runs
Docker containers.
Rancher UI works best in Chrome or Firefox.
An Example of Installing Rancher manually on Linux
Ideally, read the Rancher documentation for various installation options:
◊ AWS
◊ Azure
◊ GKE
◊ Manually
◊ and more
An Example of Manually Installing on Linux:
1. Provision a Linux Host of any type (cloud or on-premise) that meets
minimum Linux Kernel version with Docker installed
2. Install Rancher via Docker1. sudo docker run -d --restart=unless-stopped -p
80:80 -p 443:443 --privileged rancher/rancher
3. Log in via https://localhost
- Create a password for the admin account
- Login with the password when prompted
4. Import or create your first cluster under Cluster Management – May require credentials
Rancher Architecture
Source: Adapted from https://rancher.com/docs/rancher/v2.6/en/overview/architecture/
Various Components of Rancher Server and K8s components
Authentication Proxy – The core authentication software that
authorizes Rancher UI/CLI/API calls as well as a K8s Kubectl/API calls.
The auth proxy authenticates the caller and sets the proper K8s
impersonation headers before forwarding the call to the respective K8s
cluster downstream. Rancher uses a Service Account to communicate
with downstream K8s clusters.
Rancher API server – just like Kubernetes itself the Rancher API
server is the central communications hub for all interactions between all
components in Rancher and downstream K8s controllers.
Cluster Controller(s) – Each downstream cluster has a cluster
controller on the Rancher server and a cluster agent on the
downstream itself. The cluster controller does the following:
- Watches for resource changes on the downstream clusters
- Changes the configuration of the downstream cluster to the desired state
- Sets access control policies to clusters and projects (Rancher namespaces)
- Provisions downstream clusters using necessary drivers for relevant platform
Cluster Agent(s) – By default, to enable Rancher to communicate with
a downstream cluster, the cluster controller connects to the cluster
agent. The cluster agent performs the following:
- Connects to the K8s API of Rancher-launched Kubernetes clusters
- Manages workloads, pod creation and deployment within each clusters
- Applies the roles and bindings defined in each cluster’s global policies
- Communicates between the cluster and Rancher server about events, stats, node info, and health
Node Agents – If the cluster agent is not available, one of the node
agents on the node creates a tunnel to the cluster controller to
communicate with Rancher. This is fall back in case the agent isn’t
working and is deployed as a DaemonSet resource on each node.
Authorized Cluster Endpoints – Not really an object per se, this is an
an endpoint that allows you to bypass the Rancher authentication proxy.
This is useful when routing through Rancher is not optimal due to
latency or to bypass Rancher if it was down.
Summary
- Rancher is a container management platform for Kubernetes
- One Rancher server installation can manage thousands of K8s clusters across a multitude of private and public providers including AWS, Azure, and Google.
- It can launch or import Kubernetes clusters as needed.
- Founded in 2014, acquired by SUSE in 2020.
- Numerous projects outside of management software including RKE, K3S, KIM, and others.
- Rancher is an add-on over and above Kubernetes and has its own API server, Etcd datastore, authentication proxy, and more