The Rancher Advantage Thursday June 10th, 16:00 CEST Welcome to this webinar about SUSE Rancher. My name is Adrian Kosmaczewski, I am in charge of developer relations at VSHN, and I’m happy to greet you from the beautiful city of Zurich. Speaker notes 1
The DevOps Company Founded 2014, 40 VSHNeers located in Zürich Switzerland’s leading DevOps, Docker & Kubernetes partner 24/7 support ISO 27001 certi ed ISAE 3402 Report Type 1 veri ed First Swiss Kubernetes Certi ed Service Provider Just a few words about VSHN; that’s how you pronounce the name, and we’re "The DevOps Company". We’ve been in Zurich since 2014, we’re 40 engineers and we’re Switzerland’s leading DevOps, Docker & Kubernetes partner, offering 24/7 support to our customers. We’ve got a few certifications, and most importantly, we were the First Swiss Kubernetes Certified Service Provider back in 2016. Speaker notes 2
very active in the Cloud Native space, you might recognize some of the logos on this slide. Of all these, today we’re going to talk about SUSE Rancher extensively. Speaker notes 3
run our own "Platform as a Service" offering called "APPUiO". We’ve created our own suite of tools to manage lots of Kubernetes services from a central location, called "Project Syn". Last but not least, we have developed our own Kubernetes operator for backups, called K8up, which just like Project Syn is 100% open source on GitHub. Speaker notes 4
2. How to install it? 3. Multi-cluster management 4. User authentication and security 5. Day Two Operations 6. Demo Time! 7. Questions & Answers Agenda This is the agenda for today. First we’re going to learn a bit about SUSE Rancher and its capabilities. Then we’re going to see how to install it, and how to use it to manage multiple Kubernetes clusters. We’re going to go through some options about authentication and security, as well as how to install and manage applications with it. Finally, we’re going to see a live demo of SUSE Rancher in action, managing variuos Kubernetes clusters at once, and we’ll be glad to answer your questions at the end of this session. Speaker notes 5
webinar, we assume that you have a basic understanding of the following concepts: Containers (Docker or Podman) Kubernetes Infrastructure as Code (Terraform) Video: "Docker and Kubernetes" Requirements www.youtube.com/watch?v=SCMA5XHv9uc Just a quick heads up before starting this webinar; this session assumes that you have basic understanding or are already familiar with concepts such as containers, Kubernetes, and Infrastructure as Code. If you are unfamiliar with these, please refer to our video "Webinar: Docker and Kubernetes: The Way to Cloud- Native Computing – 2020-05-26" in the link shown in the slide Speaker notes 6
in this presentation we’re going to be playing with Rancher in a live demo; but for that, I need to launch a few scripts first so that we have everything ready when the time comes. The first thing I need to do is to launch Rancher itself, running inside of a K3s cluster managed with K3d, all from SUSE. I’m also going to launch a Minikube cluster on my machine, and thanks to Terraform, I’m going to create another cluster, this time in Exoscale. Later on we’re going to federate and manage all of these clusters from the same Rancher interface. Speaker notes 7
Kubernetes Everywhere" Created by Rancher Labs in 2014 More than 100 million downloads More than 30'000 installations (as of 2020) Part of SUSE since July 2020 Rancher is an open source, free as in freedom and free as in beer, Kubernetes management tool, and one of the most popular options available to manage. In 2020 Rancher Labs were acquired by SUSE Software Solutions Germany GmbH, and by that time it was estimated that Rancher had already been downloaded 100 million times, and that at least 30'000 installations were in production. Speaker notes 9
of ready-to-use tools and services already integrated; you do not need to install them separately in your cluster: Prometheus, Grafana, Istio, all of it is ready for you off-the-box. Rancher also secures the access to your clusters, using whatever security method you are already using; whether it’s Active Directory or GitHub, Rancher can read that information for you. Finally, Rancher works on top and together with any CNCF-certified Kubernetes distribution. Whether it’s a managed installation like AKS, EKS, or GKE, or a self- hosted cluster with RKE or K3S, Rancher can manage them without problem. Speaker notes 10
Security Global Application Catalog Full lifecycle management for Amazon EKS clusters Integrated Prometheus Monitoring and Logging GitOps at Scale What Problems Does it Solve? Why do teams choose Rancher? Well, as companies undergo their digital transformation, they start to use containers and Kubernetes more and more. This means that many different teams must run their own clusters, in various locations, and this raises problems of governability and management. Hence Rancher provides a single point of reference for all of your clusters, and secures this information under a centralized security policy, allowing for the management of apps running in them. As a bonus, it is fully integrated with Amazon EKS, includes built-in Prometheus and Grafana for monitoring, and is enabled for GitOps operations off- the-box. Speaker notes 11
Cluster helm Getting started guides for: AWS, Azure, GCP, Digital Ocean, Vagrant On Linux rancherd → Experimental Installation Options How can you install Rancher? There are plenty of options, but of course the two most common ways are via Docker, running the rancher/rancher container, and inside its own Kubernetes cluster, which is done with a helm chart. Rancher provides all the required documentation for you to install it in all major cloud providers: Amazon AWS, Azure, Google Cloud, Digital Ocean, and more. Finally, still experimental, there is a possibility to install Rancher directly on Linux (bare metal or VM) with the rancherd binary. Speaker notes 13
Windows, Mac… Docker Installation $ docker run --detach \ --restart=unless-stopped \ --publish 80:80 \ --publish 443:443 \ --privileged \ rancher/rancher 1 As I said previously, the first contact most DevOps engineers have with Rancher is through the Docker container. This is by far the simplest way to install and run Rancher, and it can be easily done in the laptop of any of your engineers at absolutely no cost. And, needless to say, this works wherever Docker runs: on Linux, Mac, and Windows. Speaker notes 14
Assign your hostname here Kubernetes Installation $ helm install cert-manager jetstack/cert-manager \ --namespace cert-manager \ --create-namespace \ --version v1.3.1 $ helm install rancher rancher-latest/rancher \ --namespace cattle-system \ --create-namespace \ --set hostname=rancher.your.company.com 1 2 In VSHN we run our own Rancher installation, and we manage those of our customers, inside Kubernetes clusters. Thanks to helm, the installation of Rancher on a cluster is very easy: just remember to install cert- manager first, and provide a hostname for your installation. Speaker notes 15
manage their clusters from a centralized user interface. It does not matter where they are located in the world, the same cockpit will provide your engineers with access to all of your clusters, offering the same set of services, simplifying the management and control of your digital assets. I would like now to call your attention on the little "red alert" icons that appear next to Exoscale and Minikube clusters in the image of this slide. Speaker notes 17
click on those clusters, you will see red warnings for the Kubernetes Controller Manager and the Kubernetes Scheduler. These components have been deprecated in Kubernetes 1.19, and Rancher 2.5 still tries to connect to those services. In short, if you see these two red banners, and you’re running Kubernetes versions later than 1.19, you do not need to worry. Speaker notes 18
in Kubernetes 1.19 and later $ kubectl --kubeconfig minikube.kubeconfig get componentstatus Warning: v1 ComponentStatus is deprecated in v1.19+ NAME STATUS MESSAGE controller-manager Unhealthy Get "http://127.0.0.1:10252/healthz": dial tcp 127.0.0.1:10252: connect: scheduler Unhealthy Get "http://127.0.0.1:10251/healthz": dial tcp 127.0.0.1:10251: connect: etcd-0 Healthy {"health":"true"} 1 As you can see in this slide, running the get componentstatus command on one of these clusters (in this case, Minikube) returns the error that explains it all. This still works in Rancher when managing clusters running earlier versions of Kubernetes. The ticket regarding this issue has been closed 8 days ago, which means that this "cosmetic issue" will most probably be solved in the next versions of Rancher. Speaker notes 20
All of these features would not be very useful if we could not secure them properly. It turns out that Rancher is very useful in this regard. Speaker notes 21
user management off-the-box Because, you see, Kubernetes does not provide any kind of user management off-the-box. This is not embarrasing or a big issue, but of course it is a major contention point for enterprises wishing to embrade DevOps in their digital transformation. Speaker notes 22
Directory: Windows, Federation Services, & Azure LDAP: OpenLDAP & FreeIPA OAuth: Google & GitHub Others: Shibboleth, OKTA, Ping, Keycloak Supported Authentication Mechanisms The default mechanism is Rancher’s own local authentication, which provides various features such as user accounts, roles, and groups, each of which can have separate privileges and access rights. If you are already using Active Directory in any of its forms, which is the case for companies historically linked to Windows, no problem! If you prefer to use other LDAP options, such as OpenLDAP, Rancher can help you too. If you prefer OAuth, for example if your Rancher platform runs an open source project, just select it. And you can even use Shibboleth, Keycloak, and other options. Speaker notes 24
your cluster is secure, up and running, your DevOps engineers will want to start running apps in them, and they will need to be able to monitor those clusters in real time. Rancher has features covering all of these situations. Speaker notes 25
to deploy applications quickly and conveniently from the UI. They can choose from a complete menu with lots of popular applications ready to use: Argo CD for GitOps, Harbor for hosting container images, TriggerMesh or OpenFaaS for serverless, various databases such as MariaDB, Mongo, or etcd, Speaker notes 26
install the "Management" application on your cluster from the App Marketplace, and this will automatically install AlertManager, Prometheus and Grafana on your cluster, and they will become immediately ready to use for your team. For example, click on the Grafana button… Speaker notes 27
our Rancher instance using OpenLDAP 2. Launch the creation a new cluster from Rancher in Amazon EKS 3. Attach existing clusters to our Rancher instance 4. Deploy an application on Exoscale from our Rancher instance 6. Demo Time! In this demo we are going to use the clusters and infrastructure we set up at the beginning of the session, and which by now should ready to use. First we’re going to configure the security of our Rancher instance using OpenLDAP. Then we are going to attach our Minikube and Exoscale clusters to Rancher, and then we’re going to launch the creation of an Amazon EKS cluster, all from within Rancher. Finally, we’re going to deploy a very simple application into our Exoscale cluster using only our Rancher interface. Speaker notes 29
for Kubernetes Supports all CNCF-approved Kubernetes distributions Supports major cloud providers off-the-box: AKS, EKS, & GKE Easily installed and uninstalled from your cluster Easily secured with Enterprise-friendly options Quick deployment of many popular applications with Helm Advanced monitoring tools ready to use. Key Points This is a summary of the most important points of the presentation of today. SUSE Rancher is an open, cost-effective, compatible solution for your Kubernetes management needs. Of course we’ve only scratched the surface, but this short overview has hopefully given you a complete panorama of what SUSE Rancher is, and what benefits it can bring. Speaker notes 30
like a personalized demo? Contact us! Adrian Kosmaczewski, Developer Relations, VSHN – VSHN AG – Neugasse 10 – CH-8005 Zürich – +41 44 545 53 00 – – Thanks! [email protected] vshn.ch [email protected] We hope this webinar has given you an overview of the various capabilities of Rancher, and we’d be delighted to answer some of the questions you might have. Thanks again for attending this webinar! If you are interested in managing your fleet of Kubernetes clusters, or would like to learn more through a private demo of Rancher’s capabilities, please contact us! Speaker notes 31