Upgrade to Pro — share decks privately, control downloads, hide ads and more …

The Rancher Advantage

Adrian Kosmaczewski
June 10, 2021
92

The Rancher Advantage

Presentation of the SUSE Rancher Kubernetes management system.

Adrian Kosmaczewski

June 10, 2021
Tweet

Transcript

  1. VSHN – The DevOps Company
    Adrian Kosmaczewski, Developer Relations, VSHN
    The Rancher Advantage
    Thursday June 10th, 16:00 CEST
    Welcome to this webinar about SUSE Rancher. My
    name is Adrian Kosmaczewski, I am in charge of
    developer relations at VSHN, and I’m happy to greet you
    from the beautiful city of Zurich.
    Speaker notes
    1

    View full-size slide

  2. VSHN – The DevOps Company
    Pronounced ˈvɪʒn – like "vision"
    The DevOps Company
    Founded 2014, 40 VSHNeers located in Zürich
    Switzerland’s leading DevOps, Docker & Kubernetes partner
    24/7 support
    ISO 27001 certi ed
    ISAE 3402 Report Type 1 veri ed
    First Swiss Kubernetes Certi ed Service Provider
    Just a few words about VSHN; that’s how you
    pronounce the name, and we’re "The DevOps
    Company". We’ve been in Zurich since 2014, we’re 40
    engineers and we’re Switzerland’s leading DevOps,
    Docker & Kubernetes partner, offering 24/7 support to
    our customers. We’ve got a few certifications, and most
    importantly, we were the First Swiss Kubernetes
    Certified Service Provider back in 2016.
    Speaker notes
    2

    View full-size slide

  3. VSHN – The DevOps Company
    We’re partners of many companies very active in the
    Cloud Native space, you might recognize some of the
    logos on this slide. Of all these, today we’re going to
    talk about SUSE Rancher extensively.
    Speaker notes
    3

    View full-size slide

  4. VSHN – The DevOps Company
    Last but not least, we run our own "Platform as a
    Service" offering called "APPUiO". We’ve created our
    own suite of tools to manage lots of Kubernetes
    services from a central location, called "Project Syn".
    Last but not least, we have developed our own
    Kubernetes operator for backups, called K8up, which
    just like Project Syn is 100% open source on GitHub.
    Speaker notes
    4

    View full-size slide

  5. VSHN – The DevOps Company
    1. What is SUSE Rancher?
    2. How to install it?
    3. Multi-cluster management
    4. User authentication and security
    5. Day Two Operations
    6. Demo Time!
    7. Questions & Answers
    Agenda
    This is the agenda for today. First we’re going to learn a
    bit about SUSE Rancher and its capabilities. Then we’re
    going to see how to install it, and how to use it to
    manage multiple Kubernetes clusters. We’re going to go
    through some options about authentication and
    security, as well as how to install and manage
    applications with it.
    Finally, we’re going to see a live demo of SUSE Rancher
    in action, managing variuos Kubernetes clusters at
    once, and we’ll be glad to answer your questions at the
    end of this session.
    Speaker notes
    5

    View full-size slide

  6. VSHN – The DevOps Company
    For the purpose of this webinar,
    we assume that you have a basic
    understanding of the following concepts:
    Containers (Docker or Podman)
    Kubernetes
    Infrastructure as Code (Terraform)
    Video: "Docker and Kubernetes"
    Requirements
    www.youtube.com/watch?v=SCMA5XHv9uc
    Just a quick heads up before starting this webinar; this
    session assumes that you have basic understanding or
    are already familiar with concepts such as containers,
    Kubernetes, and Infrastructure as Code. If you are
    unfamiliar with these, please refer to our video
    "Webinar: Docker and Kubernetes: The Way to Cloud-
    Native Computing – 2020-05-26" in the link shown in
    the slide
    Speaker notes
    6

    View full-size slide

  7. VSHN – The DevOps Company
    Warming Up the Demo
    Later in this presentation we’re going to be playing with
    Rancher in a live demo; but for that, I need to launch a
    few scripts first so that we have everything ready when
    the time comes.
    The first thing I need to do is to launch Rancher itself,
    running inside of a K3s cluster managed with K3d, all
    from SUSE.
    I’m also going to launch a Minikube cluster on my
    machine, and thanks to Terraform, I’m going to create
    another cluster, this time in Exoscale. Later on we’re
    going to federate and manage all of these clusters from
    the same Rancher interface.
    Speaker notes
    7

    View full-size slide

  8. VSHN – The DevOps Company
    1. What is SUSE Rancher?
    Let’s get started with the first part of our webinar,
    answering the first obvious question: what is SUSE
    Rancher?
    Speaker notes
    8

    View full-size slide

  9. VSHN – The DevOps Company
    "One Enterprise Platform for Managed Kubernetes Everywhere"
    Created by Rancher Labs in 2014
    More than 100 million downloads
    More than 30'000 installations (as of 2020)
    Part of SUSE since July 2020
    Rancher is an open source, free as in freedom and free
    as in beer, Kubernetes management tool, and one of
    the most popular options available to manage.
    In 2020 Rancher Labs were acquired by SUSE Software
    Solutions Germany GmbH, and by that time it was
    estimated that Rancher had already been downloaded
    100 million times, and that at least 30'000
    installations were in production.
    Speaker notes
    9

    View full-size slide

  10. VSHN – The DevOps Company
    Rancher provides a whole suite of ready-to-use tools
    and services already integrated; you do not need to
    install them separately in your cluster: Prometheus,
    Grafana, Istio, all of it is ready for you off-the-box.
    Rancher also secures the access to your clusters, using
    whatever security method you are already using;
    whether it’s Active Directory or GitHub, Rancher can
    read that information for you.
    Finally, Rancher works on top and together with any
    CNCF-certified Kubernetes distribution. Whether it’s a
    managed installation like AKS, EKS, or GKE, or a self-
    hosted cluster with RKE or K3S, Rancher can manage
    them without problem.
    Speaker notes
    10

    View full-size slide

  11. VSHN – The DevOps Company
    Centralized Cluster Provisioning
    Centralized Kubernetes Security
    Global Application Catalog
    Full lifecycle management for Amazon EKS clusters
    Integrated Prometheus Monitoring and Logging
    GitOps at Scale
    What Problems Does it Solve?
    Why do teams choose Rancher? Well, as companies
    undergo their digital transformation, they start to use
    containers and Kubernetes more and more. This means
    that many different teams must run their own clusters,
    in various locations, and this raises problems of
    governability and management.
    Hence Rancher provides a single point of reference for
    all of your clusters, and secures this information under
    a centralized security policy, allowing for the
    management of apps running in them.
    As a bonus, it is fully integrated with Amazon EKS,
    includes built-in Prometheus and Grafana for
    monitoring, and is enabled for GitOps operations off-
    the-box.
    Speaker notes
    11

    View full-size slide

  12. VSHN – The DevOps Company
    2. How to install it?
    Let us see now how to install Rancher and start using
    it. It turns out, it’s very easy.
    Speaker notes
    12

    View full-size slide

  13. VSHN – The DevOps Company
    With Docker
    In a Kubernetes Cluster
    helm
    Getting started guides for:
    AWS, Azure, GCP, Digital Ocean, Vagrant
    On Linux
    rancherd → Experimental
    Installation Options
    How can you install Rancher? There are plenty of
    options, but of course the two most common ways are
    via Docker, running the rancher/rancher container, and
    inside its own Kubernetes cluster, which is done with a
    helm chart.
    Rancher provides all the required documentation for you
    to install it in all major cloud providers: Amazon AWS,
    Azure, Google Cloud, Digital Ocean, and more.
    Finally, still experimental, there is a possibility to install
    Rancher directly on Linux (bare metal or VM) with the
    rancherd binary.
    Speaker notes
    13

    View full-size slide

  14. VSHN – The DevOps Company
    1 Anywhere containers run: Linux, Windows, Mac…
    Docker Installation
    $ docker run --detach \
    --restart=unless-stopped \
    --publish 80:80 \
    --publish 443:443 \
    --privileged \
    rancher/rancher
    1
    As I said previously, the first contact most DevOps
    engineers have with Rancher is through the Docker
    container. This is by far the simplest way to install and
    run Rancher, and it can be easily done in the laptop of
    any of your engineers at absolutely no cost.
    And, needless to say, this works wherever Docker runs:
    on Linux, Mac, and Windows.
    Speaker notes
    14

    View full-size slide

  15. VSHN – The DevOps Company
    1 Mandatory requirement: cert-manager
    2 Assign your hostname here
    Kubernetes Installation
    $ helm install cert-manager jetstack/cert-manager \
    --namespace cert-manager \
    --create-namespace \
    --version v1.3.1
    $ helm install rancher rancher-latest/rancher \
    --namespace cattle-system \
    --create-namespace \
    --set hostname=rancher.your.company.com
    1
    2
    In VSHN we run our own Rancher installation, and we
    manage those of our customers, inside Kubernetes
    clusters. Thanks to helm, the installation of Rancher on
    a cluster is very easy: just remember to install cert-
    manager first, and provide a hostname for your
    installation.
    Speaker notes
    15

    View full-size slide

  16. VSHN – The DevOps Company
    3. Multi-cluster management
    Let’s know take a look at the wonder of managing
    various Kubernetes clusters from the same interface.
    Speaker notes
    16

    View full-size slide

  17. VSHN – The DevOps Company
    Rancher allows DevOps teams to manage their clusters
    from a centralized user interface. It does not matter
    where they are located in the world, the same cockpit
    will provide your engineers with access to all of your
    clusters, offering the same set of services, simplifying
    the management and control of your digital assets.
    I would like now to call your attention on the little "red
    alert" icons that appear next to Exoscale and Minikube
    clusters in the image of this slide.
    Speaker notes
    17

    View full-size slide

  18. VSHN – The DevOps Company
    &
    github.com/rancher/rancher/issues/11496 github.com/rancher/rancher/issues/29427
    If you click on those clusters, you will see red warnings
    for the Kubernetes Controller Manager and the
    Kubernetes Scheduler. These components have been
    deprecated in Kubernetes 1.19, and Rancher 2.5 still
    tries to connect to those services.
    In short, if you see these two red banners, and you’re
    running Kubernetes versions later than 1.19, you do not
    need to worry.
    Speaker notes
    18

    View full-size slide

  19. VSHN – The DevOps Company
    Here you can see how when Rancher connects to an
    Amazon EKS cluster running Kubernetes 1.18,
    everything looks green.
    Speaker notes
    19

    View full-size slide

  20. VSHN – The DevOps Company
    1 ComponentStatus and Scheduler deprecated
    in Kubernetes 1.19 and later
    $ kubectl --kubeconfig minikube.kubeconfig get componentstatus
    Warning: v1 ComponentStatus is deprecated in v1.19+
    NAME STATUS MESSAGE
    controller-manager Unhealthy Get "http://127.0.0.1:10252/healthz": dial tcp 127.0.0.1:10252: connect:
    scheduler Unhealthy Get "http://127.0.0.1:10251/healthz": dial tcp 127.0.0.1:10251: connect:
    etcd-0 Healthy {"health":"true"}
    1
    As you can see in this slide, running the get
    componentstatus command on one of these clusters (in
    this case, Minikube) returns the error that explains it
    all.
    This still works in Rancher when managing clusters
    running earlier versions of Kubernetes. The ticket
    regarding this issue has been closed 8 days ago, which
    means that this "cosmetic issue" will most probably be
    solved in the next versions of Rancher.
    Speaker notes
    20

    View full-size slide

  21. VSHN – The DevOps Company
    4. User authentication and security
    All of these features would not be very useful if we
    could not secure them properly. It turns out that
    Rancher is very useful in this regard.
    Speaker notes
    21

    View full-size slide

  22. VSHN – The DevOps Company
    Problem:
    Kubernetes does not provide user management off-the-box
    Because, you see, Kubernetes does not provide any
    kind of user management off-the-box. This is not
    embarrasing or a big issue, but of course it is a major
    contention point for enterprises wishing to embrade
    DevOps in their digital transformation.
    Speaker notes
    22

    View full-size slide

  23. VSHN – The DevOps Company
    The good news is that Rancher has us covered, with
    lots of different authentication mechanisms available
    off-the-box.
    Speaker notes
    23

    View full-size slide

  24. VSHN – The DevOps Company
    Rancher integrated: "Local Authentication"
    Active Directory: Windows, Federation Services, & Azure
    LDAP: OpenLDAP & FreeIPA
    OAuth: Google & GitHub
    Others: Shibboleth, OKTA, Ping, Keycloak
    Supported Authentication
    Mechanisms
    The default mechanism is Rancher’s own local
    authentication, which provides various features such as
    user accounts, roles, and groups, each of which can
    have separate privileges and access rights.
    If you are already using Active Directory in any of its
    forms, which is the case for companies historically
    linked to Windows, no problem! If you prefer to use
    other LDAP options, such as OpenLDAP, Rancher can
    help you too.
    If you prefer OAuth, for example if your Rancher
    platform runs an open source project, just select it. And
    you can even use Shibboleth, Keycloak, and other
    options.
    Speaker notes
    24

    View full-size slide

  25. VSHN – The DevOps Company
    5. Day Two Operations
    Once your cluster is secure, up and running, your
    DevOps engineers will want to start running apps in
    them, and they will need to be able to monitor those
    clusters in real time. Rancher has features covering all
    of these situations.
    Speaker notes
    25

    View full-size slide

  26. VSHN – The DevOps Company
    DevOps engineers can use Rancher to deploy
    applications quickly and conveniently from the UI. They
    can choose from a complete menu with lots of popular
    applications ready to use: Argo CD for GitOps, Harbor
    for hosting container images, TriggerMesh or OpenFaaS
    for serverless, various databases such as MariaDB,
    Mongo, or etcd,
    Speaker notes
    26

    View full-size slide

  27. VSHN – The DevOps Company
    For management purposes, you can install the
    "Management" application on your cluster from the App
    Marketplace, and this will automatically install
    AlertManager, Prometheus and Grafana on your cluster,
    and they will become immediately ready to use for your
    team.
    For example, click on the Grafana button…
    Speaker notes
    27

    View full-size slide

  28. VSHN – The DevOps Company
    … and access all of your management dashboards
    directly from Rancher.
    Speaker notes
    28

    View full-size slide

  29. VSHN – The DevOps Company
    1. Con gure security in our Rancher instance using OpenLDAP
    2. Launch the creation a new cluster from Rancher in Amazon EKS
    3. Attach existing clusters to our Rancher instance
    4. Deploy an application on Exoscale from our Rancher instance
    6. Demo Time!
    In this demo we are going to use the clusters and
    infrastructure we set up at the beginning of the
    session, and which by now should ready to use.
    First we’re going to configure the security of our
    Rancher instance using OpenLDAP. Then we are going
    to attach our Minikube and Exoscale clusters to
    Rancher, and then we’re going to launch the creation of
    an Amazon EKS cluster, all from within Rancher. Finally,
    we’re going to deploy a very simple application into our
    Exoscale cluster using only our Rancher interface.
    Speaker notes
    29

    View full-size slide

  30. VSHN – The DevOps Company
    Advanced open source management tool for Kubernetes
    Supports all CNCF-approved Kubernetes distributions
    Supports major cloud providers off-the-box: AKS, EKS, & GKE
    Easily installed and uninstalled from your cluster
    Easily secured with Enterprise-friendly options
    Quick deployment of many popular applications with Helm
    Advanced monitoring tools ready to use.
    Key Points
    This is a summary of the most important points of the
    presentation of today.
    SUSE Rancher is an open, cost-effective, compatible
    solution for your Kubernetes management needs.
    Of course we’ve only scratched the surface, but this
    short overview has hopefully given you a complete
    panorama of what SUSE Rancher is, and what benefits
    it can bring.
    Speaker notes
    30

    View full-size slide

  31. VSHN – The DevOps Company
    Thinking about cluster management?
    Would like a personalized demo?
    Contact us!
    Adrian Kosmaczewski, Developer Relations, VSHN –
    VSHN AG – Neugasse 10 – CH-8005 Zürich – +41 44 545 53 00 – –
    Thanks!
    [email protected]
    vshn.ch [email protected]
    We hope this webinar has given you an overview of the
    various capabilities of Rancher, and we’d be delighted
    to answer some of the questions you might have.
    Thanks again for attending this webinar! If you are
    interested in managing your fleet of Kubernetes
    clusters, or would like to learn more through a private
    demo of Rancher’s capabilities, please contact us!
    Speaker notes
    31

    View full-size slide