Hero Image

Install Rancher 2.6 in Hetzner Cloud

Rancher should be always installed in High Availability mode!

Preparing the nodes

In order to be able to use the HA mode, at least 3 nodes must be used. A compatible Kubernetes version must be installed on these. However, it is possible to use only one node. A single node cluster with RKE can be set up here. The only requirement is an executable Docker installation. If available, firewalld should be deactivated.

Hetzner

  • Set up a node with Ubuntu 20.04 (Focal)
  • Installation of Docker in Ubuntu
  • Optional: Adding a network for communication with cluster nodes network.png
  • Download of rke

Provisioning of the cluster

  • Create a cluster configuration file rancher-cluster.yml; use internal_address only when using a previously created internal network`
nodes:
  - address: 12.34.56.78
    internal_address: 172.16.0.2
    user: root
    role: [controlplane, worker, etcd]
    ssh_key_path: ~/path/to/key-file.rsa.key

services:
  etcd:
    snapshot: true
    creation: 6h
    retention: 24h

# Required for external TLS termination with
# ingress-nginx v0.22+
ingress:
  provider: nginx
  options:
    use-forwarded-headers: "true"
rke up --config ./rancher-cluster.yml
  • Testing the cluster
    $ kubectl --kubeconfig kube_config_rancher-cluster.yml get nodes
    NAME             STATUS   ROLES                      AGE   VERSION
    12.34.56.78   Ready    controlplane,etcd,worker   46h   v1.21.5
  • As a prerequisite for Rancher to be able to issue X.509 certificates via Let's Encrypt, cert-manager must be installed:
    helm repo add jetstack https://charts.jetstack.io
    kubectl --kubeconfig kube_config_rancher-cluster.yml create ns cert-manager
    helm --kubeconfig kube_config_rancher-cluster.yml upgrade --install cert-manager jetstack/cert-manager --namespace cert-manager --set installCRDs=true

Installation of Rancher

Create a new values.yaml:

# values.yaml

ingress:
  tls:
    source: letsEncrypt

letsEncrypt:
  email: letsencrypt@domain.com

hostname: rancher-admin.domain.com
replicas: 1

Deploy Rancher:

helm repo add rancher-stable https://releases.rancher.com/server-charts/stable
helm repo update
kubectl --kubeconfig kube_config_rancher-cluster.yml create ns cattle-system
helm --kubeconfig kube_config_rancher-cluster.yml upgrade --install rancher rancher-stable/rancher --namespace cattle-system -f values.yaml

Appropriate firewall rules should now be created. In this single-node variant, there is no need to use a load balancer and ports 80 and 443 can be released directly. Access to the Kubernetes API (6443 / TCP) should be limited to certain static IPs. All other ports should be closed. If a cluster is created, port releases must be made analogous to port requirements!