Continental Innovates with Rancher and Kubernetes
In this section, you’ll learn how to use Rancher to install an RKE Kubernetes cluster in Amazon EC2.
First, you will set up your EC2 cloud credentials in Rancher. Then you will use your cloud credentials to create a node template, which Rancher will use to provision new nodes in EC2.
Then you will create an EC2 cluster in Rancher, and when configuring the new cluster, you will define node pools for it. Each node pool will have a Kubernetes role of etcd, controlplane, or worker. Rancher will install RKE Kubernetes on the new nodes, and it will set up each node with the Kubernetes role defined by the node pool.
Note: Rancher v2.4.6 and v2.4.7 had an issue where the kms:ListKeys permission was required to create, edit, or clone Amazon EC2 node templates. This requirement was removed in v2.4.8.
kms:ListKeys
The steps to create a cluster differ based on your Rancher version.
Result: You have created the cloud credentials that will be used to provision nodes in your cluster. You can reuse these credentials for other node templates, or in other clusters.
Creating a node template for EC2 will allow Rancher to provision new nodes in EC2. Node templates can be reused for other clusters.
Add one or more node pools to your cluster. For more information about node pools, see this section.
Result:
Your cluster is created and assigned a state of Provisioning. Rancher is standing up your cluster.
You can access your cluster after its state is updated to Active.
Active clusters are assigned two Projects:
Default
default
System
cattle-system
ingress-nginx
kube-public
kube-system
After creating your cluster, you can access it through the Rancher UI. As a best practice, we recommend setting up these alternate ways of accessing your cluster:
{ "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "ec2:AuthorizeSecurityGroupIngress", "ec2:Describe*", "ec2:ImportKeyPair", "ec2:CreateKeyPair", "ec2:CreateSecurityGroup", "ec2:CreateTags", "ec2:DeleteKeyPair" ], "Resource": "*" }, { "Sid": "VisualEditor1", "Effect": "Allow", "Action": [ "ec2:RunInstances" ], "Resource": [ "arn:aws:ec2:REGION::image/ami-*", "arn:aws:ec2:REGION:AWS_ACCOUNT_ID:instance/*", "arn:aws:ec2:REGION:AWS_ACCOUNT_ID:placement-group/*", "arn:aws:ec2:REGION:AWS_ACCOUNT_ID:volume/*", "arn:aws:ec2:REGION:AWS_ACCOUNT_ID:subnet/*", "arn:aws:ec2:REGION:AWS_ACCOUNT_ID:key-pair/*", "arn:aws:ec2:REGION:AWS_ACCOUNT_ID:network-interface/*", "arn:aws:ec2:REGION:AWS_ACCOUNT_ID:security-group/*" ] }, { "Sid": "VisualEditor2", "Effect": "Allow", "Action": [ "ec2:RebootInstances", "ec2:TerminateInstances", "ec2:StartInstances", "ec2:StopInstances" ], "Resource": "arn:aws:ec2:REGION:AWS_ACCOUNT_ID:instance/*" } ] }
{ "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "ec2:AuthorizeSecurityGroupIngress", "ec2:Describe*", "ec2:ImportKeyPair", "ec2:CreateKeyPair", "ec2:CreateSecurityGroup", "ec2:CreateTags", "ec2:DeleteKeyPair" ], "Resource": "*" }, { "Sid": "VisualEditor1", "Effect": "Allow", "Action": [ "iam:PassRole", "ec2:RunInstances" ], "Resource": [ "arn:aws:ec2:REGION::image/ami-*", "arn:aws:ec2:REGION:AWS_ACCOUNT_ID:instance/*", "arn:aws:ec2:REGION:AWS_ACCOUNT_ID:placement-group/*", "arn:aws:ec2:REGION:AWS_ACCOUNT_ID:volume/*", "arn:aws:ec2:REGION:AWS_ACCOUNT_ID:subnet/*", "arn:aws:ec2:REGION:AWS_ACCOUNT_ID:key-pair/*", "arn:aws:ec2:REGION:AWS_ACCOUNT_ID:network-interface/*", "arn:aws:ec2:REGION:AWS_ACCOUNT_ID:security-group/*", "arn:aws:iam::AWS_ACCOUNT_ID:role/YOUR_ROLE_NAME" ] }, { "Sid": "VisualEditor2", "Effect": "Allow", "Action": [ "ec2:RebootInstances", "ec2:TerminateInstances", "ec2:StartInstances", "ec2:StopInstances" ], "Resource": "arn:aws:ec2:REGION:AWS_ACCOUNT_ID:instance/*" } ] }
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "kms:Decrypt", "kms:GenerateDataKeyWithoutPlaintext", "kms:Encrypt", "kms:DescribeKey", "kms:CreateGrant", "ec2:DetachVolume", "ec2:AttachVolume", "ec2:DeleteSnapshot", "ec2:DeleteTags", "ec2:CreateTags", "ec2:CreateVolume", "ec2:DeleteVolume", "ec2:CreateSnapshot" ], "Resource": [ "arn:aws:ec2:REGION:AWS_ACCOUNT_ID:volume/*", "arn:aws:ec2:REGION:AWS_ACCOUNT_ID:instance/*", "arn:aws:ec2:REGION:AWS_ACCOUNT_ID:snapshot/*", "arn:aws:kms:REGION:AWS_ACCOUNT_ID:key/KMS_KEY_ID" ] }, { "Effect": "Allow", "Action": [ "ec2:DescribeInstances", "ec2:DescribeTags", "ec2:DescribeVolumes", "ec2:DescribeSnapshots" ], "Resource": "*" } ] }