Illumina Innovates with Rancher and Kubernetes
This section explains how to configure Rancher with vSphere credentials, provision nodes in vSphere, and set up Kubernetes clusters on those nodes.
This section describes the requirements for setting up vSphere so that Rancher can provision VMs and clusters.
The node templates are documented and tested with the vSphere Web Services API version 6.5.
Before proceeding to create a cluster, you must ensure that you have a vSphere user with sufficient permissions. When you set up a node template, the template will need to use these vSphere credentials.
Refer to this how-to guide for instructions on how to create a user in vSphere with the required permissions. These steps result in a username and password that you will need to provide to Rancher, which allows Rancher to provision resources in vSphere.
It must be ensured that the hosts running the Rancher server are able to establish the following network connections:
See Node Networking Requirements for a detailed list of port requirements applicable for creating nodes on an infrastructure provider.
The free ESXi license does not support API access. The vSphere servers must have a valid or evaluation ESXi license.
This section describes how to set up vSphere credentials, node templates, and vSphere clusters using the Rancher UI.
You will need to do the following:
For details on configuring the node template, refer to the node template configuration reference.
Rancher uses the RKE library to provision Kubernetes clusters. For details on configuring clusters in vSphere, refer to the cluster configuration reference in the RKE documentation.
Note that the vSphere cloud provider must be enabled to allow dynamic provisioning of volumes.
To create a cluster, you need to create at least one vSphere node template that specifies how VMs are created in vSphere.
After you create a node template, it is saved, and you can re-use it whenever you create additional vSphere clusters.
To create a node template,
Log in with an administrator account to the Rancher UI.
From the user settings menu, select Node Templates.
Click Add Template and then click on the vSphere icon.
Then, configure your template:
The steps for configuring your vSphere credentials for the cluster are different depending on your version of Rancher.
Your account access information is in a cloud credential. Cloud credentials are stored as Kubernetes secrets.
You can use an existing cloud credential or create a new one. To create a new cloud credential,
Result: The node template has the credentials required to provision nodes in vSphere.
In the Account Access section, enter the vCenter FQDN or IP address and the credentials for the vSphere user account.
Choose what hypervisor the virtual machine will be scheduled to. The configuration options depend on your version of Rancher.
The fields in the Scheduling section should auto-populate with the data center and other scheduling options that are available to you in vSphere.
vm/
In the Scheduling section, enter:
The name/path of the Datastore to store the disks in
Depending on the Rancher version there are different options available to configure instances.
In the Instance Options section, configure the number of vCPUs, memory, and disk size for the VMs created by this template.
In the Creation method field, configure the method used to provision VMs in vSphere. Available options include creating VMs that boot from a RancherOS ISO or creating VMs by cloning from an existing virtual machine or VM template.
The existing VM or template may use any modern Linux operating system that is configured with support for cloud-init using the NoCloud datasource.
Choose the way that the VM will be created:
Library templates
OS ISO URL
Only VMs booting from RancherOS ISO are supported.
Ensure that the OS ISO URL contains the URL of the VMware ISO release for RancherOS: rancheros-vmware.iso.
rancheros-vmware.iso
Available as of v2.3.3
The node template now allows a VM to be provisioned with multiple networks. In the Networks field, you can now click Add Network to add any networks available to you in vSphere.
In order to provision nodes with RKE, all nodes must be configured with disk UUIDs.
As of Rancher v2.0.4, disk UUIDs are enabled in vSphere node templates by default.
If you are using Rancher prior to v2.0.4, refer to these instructions for details on how to enable a UUID with a Rancher node template.
The way to attach metadata to the VM is different depending on your Rancher version.
Optional: Add vSphere tags and custom attributes. Tags allow you to attach metadata to objects in the vSphere inventory to make it easier to sort and search for these objects.
For tags, all your vSphere tags will show up as options to select from in your node template.
In the custom attributes, Rancher will let you select all the custom attributes you have already set up in vSphere. The custom attributes are keys and you can enter values for each one.
Note: Custom attributes are a legacy feature that will eventually be removed from vSphere. These attributes allow you to attach metadata to objects in the vSphere inventory to make it easier to sort and search for these objects.
Optional:
Cloud-init allows you to initialize your nodes by applying configuration on the first boot. This may involve things such as creating users, authorizing SSH keys or setting up the network.
The scope of cloud-init support for the VMs differs depending on the Rancher version.
To make use of cloud-init initialization, create a cloud config file using valid YAML syntax and paste the file content in the the Cloud Init field. Refer to the cloud-init documentation. for a commented set of examples of supported cloud config directives.
Note that cloud-init is not supported when using the ISO creation method.
You may specify the URL of a RancherOS cloud-config.yaml file in the the Cloud Init field. Refer to the [RancherOS Documentation]https://rancher.com/docs/os/v1.x/en/configuration/#cloud-config) for details on the supported configuration directives. Note that the URL must be network accessible from the VMs created by the template.
Assign a descriptive Name for this template and click Create.
Refer to this section for a reference on the configuration options available for vSphere node templates.
After you’ve created a template, you can use it to stand up the vSphere cluster itself.
To install Kubernetes on vSphere nodes, you will need to enable the vSphere cloud provider by modifying the cluster YAML file. This requirement applies to both pre-created custom nodes and for nodes created in Rancher using the vSphere node driver.
To create the cluster and enable the vSphere provider for cluster, follow these steps:
Use Member Roles to configure user authorization for the cluster.
Note: If you have a cluster with DRS enabled, setting up VM-VM Affinity Rules is recommended. These rules allow VMs assigned the etcd and control-plane roles to operate on separate ESXi hosts when they are assigned to different node pools. This practice ensures that the failure of a single physical machine does not affect the availability of those planes.
Note:
If you have a cluster with DRS enabled, setting up VM-VM Affinity Rules is recommended. These rules allow VMs assigned the etcd and control-plane roles to operate on separate ESXi hosts when they are assigned to different node pools. This practice ensures that the failure of a single physical machine does not affect the availability of those planes.
Use Cluster Options to choose the version of Kubernetes, what network provider will be used and if you want to enable project network isolation. To see more cluster options, click on Show advanced options.
Add one or more node pools to your cluster.A node pool is a collection of nodes based on a node template. A node template defines the configuration of a node, like what operating system to use, number of CPUs and amount of memory. Each node pool must have one or more nodes roles assigned.
Notes: Each node role (i.e. etcd, Control Plane, and Worker) should be assigned to a distinct node pool. Although it is possible to assign multiple node roles to a node pool, this should not be done for production clusters. The recommended setup is to have a node pool with the etcd node role and a count of three, a node pool with the Control Plane node role and a count of at least two, and a node pool with the Worker node role and a count of at least two. Regarding the etcd node role, refer to the etcd Admin Guide.
Notes:
etcd
Control Plane
Worker
To make a node pool self-healing, enter a number greater than zero in the Auto Replace column. Rancher will use the node template for the given node pool to recreate the node if it becomes inactive for that number of minutes.
Note: Self-healing node pools are designed to help you replace worker nodes for stateless applications. It is not recommended to enable node auto-replace on a node pool of master nodes or nodes with persistent volumes attached, because VMs are treated ephemerally. When a node in a node pool loses connectivity with the cluster, its persistent volumes are destroyed, resulting in data loss for stateful applications.
Click Create to start provisioning the VMs and Kubernetes services.
Result:
Default
default
System
cattle-system
ingress-nginx
kube-public
kube-system
For an example of how to provision storage in vSphere using Rancher, refer to the cluster administration section.
In order to provision storage in vSphere, the vSphere provider must be enabled.
Set Cloud Provider option to Custom.
Custom
Click on Edit as YAML
Insert the following structure to the pre-populated cluster YAML. As of Rancher v2.3+, this structure must be placed under rancher_kubernetes_engine_config. In versions prior to v2.3, it has to be defined as a top-level field. Note that the name must be set to vsphere.
rancher_kubernetes_engine_config
name
vsphere
rancher_kubernetes_engine_config: # Required as of Rancher v2.3+ cloud_provider: name: vsphere vsphereCloudProvider: [Insert provider configuration]
Rancher uses RKE (the Rancher Kubernetes Engine) to provision Kubernetes clusters. Refer to the vSphere configuration reference in the RKE documentation for details about the properties of the vsphereCloudProvider directive.
vsphereCloudProvider
After creating your cluster, you can access it through the Rancher UI. As a best practice, we recommend setting up these alternate ways of accessing your cluster: