This is the final post of the lab, we going to deploy a rancher server on the rke cluster


  • Read post 1, 2 and 3

Install Cert Manager

  1. Install the CRD's (Custom Resource Definition)
kubectl apply -f

If you want to read more about the CRD's you can read it here

2. Create the Namespace

kubectl create namespace cert-manager

3. Disable the validation on the Namespace

kubectl label namespace cert-manager

4. Remove group read capability to ./kube_config_cluster.yml

chmod 600 ./kube_config_cluster.yml

5. Add the cert manager helm repository

helm repo add jetstack

6. Update the repository

helm repo update

7. Install the cert manager chart

helm install cert-manager --namespace cert-manager --version v1.0.4 jetstack/cert-manager

8. Check that the cert manager development is working correctly with kubectl get pods (maybe you need to wait until all the three are ready)

kubectl get pods --namespace cert-manager
NAME                                       READY   STATUS    RESTARTS   AGE
cert-manager-6d87886d5c-dksvz              1/1     Running   0          2m44s
cert-manager-cainjector-55db655cd8-mzch8   1/1     Running   0          2m44s
cert-manager-webhook-6846f844ff-fq5fr      1/1     Running   0          2m44s

Install Rancher server

9. Add the rancher server chart repository to helm

helm repo add rancher-stable

10. Create a Namespace for Rancher server

kubectl create namespace cattle-system

11. Install the rancher helm chart

helm install rancher rancher-stable/rancher --namespace cattle-system --set hostname=rancher.production
you can change the hostname to your custom hostname or domain

12. Check Rancher server is running correctly (wait until the three are ready)

kubectl get pods --namespace cattle-system
NAME                       READY   STATUS    RESTARTS   AGE
rancher-6b78b4b7fd-7sqhg   1/1     Running   0          3m22s
rancher-6b78b4b7fd-9fmnh   1/1     Running   0          3m22s
rancher-6b78b4b7fd-xhklx   1/1     Running   0          3m22s

13. Now to access to the Rancher server, you need to point your domain to any of the nodes

Let's try this locally; Edit the /etc/hosts file in the operator computer to point to the first ip

nano /etc/hosts

Add this line at the end (ip) (your domain) in my case is       localhost

# The following lines are desirable for IPv6 capable hosts
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters rancher.production

14. Go to your web browser and put https://(your domain)/

You will get a warning page (depending on your browser)

Click in "Advanced..." button

And click "Accept the Risk and Continue"

After this you will get the Rancher set password page

15. Put your own admin password and accept the terms and conditions to proceed

Inside is OK if you see some red messages, like provisioning or updating, this always appears at the start

In a few minutes you will see all green, this means the cluster is updated and ready

Well done, your Rancher server with HA is working properly


To remove the cluster you can delete the charts first

Remove the cert manager

helm delete cert-manager -n cert-manage

Then the rancher server

helm delete rancher -n cattle-system

And you can remove the rke cluster, you need to have the same

rke remove