MooCow — Rancher on GCP
Today we are looking at containerization with Rancher and Google Cloud Platform (GCP). As well, we introduce a supported Rancher stack.
There are important caveats to getting rancher up and running on Google Cloud Platform:
- Database Version Conflict
(Rancher — MySQL 5.5/Cloud SQL — MySQL5.7) - Ingress Health Checks
(Rancher — 401/GCLB — 200) - Possibly Others….
We will solve these issues as we advance through our setup, which is:
- Google Container Engine (GKE) — Rancher Server Instances
- Google Cloud SQL — Rancher Server Database
- Google Compute Engine (GCE) — Rancher Cattle / Host Nodes
- Google Cloud Load Balancing — Public Access
First we start off by running Rancher locally, and mounting the database to a local volume on the host /tmp/rancher.
docker run -v /tmp/rancher>:/var/lib/mysql -p 8080:8080 rancher/serverThis will startup rancher server and create a database in our local volume.
After a few minutes you can see the admin panel http://localhost:8080/.
From here we exec into our container using Kitematic and export the database.
mysqldump -u cattle -p cattle > /var/lib/mysql/rancher.sqlNOTE: database, username and password are: cattle
Once the database has been exported we can shutdown the local rancher container.
Next we need to upload our exported SQL database. Boot up a Google Cloud SQL instance using MySQL 5.7 we are naming our instance livestock-1. Import the sql database from our local export, and add a user which will be used to access the database from our server instance.
This completes most of the work on our database, on to the server!
To host the Rancher server boot a cluster within Google Container Engine, codename farm-1. Once the cluster is up, add the Cloud SQL user account credentials as a secret to k8s. The containers assume the credentials will be available as an environment variable.
From here we deploy the Rancher server container as well as a proxy which will give access to our Cloud SQL server from containers within the pod.
Pod is a collection of containers which are (re)started as a group.
Edit the deployment/rancher.yaml file with the appropriate changes for your environment.
kubectl create -f ./deployment/rancher.yamlThis will deploy our Rancher server and after a minute will be ready to receive requests. Check the pod logs for any errors.
Now we are ready to expose our Rancher server to the public, there are multiple options for this.
For our usage we have decided to go with a Kubernetes Ingress. This will allow us to do SSL termination and Host mapping in the future.
Deploy a NodePort which will expose our Rancher server on each node within our cluster using the same high number port.
kubectl create -f ./service/rancher-nodeport.yamlThen we direct our incoming port to our container port.
kubectl create -f ./ingress/rancher-ingress.yamlThe final forwarding looks like this:
Incoming Port -> Random High Port -> Container Port- or -Ingress -> NodePort -> Pod
In an ideal world our Rancher server is now accessible from anywhere. However, Ingress is still a beta feature and does not yet expose the readinessProbe of our container correctly.
This means that once authorization has been enabled within our server our Ingress will fail to function as per current limitations. This is because Rancher serves a 401 status code until you are logged in. The Ingress requires that applications serve a 200 status code for the / application path.
In order to get the Ingress working we need to manually adjust the generated Health Checks that were created by the Ingress. Rancher server will give a 200 status code for the /ping path, so lets update it to use that instead of the default.
After a few minutes the Ingress will update and the health status will change to HEALTHY.
You can check the ingress and watch it’s progress with kubectl.
kubectl describe ing rancher-ingressFrom here on you should have no problems using Rancher server or registering hosts.
We use RancherOS to deploy our hosts, the nice folks over at Rancher already put together a guide on how to run RancherOS on GCE.
If you are looking for a supported Rancher installation, contact us www.degree9.io
