Setup a Kubernetes GKE Cluster using Rancher
What is Kubernetes?
According to https://kubernetes.io/, Kubernetes, also known as K8s, is an open-source system for automating deployment, scaling, load balancing, logging. monitoring and management of containerized applications. Google originated it and donated it to the open-source community. It’s now a project of the Cloud Native Computing Foundation.
What is Google Kubernetes Engine (GKE)?
As an open-source platform, Kubernetes helps you orchestrate your container infrastructure on-premises or in the cloud. Therefore you can setup and managed your own Kubernetes platform or opt to use a managed, cloud-based Kubernetes services, such as Google Kubernetes Engine (GKE), Azure Kubernetes Service (AKS), and Amazon Elastic Kubernetes Service (EKS).
The aim of this tutorial is to take you through creating your first Kubernetes Cluster on the Google Kubernetes Engine (GKE) using Rancher.
What is Rancher?
Rancher is a software stack for managing containers. Specifically, addressing operational and security challenges of managing multiple Kubernetes clusters. It provides DevOps teams integrated tools for running containerized workloads. With Rancher you can create Kubernetes clusters with Rancher Kubernetes Engine (RKE) or cloud-based Kubernetes services, such as GKE, AKS, and EKS.
In order to continue with this tutorial it is assumed that you have already got a Rancher server instance up and running. There are many options for deploying a Rancher server, but if you haven’t already got your own Rancher server setup, you can read my post on Setting up Rancher as a Docker Container to get you up and running fast. This will help you deploy a Rancher server using Docker on a single node VM.
Creating GKE Clusters from Rancher
Rancher simplifies the creation of Kubernetes clusters by allowing you to create them through the Rancher UI.
There are multiple options for creating Kubernetes clusters through the Rancher UI, however for this tutorial I chose to set up a Kubernetes cluster in a Hosted Kubernetes Provider, like Google (Google Kubernetes Engine).
In this scenario, Rancher does not provision Kubernetes because it is installed by providers such as Google Kubernetes Engine (GKE), Amazon Elastic Container Service for Kubernetes, or Azure Kubernetes Service.
If you use a Kubernetes provider such as Google GKE, Rancher integrates with its cloud APIs, allowing you to create and manage role-based access control for the hosted cluster from the Rancher UI.
In this use case, Rancher sends a request to a hosted provider (GKE) using the provider’s API. The provider then provisions and hosts the cluster for you. When the cluster finishes building, you can manage it from your Rancher UI along with clusters you’ve provisioned that are hosted on-premises or in an infrastructure provider (eg. GKE).
Hosted Kubernetes Provider Authentication
When using Rancher to create a Kubernetes cluster hosted by a provider, you are prompted for authentication information. This information is required to access the provider’s API. To see what Kubernetes providers Rancher supports please check here.
For the purposes of this tutorial, I used Google GKE as the Kubernetes provider. In order to configure the authentication information needed by Rancher, so that it can successfully authenticate with the Google GKE APIs, you need to login to your Google GCP console and create a Google service account.
Step1: Create a Google Service Account
Before proceeding to setup the Kubernetes Cluster from your rancher server, you will need to have a Google Service Account setup for your Google Cloud Platform project (GCP Project) so that Rancher can authenticate with the GKE API. Proceed to setup your Google Service Account by following Google’s documentation here.
When creating your Google Service Account, please note that the Google Service Account will require the following roles:
Compute Viewer: roles/compute.viewer
Project Viewer: roles/viewer
Kubernetes Engine Admin: roles/container.admin
Service Account User: roles/iam.serviceAccountUser
After creating this Google Service Account you need to select the option to manage keys. Then create a new key for this service account, as you will need the private key for use in the authentication setup within Rancher.
Step2: Enable the Google Kubernetes API
Before existing your Google GCP console, you need to make sure that your particular GCP Project has the Google Kubernetes Engine API enabled. On the GCP console, navigate to the GCP Kubernetes Engine page within your project and if prompted to, enable the Kubernetes Engine API. Without this enabled you will not be able to create the Kubernetes Cluster from Rancher.
Step3: Add a Cluster in Rancher
Once you have completed the Google Service Account creation in GCP and made sure that the Google Kubernetes Engine API is enabled, then you need to return to your Rancher Server instance and follow the steps below to create your Kubernetes Cluster:
1.Login to your Rancher UI instance.
2.From the Clusters page, click Add Cluster.
3.Choose the Google Kubernetes Engine (ie Google GKE) option.
4.Enter a Cluster Name (ie the name you wish to call this Cluster)
5.Use Member Roles to configure user authorization for the cluster. Click Add Member, to add users that can access the cluster.
Use the Role drop-down to set permissions for each user.
6.Either paste your service account private key (that you created earlier in GCP when creating your Google Service Account) in the Service Account text box or Read from a file (ie. the downloaded private key on your local machine). Then click Next: Configure Nodes.
NOTE: After submitting your private key, you may have to enable the Google Kubernetes Engine API if you did not do so earlier. If prompted by the Rancher wizard, browse to the URL displayed in the Rancher UI to enable the Kubernetes Engine API.
7.Now you need to Select the Kubernetes Options for your cluster (eg. Zonal vs Regional Cluster, Http Load balancing etc). I opted to create a Zonal Cluster for this excercise (ie my Kubernetes Cluster will have all its VMs within the same region in GCP). Its important to note that because you are creating a Kubernetes Cluster from scratch, for the “Network” setting I selected Default and for the “Node Subnet” setting you must select “Auto Create Subnetwork” (as we are creating a new Cluster and therefore a new subnetwork as opposed to using an existing one).
8.Next you need to Customize your Node Options (eg. machine type, disk image, root disk type etc). For this exercise I chose 3 nodes of machine type: n1-standard-1 (1 vCPU, 3.75 GB memory).
Enabling the Auto Upgrade feature for Nodes is not recommended.
9.Select your Security Options. I selected the Google Service Account that I set up earlier and set the scope to have full access to all Google APIs.
10.Review your options to confirm they’re correct. Then click Create.
Note: it will take a few minutes for the Kubernetes Cluster to be provisioned. On the Rancher UI the status will say “Provisioning” and then change to “Active” once complete.
Congrats! You should now have a Google Kubernetes cluster provisioned and accessible via the Rancher UI.
To learn more:
- Review the options for deploying a Rancher server.
- Check out my article on Setting up Rancher as a Docker Container on a single node.
- See information on the Kubernetes providers Rancher supports.
- Check out more information on Google Kubernetes Engine (GKE).
- Read up on how to configure Google Service Accounts.
- Check the rancher documentation on Setting up Clusters from Hosted Kubernetes Providers.
- Read Rancher’s documentation on setting up GKE Clusters using Rancher.