# Register Rancher Prime - RKE2

Rancher Prime RKE2 cluster can be registered in gopaddle either using its public IP address or a fully qualified domain name (FQDN) or securely via a Bastion Host or a Jump server.

### 1. Prepare Kubernetes Environment

{% tabs %}
{% tab title="Public Access (Public IP / FQDN)" %}

### Port Configuration

{% hint style="info" %}
Make sure port the cluster API server port **(default 6443)** is open to public. 
{% endhint %}

### Configure Subject Alternative Names (SAN)

Add Subject Alternative Names (SAN) on the RKE2 server TLS cert. If SAN does not exist for the API endpoint,  add the below  in the cluster configuration. 

a) Login to the RKE2 master node.

b) Create/edit the file **/etc/rancher/rke2/config.yaml** file with the below configuration : 

{% hint style="info" %}
If you are using a `config.yaml` file in a different folder, make sure the environment variable **`$RKE2_CONFIG_FILE`** is set to the path of your custom **`config.yaml`** file.
{% endhint %}

```
tls-san:
  <public-ip-address> # or <fully-qualified-domain-name> 
  # <private_ip_addres> in case of bastion host configuration
  
```

c) Restart the **rke2-server** service

```
sudo systemctl restart rke2-server.service
```

d) Check the status of the **rke2-server** service and make sure it is in **running** state.

```
sudo systemctl status rke2-server.service
```

<figure><img src="https://234395929-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F5QxXxCob5M5VXQJTryRc%2Fuploads%2F12AYfmrshpd8AkxmhU5S%2FScreen%20Shot%202024-04-18%20at%201.43.29%20PM.png?alt=media&#x26;token=64bd732d-2c7e-4e5f-afb8-4995d9a99e56" alt=""><figcaption><p>RKE Server Service in running state</p></figcaption></figure>
{% endtab %}

{% tab title="Bastion Host" %}

### Port Configuration

{% hint style="info" %}
Make sure the cluster API server port (**default 6443**) is open to the Bastion host and the Bastion host / Jump server SSH port (**default 22**) is open to public.
{% endhint %}
{% endtab %}
{% endtabs %}

### 2. Copy Kubernetes Config file

Copy **/etc/rancher/rke2/rke2.yaml** in to your local desktop as **kube.config**

### 3. Validate Connection from Local Desktop Environment

{% tabs %}
{% tab title="Public Access (Public IP / FQDN)" %}

1. Edit the server section in **kube.config** to point to the cluster API server public IP address or its FQDN.&#x20;

```yaml
apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: <cert-auth-data>
    server: https://<public-ip_or_fqdn>::<cluster_port>
  name: default
contexts:
- context:
    cluster: default
    user: default
  name: default
current-context: default
kind: Config
preferences: {}
users:
- name: default
  user:
    client-certificate-data: <client-cert-data>
    client-key-data: <client-key-data>
```

2. Verify if Kubernetes configuration works.

```
export KUBECONFIG=$(pwd)/kube.config
kubectl get ns
```

3. Use this **kube.config** file to register the cluster in gopaddle.
   {% endtab %}

{% tab title="Bastion Host" %}

1. Set up SSH Tunnel locally to validate bastion host configuration

```
ssh -v -L <local_port>:<cluster_private_ip>:<cluster_port> <bastion_user>@<bastion_public_ip> -i <bastion-ssh-pem-file> -N
```

Eg:

```
ssh -v -L 6443:10.0.141.106:6443 ubuntu@34.201.100.49 -i bastion.pem -N
```

2. Verify if tunnel configuration works.

```
export KUBECONFIG=$(pwd)/kube.config
kubectl get ns
```

3. **IMPORTANT**: Update the **kube.config** file such that the server attribute points to the private cluster IP address.&#x20;

```yaml
apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: <cert-auth-data>
    server: https://<private_ip>:<cluster_port>
  name: default
contexts:
- context:
    cluster: default
    user: default
  name: default
current-context: default
kind: Config
preferences: {}
users:
- name: default
  user:
    client-certificate-data: <client-cert-data>
    client-key-data: <client-key-data>
```

3. Use this **kube.config** file to register the cluster in gopaddle.
   {% endtab %}
   {% endtabs %}

### 4. Register the Cluster in gopaddle

1. In the gopaddle UI, navigate to the **Clusters** section
2. Click on **Add a Cluster** and select **Register an existing Cluster**
3. In the Cluster registration wizard, select the **Cluster Access Method** as **Kube Config**&#x20;
4. Choose the **Cluster Provider** type as **Other**
5. In the **Authentication** Step, upload the Kubernetes config file gathered under section "Validate Connection from Local Desktop Environment"

<figure><img src="https://234395929-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F5QxXxCob5M5VXQJTryRc%2Fuploads%2ForsUeftiQosV8yii9FrM%2Fregister-cluster-authentication.png?alt=media&#x26;token=fe7ee227-c530-4855-8862-540d53f8b6bc" alt=""><figcaption><p>Upload the Kubeconfig file</p></figcaption></figure>

6. If you have configured a bastion host, provide the Bastion Host IP, SSH Pem file, SSH port

{% hint style="info" %}
If you are using a Bastion Host setup, make sure the Bastion Host IP and Port are accessible publicly. If you are looking for a private only setup, get in touch with us to  explore gopaddle Enterprises.
{% endhint %}

<figure><img src="https://234395929-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F5QxXxCob5M5VXQJTryRc%2Fuploads%2FdaVEz4heTemMf08hbHlx%2Fregister-cluster-bastion.png?alt=media&#x26;token=b4bb4be2-375b-43c8-8ce7-d77fff28f23a" alt=""><figcaption><p>Provide the Bastion Host Connection Details</p></figcaption></figure>

7. Click on **Finish** to register the On-premises Cluster.
8. If you see the error - <mark style="color:red;">**Network Error !**</mark> <mark style="color:red;"></mark><mark style="color:red;">ServerError: Response not successful: Received status code 503</mark>, while view the cluster resources, then check this [troubleshooting](https://help.gopaddle.io/troubleshooting/cluster-resource-view-issues/network-error-servererror-response-not-successful-received-status-code-503) section for more information.