Register Rancher Prime - RKE2

Steps to register Rancher Prime RKE2 Cluster in gopaddle

Rancher Prime RKE2 cluster can be registered in gopaddle either using its public IP address or a fully qualified domain name (FQDN) or securely via a Bastion Host or a Jump server.

1. Prepare Kubernetes Environment

Port Configuration

Make sure port the cluster API server port (default 6443) is open to public.

Configure Subject Alternative Names (SAN)

Add Subject Alternative Names (SAN) on the RKE2 server TLS cert. If SAN does not exist for the API endpoint, add the below in the cluster configuration.

a) Login to the RKE2 master node.

b) Create/edit the file /etc/rancher/rke2/config.yaml file with the below configuration :

If you are using a config.yaml file in a different folder, make sure the environment variable $RKE2_CONFIG_FILE is set to the path of your custom config.yaml file.

tls-san:
  <public-ip-address> # or <fully-qualified-domain-name> 
  # <private_ip_addres> in case of bastion host configuration

c) Restart the rke2-server service

sudo systemctl restart rke2-server.service

d) Check the status of the rke2-server service and make sure it is in running state.

sudo systemctl status rke2-server.service

2. Copy Kubernetes Config file

Copy /etc/rancher/rke2/rke2.yaml in to your local desktop as kube.config

3. Validate Connection from Local Desktop Environment

Edit the server section in kube.config to point to the cluster API server public IP address or its FQDN.

apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: <cert-auth-data>
    server: https://<public-ip_or_fqdn>::<cluster_port>
  name: default
contexts:
- context:
    cluster: default
    user: default
  name: default
current-context: default
kind: Config
preferences: {}
users:
- name: default
  user:
    client-certificate-data: <client-cert-data>
    client-key-data: <client-key-data>

Verify if Kubernetes configuration works.

export KUBECONFIG=$(pwd)/kube.config
kubectl get ns

Use this kube.config file to register the cluster in gopaddle.

Set up SSH Tunnel locally to validate bastion host configuration

ssh -v -L <local_port>:<cluster_private_ip>:<cluster_port> <bastion_user>@<bastion_public_ip> -i <bastion-ssh-pem-file> -N

Eg:

ssh -v -L 6443:10.0.141.106:6443 [email protected] -i bastion.pem -N

Verify if tunnel configuration works.

export KUBECONFIG=$(pwd)/kube.config
kubectl get ns

IMPORTANT: Update the kube.config file such that the server attribute points to the private cluster IP address.

apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: <cert-auth-data>
    server: https://<private_ip>:<cluster_port>
  name: default
contexts:
- context:
    cluster: default
    user: default
  name: default
current-context: default
kind: Config
preferences: {}
users:
- name: default
  user:
    client-certificate-data: <client-cert-data>
    client-key-data: <client-key-data>

Use this kube.config file to register the cluster in gopaddle.

4. Register the Cluster in gopaddle

In the gopaddle UI, navigate to the Clusters section
Click on Add a Cluster and select Register an existing Cluster
In the Cluster registration wizard, select the Cluster Access Method as Kube Config
Choose the Cluster Provider type as Other
In the Authentication Step, upload the Kubernetes config file gathered under section "Validate Connection from Local Desktop Environment"

If you have configured a bastion host, provide the Bastion Host IP, SSH Pem file, SSH port

If you are using a Bastion Host setup, make sure the Bastion Host IP and Port are accessible publicly. If you are looking for a private only setup, get in touch with us to explore gopaddle Enterprises.

Click on Finish to register the On-premises Cluster.
If you see the error - Network Error ! ServerError: Response not successful: Received status code 503, while view the cluster resources, then check this troubleshooting section for more information.

PreviousRegister a Cluster NextRegister K3S

Last updated 1 year ago