Rancher: for Secure and Consistent Deployment of Enterprise Kubernetes Clusters

Yobitel
11 min readApr 30, 2020

Rancher is a software stack used by teams for adopting containers. It enables the teams to address operational and security issues regarding the management of multiple Kubernetes clusters within any infrastructure. It also provides the DevOps teams with tools for smooth and efficient integration of containerized workloads.

Where Can Rancher Lend a Hand?

Let’s look at some scenarios where Rancher can help your enterprise in managing the challenges that your team is dealing with:

Scenario 1: Rancher supports the deployment of the application on various public cloud platforms:

Fig 1. Multi-Cluster Scenario of connecting different cloud-platforms.

Rancher enables spinning the Kubernetes clusters along different availability zones on a single platform. For example AWS or across different public clouds AWS and Azure. For a customer using the EU General Data Protection Regulation (GDPR), data needs to reside in the EU but the data from the other world is able to reside in US data centers. Rancher provides the facility to deploy the application to different parts of the world like the US and EU consistently by using the same policies, identity, and access roles. While updating the application, Rancher can push the latest version across easily. This ability is useful in disaster recovery, transferring the application in various zones when a natural disaster or a technical error brings the application down in the main location.

Scenario 2: Deployment of the different portions of the application on different clouds:

The DevOps team might encounter a situation where they are dependent on a service provided by a public cloud as the AWS Relational Database Service or Azure Cognitive Services for AI.

Fig 2. Load Balancing the workloads between AWS EKS & Azure EKS Clusters, with additional cognitive services.

Here, Rancher can run a part of the application service like the AWS EC2 or EKS. It also interacts with the AI within Azure’s AKS. Rancher enables this while managing the same policy controls and access management using the Active Directory enterprise to gate access. Rancher also monitors the health of the application within both clusters and provides a single point unified administration and management.

Scenario 3: Deployment of the application on a private cloud:

Rancher can fulfill the needs of the enterprise to store the data in a private cloud for compliance by deploying a local instance of the application. Rancher deploys the application to either a bare metal rack or a vSphere cluster in private clouds.

Fig 3. Load Balancing the workloads between Bare Metal Clusters and VMWare VSphere Clusters

Rancher also integrates the role and identity information inside the Active Directory and provides unified logging and monitoring. In case there are any changes in the compliance rules, and the enterprise wishes to migrate to a public cloud Rancher makes it much easier with only a few clicks.

Yobitel being the technology partner of Rancher for enabling Kubernetes based Unified Multi-Cluster Orchestration platform for containers from managed cluster provisioning with EKS, GKE, AKS, private bare-metal providers and to serve self-prepared Cloud-Native Applications as a containerized application catalog to its enterprise customers across the globe.

How is Rancher better than its competitors?

Rancher is better than other platforms as it aligns perfectly with each step of the container orchestration strategy.

  1. Rancher works 100% upstream on any cloud provider and can manage any Kubernetes service. This is very different from its competitors Pivotal or RedHat with its multiple benefits.
  2. One Rancher cluster has the ability to manage thousands of Kubernetes clusters. Since deployment, Rancher makes the installation process more powerful by involving software from the CNCF and other leaders in the open-source IT community.
  3. Being open-source, Rancher has millions of users giving their feedback on services and thousands of developers continuously fixing and improving it.
  4. Other community-related advantages of using Ranchers include continuous monitoring and logging using Fluentd, Kibana, Elasticsearch, and Grafana.

Fig 4: Comparison between Rancher and its competitors.

Build an Enterprise Kubernetes Strategy with the help of Rancher

Rancher is a complete full-stack enterprise that provides a centralized platform to host and deploy Kubernetes clusters on bare metal servers, VM servers, on public or private domain clouds, or at the edge. It is a 100% open-source software that is continuously updated and more importantly improved by a large community of developers. It has zero lock-ins and fits completely with multi-cluster, hybrid, and multi-cloud container orchestration strategy. For maintenance of Enterprise-grade & Production clusters, Rancher along with Yobtiel provides 24/7 support in licensed cluster management options.

Cost-free Kubernetes management platform with zero vendor lock-in

Rancher’s other significant competitors include platforms such as RedHat, VMware, and Cisco that provide Kubernetes management. Rancher stands out as it fails to add restrictive features to the application, unlike the rest who bind the service to their environment. Some platforms also insist on stacking in their own published expensive extravagant proprietary tooling. The selection of one of these platforms facilitates you to drift apart from the core of Kubernetes which makes it difficult for a service to move across various platforms thereby not complying with your requirements.

In comparison, Rancher supports all CNCF-certified Kubernetes distributions including, but not limited to, RKE and K3s. It has also integrated with popular open-source projects such as Prometheus, Grafana, Fluentd, and Istio. All of these contribute to making Kubernetes much more useful.

Not only this, if you decide to step away from Rancher, but it also provides a clean uninstallation process that enables you to manage each Kubernetes cluster completely independently.

All of the Rancher products including Rancher, RKE, and K3s are completely free and open source.

Multi-cluster Kubernetes Operations

Rancher enables you to install and configure multiple production-grade Kubernetes clusters on all platforms. Once configured, Rancher takes it upon itself to manage all various operations of the day-2 of the multi-cluster Kubernetes deployment. This includes controlling access to your cluster by using centralized RBAC. It also deploys the multi-cluster applications from its eco-system catalog. It monitors the workload health using built-in observational tools such as Prometheus and Grafana. It instantly notifies you, the user about all glitches by email, text, Slack, and PagerDuty.

Cloud-hosted Kubernetes Services

Hybrid and multi-cloud are popular in IT these days. Cloud-hosted Kubernetes services like GKE, EKS, and AKS are an efficient method to deploy and manage Kubernetes in a single cloud. However, they are silos. Rancher works in close proximity to these services while enhancing their advantages and provides the user with a centralized management platform for all possible Kubernetes distributions.

Rancher is capable of supporting a huge number of on-prem or hosted Kubernetes installations which can run on any possible certified distribution. It also applies uniform security policies, central audit logs, and monitors performance across all of them. the user can use their existing internal identity providers like Active Directory, OpenLDAP or Okta, and control access to the hybrid cluster operations.

Alongside Rancher, Yobitel being a Cloud-Native Service Provider always on the lookout for the best services and technological advancements in the cloud-native industry and in preparing 100+ Kubernetes built custom-defined cloud-native application stacks on various industry vectors.

How can a private enterprise benefit from using Rancher?

  • Rancher deploys and unites the production-grade Kubernetes clusters from the datacenter with central authentication, access control, and usability. It streamlines cluster deployment on private bare-metal data centers other than public clouds and provides security using global security policies. Using Helm or the Rancher AppCatalog to deploy and manage applications maintains multi-cluster consistency.
  • The centralized App Catalog lets the user leverage Helm for multi-cluster deployment or popular applications from the Rancher ecosystem with custom-built applications as cloud-native libraries.
  • Rancher provides consistent security policies by directly enabling the encryption provider, the configuration of audit logging, and rate-limiting. It is compliant with the best CIS benchmark practices. It allows the deployment of secure clusters using cluster templates. It also supports air-gapped environments and to build Enterprise Kubernetes Platform.
  • Rancher helps in centrally configuring security policies, auditing logs, and monitoring performance. Access can be controlled by connecting them to the internal identity provider such as Active Directory, LDAP, or Okta in On-Prem Clusters.
  • Rancher helps the DevOps in transitioning more easily by using friendly tools such as Jenkins, Gitlab, and Codefresh to build CI/CD pipelines
  • Cluster Templates. Most businesses that manage multiple clusters at any time, security is of crucial importance. Cluster templates help in reducing the risk by enabling the reinforcement of consistent cluster configurations within the infrastructure. Other advantages of a cluster template are:
  • Operators are able to create, save, and reuse Kubernetes configurations across all of their cluster deployments.
  • Administrators are able to enable configuration enforcement, and hence eliminate configuration drift or improper misconfigurations which impose more security risks with more number of clusters created.
  • Administrators can scan existing clusters using tools and identify insecure cluster settings. They can also report the same to facilitate correction.
  • Service Mesh Integration. Rancher includes the premium installation and configuration of Istio is a popular service mesh that eliminates the specific code writing to activate key Kubernetes features such as fault tolerance, canary rollouts, A/B testing, monitoring, and metrics, tracing and observability, observability authentication and authorization.
  • For Yobitel and it’s customers, Rancher provides outstanding support in providing cluster support for application integration, continuous monitoring, and in-built CNI & Service mesh workloads.

Most of the custom defined containerized cloud-native application stacks prepared for enterprise customers are hosted on public Marketplaces like Amazon AWS as Cluster Templates.

Creating a Private Container Library or Marketplace

Create a new GitHub repository:

  1. In the upper-right corner of your GitHub page, use the + drop-down menu, and select New repository.
  2. Type a short, memorable name for your repository. For example, “rancher-catalog”.
  3. Optionally, add a description of your repository. For example, “My first repository on GitHub.”
  4. Choose to make the repository either public or private. Public repositories are visible to the public, while private repositories are only accessible to you, and people you choose to share them with.
  5. Select Initialize this repository with a README.
  6. Click Create repository.

Fig 5: Creating a new repository named “rancher-catalog” on Github

Hosting Private Catalog in Ranchers

In this blog, we will use Rancher to host a Private Container Repository. One of the most popular features of the Rancher Catalog is to generate and add our own catalog repository to the Rancher system.

This is preferred for:

  • Making the deployment of your developed services more productive and repeatable.
  • Publishing the own developed services for your consumers
  • Managing the life cycle of your deployed services
  • Controlling the updates of your deployed services
  • Sharing the released services between teams

The different kinds of Catalog Repos

Presently, two kinds of Rancher Catalog repos are available:

  • Global: This catalog repo is available to all various Rancher environments.
  • Environment: This catalog repo is only available to the current Rancher environment.

Fig 6. In this image, the Rancher catalog belongs to the Environment catalog repository.

Additionally, a custom catalog can also be defined with the following:

  • Unique name
  • Repository URL:
  • Git-based catalog URL
  • Helm Charts server URL

Any user can create custom catalogs to incorporate into Rancher. The users must make sure that their catalogs are added to Rancher.

Synchronize your Github account with Rancher so that the Rancher Server is able to clone the Github repo automatically.

You can access your catalog repo packages from the Catalog > < NAME > menu.

Fig 7. In this image, we have created Yobitel as the private catalog.

Add a Private Git-based or Helm chart based Repository

  1. From the Global view, choose Tools > Catalogs in the navigation bar. In versions prior to v2.2.0, you can select Catalogs directly in the navigation bar.
  2. Click Add Catalog.
  3. Complete the form and click Create.

Fig 8. Adding a new catalog.

Fig 9. After adding the catalog, it is reflected on the catalog page

Launch and install the Application:

  1. Launch > All Catalogs > choose your private Catalog

Fig 10. Catalog Apps

  1. Install the application: Select the application from the custom repository > View Details > Launch
  2. Once the application is deployed successfully, the ports will appear on the screen with which application can be exposed in a public environment.

Fig 11. To host applications on a private browser, we use the exposed endpoints. In this image, the spark application can be hosted on the browser using exposed endpoints.

Fig 12. The spark dashboard.

Fig 13. Sonarqube example, the endpoints here expose the application on a private browser.

Fig 14. The sonarqube dashboard.

Summary

Rancher is an open-source container management software used for easy deployment and management of containers in development and production. Rancher helps the organization to accelerate all aspects of software development like runtime and orchestration, provides enhanced security features, and image management. At Yobitel we constantly collaborate with the industry’s most trusted partners and we are partners with Rancher due to its dynamic, flexible, and diverse clientele and after having served over 1.2M users successfully.

Additionally, Yobitel provides best-in-class Cloud-Native infrastructure to maintain the highly available clusters as a predefined solution by collaborating with multiple CNCF Partners using Rancher as the interactive Web-API medium to connect appropriate services to data management systems.

Its features include:

  • It has an easy to use, straightforward interface for management of applications.
  • It provides a selection of multiple container orchestration frameworks Kubernetes and Docker Swarm which lets the DevOps teams choose the best and also maintain a single management experience.
  • It implemented a cloud-agnostic infrastructure services layer that works for all public or private clouds. It provides a uniform, consistent storage service available on all computing resources.
  • It allows higher visibility, better policy management, and authorizes more control of containers and infrastructure across different teams.
  • It enables better deployment reliability, supports software upgrades, and improves resource utilization.

References

For more details on cloud-native information, please refer to Yobitel Communications.

Also refer to:

--

--

Yobitel

Yobitel a Cloud-Native SaaS Multi-Cluster Containerized Serverless Application Services Provider.