Skip to main content

Deploying Kubernetes With Rancher Kubernetes Engine (RKE)

What is Kubernetes?

Kubernetes is an open-source container orchestration/management platform for managing services within containers, usually Docker. It encompasses management of all layers of the infrastructure stack (compute, networking, storage, etc.) and is designed to provide service portability across various public and private cloud providers.

Why do I care? 

Personally, I'm an infrastructure operations guy in my day job and a lot of my current job duties include managing what can best be described as "traditional infrastructure" - on-premises compute, storage, networking, etc. So you may be saying "I care about storage and hypervisors, I don't care about containers and applications!" And to a point, I agree. Infrastructure is important and will always exist in some context, for sure, but the relationship between infrastructure components and applications is symbiotic - applications need infrastructure and infrastructure is pretty usually with no workload to run. A more complete understanding of how infrastructure can help applications run more efficiently doesn't sound like a bad thing.

From an application owner's perspective, (at least in my experience) they typically don't care at all about any of the infrastructure, as long as they can get the features/performance they need. I don't think anyone ever asks what flavor of RAID their AWS server has or what brand of servers they're running, they just expect a certain level of performance. To that end, I've been endeavoring to better understand enterprise applications and services to figure out how the infrastructure that I manage can fit into the puzzle.

So now what?

I run a simple Docker deployment on Ubuntu (with persistent NFS volumes via FreeNAS) in my home lab to support various mission-critical functions (read: Plex Server). But what if I want to manage multiple Docker hosts? How do I handle the networking in an easy-to-manage way? How do I handle persistent storage across multiple hosts? How would I make it easy to deploy applications in an enterprise environment? How do I recover from application failures? So many questions!

This is where Kubernetes comes in! But after reviewing the manual deployment process, it looked like there was a fairly steep learning curve with lots of new terms and acronyms. So, my advice would be to check out this Kubernetes 101 post from a Google engineer, Daniel Sanche (@DanSanche on Twitter) which I found very helpful when trying to wrap my head around the components of the Kubernetes architecture.

 Armed with a (very) basic understanding of Kubernetes and my typical "learn by tinkering" mentality, I looked for an "easy" way to deploy a on-premises Kubernetes cluster that would provide me with an environment to learn about Kubernetes. And so, I discovered Rancher Kubernetes Engine.

RKE is, essentially, a Kubernetes installer. It is designed to make rolling out a Kubernetes cluster a simple process that is driven by a single YAML file and populated with relevant information from your environment. You can find the installer at https://github.com/rancher/rke along with some good documentation on the requirements, installation, and upgrade procedures.

Once you have your Kubernetes cluster up and running, you're free to manage it from the command line or install something like Rancher to provide a graphical management plane.

Popular posts from this blog

How To: Unjoin NetApp Nodes from a Cluster

Let me paint you a word picture:

You've upgraded to a shiny new AFF - it's all racked, stacked, cabled and ready to rock. You've moved your volumes onto the new storage and your workloads are performing beautifully (of course) and it's time to put your old NetApp gear out to pasture.

We're going to learn how to unjoin nodes from an existing cluster. But wait! There are several prerequisites that must be met before the actual cluster unjoin can be done.


Ensure that you have either moved volumes to your new aggregates or offlined and deleted any unused volumes.Offline and delete aggregates from old nodes.Re-home data LIFs or disable/delete if they are not in use.Disable and delete intercluster LIFs for the old nodes (and remove them from any Cluster Peering relationships)Remove the old node's ports from any Broadcast Domains or Failover Groups that they may be a member of.Move epsilon to one of the new nodes (let's assume nodes 3 and 4 are the new nodes, in th…

ONTAP Configuration Compliance Auditing with PowerShell and Pester

I have been looking for a way to validate NetApp cluster configuration settings (once a configuration setting is set, I want to validate that it was set properly in a programmatic fashion) and prevent configuration drift (if a setting is different than its expected value, I want to know about it). I needed it to be able to scale out to dozens of clusters as well, so it needed to be something that I could run both automatically and on an ad-hoc basis if necessary.

NetApp PowerShell Toolkit

The core of the solution is the NetApp PowerShell Toolkit, without which this would likely not be possible. It contains 2300+ cmdlets for provisioning and managing NetApp storage components. It can be downloaded from the ToolChest on the NetApp MySupport site (with a valid login). You'll find exhaustive documentation there as well for each of the cmdlets along with syntax examples and sample code. It is a fantastic and easy way to automate common storage tasks - we use it in our environment for e…

Step up your HTTP security header game with NetScaler Rewrite Policies

There are a number of HTTP response headers that exist to increase web site security. If set properly, they can ensure that your site is less exposed to many common web vulnerabilities. By no means are these descriptions exhaustive, so I have included some references that can provide a more in-depth explanation at the bottom of each section. I'd also like to give a shout-out to the OWASP Secure Headers Project and Scott Helme of securityheaders.com - thank you!

Note: Screenshots are from a NetScaler VPX 12.1 - if you are running a different version, the screenshots may look different, but the logic is the same. So that I have something to bind these policies to, I've also already created a load-balancing virtual server named lb_web_ssl and a Service Group for two TurnKey LAMP servers on the back-end.

X-Frame-Options
The X-Frame-Options header is designed to guard against clickjacking (an attack where malicious content is hidden beneath a clickable button or element on a web si…