Integrate the Rancher Cluster¶
This page explains how to integrate a Rancher cluster.
Prerequisites¶
- Prepare a Rancher cluster with administrator privileges and ensure network connectivity between the container management cluster and the target cluster.
- Be equipped with permissions not lower than kpanda owner.
Steps¶
Step 1: Create a ServiceAccount user with administrator privileges in the Rancher cluster¶
-
Log in to the Rancher cluster with a role that has administrator privileges, and create a file named sa.yaml using the terminal.
Press the i key to enter insert mode, then copy and paste the following content:
sa.yamlapiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: rancher-rke rules: - apiGroups: - '*' resources: - '*' verbs: - '*' - nonResourceURLs: - '*' verbs: - '*' --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: rancher-rke roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: rancher-rke subjects: - kind: ServiceAccount name: rancher-rke namespace: kube-system --- apiVersion: v1 kind: ServiceAccount metadata: name: rancher-rke namespace: kube-systemPress the Esc key to exit insert mode, then type :wq to save and exit.
-
Run the following command in the current directory to create a ServiceAccount named rancher-rke (referred to as SA for short):
The expected output is as follows:
-
Create a secret named rancher-rke-secret and bind the secret to the rancher-rke SA.
kubectl apply -f - <<EOF apiVersion: v1 kind: Secret metadata: name: rancher-rke-secret namespace: kube-system annotations: kubernetes.io/service-account.name: rancher-rke type: kubernetes.io/service-account-token EOFThe output is expected to be:
Note
If your cluster version is lower than 1.24, please ignore this step and proceed to the next one.
-
Check secret for rancher-rke SA:
The output is expected to be:
Check the rancher-rke-secret secret:
The output is expected to be:
Name: rancher-rke-secret Namespace: kube-system Labels: <none> Annotations: kubernetes.io/service-account.name: rancher-rke kubernetes.io/service-account.uid: d83df5d9-bd7d-488d-a046-b740618a0174 Type: kubernetes.io/service-account-token Data ==== ca.crt: 570 bytes namespace: 11 bytes token: eyJhbGciOiJSUzI1NiIsImtpZCI6IjUtNE9nUWZLRzVpbEJORkZaNmtCQXhqVzRsZHU4MHhHcDBfb0VCaUo0V1kifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJyYW5jaGVyLXJrZS1zZWNyZXQiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoicmFuY2hlci1ya2UiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJkODNkZjVkOS1iZDdkLTQ4OGQtYTA0Ni1iNzQwNjE4YTAxNzQiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06cmFuY2hlci1ya2UifQ.VNsMtPEFOdDDeGt_8VHblcMRvjOwPXMM-79o9UooHx6q-VkHOcIOp3FOT2hnEdNnIsyODZVKCpEdCgyozX-3y5x2cZSZpocnkMcBbQm-qfTyUcUhAY7N5gcYUtHUhvRAsNWJcsDCn6d96gT_qo-ddo_cT8Ri39Lc123FDYOnYG-YGFKSgRQVy7Vyv34HIajZCCjZzy7i--eE_7o4DXeTjNqAFMFstUxxHBOXI3Rdn1zKQKqh5Jhg4ES7X-edSviSUfJUX-QV_LlAw5DuAyGPH7bDH4QaQ5k-p6cIctmpWZE-9wRDlKA4LYRblKE7MJcI6OmM4ldlMM0Jc8N-gCtl4w
Step 2: Update kubeconfig with the rancher-rke SA authentication on your local machine¶
Perform the following steps on any local node where kubelet is installed:
-
Configure kubelet token.
For example,
kubectl config set-credentials eks-admin --token=eyJhbGciOiJSUzI1NiIsImtpZCI6IjUtNE9nUWZLRzVpbEJORkZaNmtCQXhqVzRsZHU4MHhHcDBfb0VCaUo0V1kifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJyYW5jaGVyLXJrZS1zZWNyZXQiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoicmFuY2hlci1ya2UiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJkODNkZjVkOS1iZDdkLTQ4OGQtYTA0Ni1iNzQwNjE4YTAxNzQiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06cmFuY2hlci1ya2UifQ.VNsMtPEFOdDDeGt_8VHblcMRvjOwPXMM-79o9UooHx6q-VkHOcIOp3FOT2hnEdNnIsyODZVKCpEdCgyozX-3y5x2cZSZpocnkMcBbQm-qfTyUcUhAY7N5gcYUtHUhvRAsNWJcsDCn6d96gT_qo-ddo_cT8Ri39Lc123FDYOnYG-YGFKSgRQVy7Vyv34HIajZCCjZzy7i--eE_7o4DXeTjNqAFMFstUxxHBOXI3Rdn1zKQKqh5Jhg4ES7X-edSviSUfJUX-QV_LlAw5DuAyGPH7bDH4QaQ5k-p6cIctmpWZE-9wRDlKA4LYRblKE7MJcI6OmM4ldlMM0Jc8N-gCtl4w -
Configure the kubelet APIServer information.
- {cluster-name} : the name of your Rancher cluster.
- {APIServer} : the access address of the cluster, usually refering to the IP address of the control node + port "6443", such as
https://10.X.X.X:6443.
For example,
-
Configure the kubelet context.
For example,
-
Specify the newly created context rancher-rke-context in kubelet.
-
Fetch the kubeconfig information for the context rancher-rke-context .
The output is expected to be:
```yaml apiVersion: v1 clusters: - cluster: insecure-skip-tls-verify: true server: https://77C321BCF072682C70C8665ED4BFA10D.gr7.ap-southeast-1.eks.amazonaws.com name: joincluster contexts: - context: cluster: joincluster user: eks-admin name: ekscontext current-context: ekscontext kind: Config preferences: {} users: - name: eks-admin user: token: eyJhbGciOiJSUzI1NiIsImtpZCI6ImcxTjJwNkktWm5IbmRJU1RFRExvdWY1TGFWVUtGQ3VIejFtNlFQcUNFalEifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2V
Step 3: Connect the cluster in the DCE Interface¶
Using the kubeconfig file fetched earlier, refer to the Integrate Cluster documentation to integrate the Rancher cluster to the global cluster.