← Back to containers tools

Rancher

DevOpscontainersKubernetesmulti-clustermanagement platformSUSEorchestration

DevOps Tool

Rancher

Overview

Rancher is a multi-cluster Kubernetes management platform that provides centralized management of multiple Kubernetes clusters with enterprise-level operations, security, and governance.

Details

Rancher is a multi-cluster Kubernetes management platform developed by Rancher Labs (now SUSE). Started in 2014 as a container orchestration platform supporting Docker Swarm and Apache Mesos, it now specializes in Kubernetes. Its key feature is unified management of multiple Kubernetes clusters (on-premises, public cloud, edge) from a single Web UI. It integrates cluster provisioning, application catalog, monitoring, log management, backup, and security policy management, with powerful multi-tenant environment permission management. Built-in features include GitOps workflows, Helm Chart management, Prometheus/Grafana integration, and disaster recovery. Following SUSE acquisition (2020), it maintains its open-source status and remains positioned as a core project in the CNCF landscape. Growing due to complex multi-cluster environment management demand, it contributes to Kubernetes governance enhancement in finance, manufacturing, and government sectors.

Advantages and Disadvantages

Advantages

  • Multi-cluster management: Unified operations across multiple environments
  • Intuitive Web UI: Visual management without command line requirements
  • Cluster provisioning: One-click Kubernetes cluster creation
  • Integrated monitoring: Built-in Prometheus, Grafana, Alertmanager
  • Application catalog: Helm Chart management and app store
  • Security management: RBAC, Pod Security Policy, network policies
  • Disaster recovery: Automatic backup and cluster recovery features
  • Multi-tenancy: Project-based permission management

Disadvantages

  • Complexity: High learning cost due to extensive features
  • Resource consumption: Management plane overhead
  • Vendor dependency: Some dependency on SUSE ecosystem
  • Updates: Complex management of Rancher and cluster versions
  • Customization: Risk of deviation from standard Kubernetes
  • Performance: Response performance when managing many clusters
  • Migration cost: Migration work from existing Kubernetes environments
  • Troubleshooting: Difficulty resolving Rancher-specific issues

Key Links

Code Examples

Rancher Server Installation

# Using Docker (single node)
docker run -d --restart=unless-stopped \
  -p 80:80 -p 443:443 \
  --privileged \
  --name rancher-server \
  rancher/rancher:latest

# Using Helm (Kubernetes cluster)
helm repo add rancher-stable https://releases.rancher.com/server-charts/stable
kubectl create namespace cattle-system

# SSL certificate setup (Let's Encrypt)
kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.11.0/cert-manager.yaml

helm install rancher rancher-stable/rancher \
  --namespace cattle-system \
  --set hostname=rancher.example.com \
  --set ingress.tls.source=letsEncrypt \
  --set [email protected]

Cluster Creation (Custom)

# Rancher agent execution command (run on each node)
sudo docker run -d --privileged --restart=unless-stopped \
  --net=host -v /etc/kubernetes:/etc/kubernetes \
  -v /var/run:/var/run rancher/rancher-agent:v2.7.0 \
  --server https://rancher.example.com \
  --token <cluster-token> \
  --ca-checksum <ca-checksum> \
  --etcd --controlplane --worker

Project and Namespace Management

# project.yaml
apiVersion: management.cattle.io/v3
kind: Project
metadata:
  name: development-project
  namespace: cluster-id
spec:
  clusterId: cluster-id
  displayName: "Development Environment"
  description: "Development team workspace"
  
---
# namespace.yaml
apiVersion: v1
kind: Namespace
metadata:
  name: dev-apps
  annotations:
    field.cattle.io/projectId: "cluster-id:development-project"
  labels:
    field.cattle.io/projectId: "development-project"

App Catalog Deployment

# mysql-app.yaml
apiVersion: catalog.cattle.io/v1
kind: App
metadata:
  name: mysql-database
  namespace: dev-apps
spec:
  projectName: development-project
  targetNamespace: dev-apps
  externalId: catalog://?catalog=library&template=mysql&version=1.6.9
  values:
    mysqlRootPassword: "root-password"
    mysqlUser: "app-user"
    mysqlPassword: "app-password"
    mysqlDatabase: "application-db"
    persistence:
      enabled: true
      size: "10Gi"
      storageClass: "default"

Global DNS Configuration

# global-dns.yaml
apiVersion: management.cattle.io/v3
kind: GlobalDns
metadata:
  name: example-dns
spec:
  fqdn: "app.example.com"
  providerId: "cloudflare-provider"
  projectIds:
    - "cluster-id:development-project"
    - "cluster-id:production-project"
  multiClusterAppId: "multi-cluster-app"

Monitoring Configuration

# monitoring-config.yaml
apiVersion: management.cattle.io/v3
kind: MonitorMetric
metadata:
  name: cpu-usage-alert
  namespace: cattle-monitoring-system
spec:
  clusterId: cluster-id
  expression: |
    (1 - avg(rate(node_cpu_seconds_total{mode="idle"}[5m]))) * 100
  description: "CPU usage percentage"
  threshold: 80
  comparison: "greater-than"
  duration: "5m"
  severity: "warning"

Pipeline Configuration (GitOps)

# pipeline.yaml
apiVersion: project.cattle.io/v3
kind: Pipeline
metadata:
  name: web-app-pipeline
  namespace: dev-apps
spec:
  projectId: "cluster-id:development-project"
  sourceCodeConfig:
    sourceCodeCredentialName: "github-credential"
    sourceCodeCredentialNamespace: "dev-apps"
  stages:
    - name: "Build"
      steps:
        - sourceCodeConfig:
            branchCondition: "only"
            branch: "main"
          runScriptConfig:
            image: "node:16"
            shellScript: |
              npm ci
              npm run build
              docker build -t myapp:${CICD_BUILD_NUMBER} .
    - name: "Deploy"
      steps:
        - applyYamlConfig:
            path: "./k8s/deployment.yaml"
            sourceCodeConfig:
              branchCondition: "only" 
              branch: "main"

RBAC Configuration

# rbac.yaml
apiVersion: management.cattle.io/v3
kind: GlobalRole
metadata:
  name: developer-role
rules:
- apiGroups: [""]
  resources: ["pods", "services"]
  verbs: ["get", "list", "create", "update", "patch", "delete"]
- apiGroups: ["apps"]
  resources: ["deployments", "replicasets"]
  verbs: ["get", "list", "create", "update", "patch", "delete"]

---
apiVersion: management.cattle.io/v3
kind: GlobalRoleBinding
metadata:
  name: developer-binding
subjects:
- kind: User
  name: "[email protected]"
globalRoleName: "developer-role"

Backup Configuration

# backup-config.yaml
apiVersion: resources.cattle.io/v1
kind: Backup
metadata:
  name: daily-backup
  namespace: cattle-resources-system
spec:
  resourceSetName: "rancher-resource-set"
  schedule: "0 2 * * *"  # Daily at 2 AM
  retentionCount: 7
  storageLocation:
    s3:
      credentialSecretName: "s3-credentials"
      credentialSecretNamespace: "cattle-resources-system"
      bucketName: "rancher-backups"
      region: "us-west-2"
      folder: "cluster-backups"

CLI Operations

# Install Rancher CLI
curl -sL "https://github.com/rancher/cli/releases/download/v2.7.0/rancher-linux-amd64-v2.7.0.tar.gz" | tar xz
sudo mv rancher-v2.7.0/rancher /usr/local/bin/

# Login
rancher login https://rancher.example.com --token <api-token>

# Cluster operations
rancher clusters ls
rancher context switch <cluster-name>
rancher kubectl get nodes

# Project operations
rancher projects ls
rancher projects create development-env

# App management
rancher apps ls
rancher apps install cattle-global-data:library-mysql mysql-app \
  --answers mysqlRootPassword=password \
  --namespace dev-apps

# Monitoring
rancher kubectl top nodes
rancher kubectl top pods --all-namespaces