Feedback

Chat Icon

End-to-End Kubernetes with Rancher, RKE2, K3s, Fleet, Longhorn, and NeuVector

The full journey from nothing to production

Understanding How Rancher Imports Clusters
25%

How a Cluster is Imported

When you run the command provided by Rancher, it will deploy the cattle-cluster-agent in your cluster. This agent is responsible for managing the cluster resources and communicating with the Rancher Manager. However, there are other steps and resources involved in the process. The process can be subdivided into 5 main steps.

  • 1. Import Attempt: Initially, the Rancher-provided import YAML file is applied to the Kubernetes cluster using kubectl. This file contains the configuration needed to connect the cluster to Rancher.

  • 2. TLS Certificate Verification: The operation may fail if the Rancher Manager is using a self-signed or untrusted SSL certificate, but this can be bypassed by using the curl command with the --insecure flag. When the certificate is trusted, the fetched configuration is then applied to the cluster.

  • 3. Resource Creation: The import process creates essential resources in the cluster. These resources are described later in this section. However, the most important resource, in our context, is the cattle-cluster-agent, which facilitates communication between the cluster and Rancher.

  • 4. Connection Established: Once the cattle-cluster-agent is deployed and operational, the Kubernetes cluster becomes connected to Rancher and is manageable from the Rancher UI.

  • 5. Lifecycle Management: Rancher can now manage and perform operations on the cluster. The agent actively listens for instructions from the Rancher Manager. In another section, we will understand how Rancher agents work.

Back to the resources created in the cluster; the import process creates the following resources:

  • Namespace (cattle-system): Rancher-specific resources are isolated in this namespace to separate them from other workloads.

  • ClusterRole (proxy-clusterrole-kubeapiserver): Rancher creates this role to grant permissions to access and interact with Kubernetes nodes, such as metrics, logs, and proxying, with actions like get, list, watch, and create.

  • ClusterRoleBinding (proxy-role-binding-kubernetes-master): This is what binds the proxy-clusterrole-kubeapiserver role to the kube-apiserver

End-to-End Kubernetes with Rancher, RKE2, K3s, Fleet, Longhorn, and NeuVector

The full journey from nothing to production

Enroll now to unlock all content and receive all future updates for free.

Unlock now ($35.00) Learn More
Previous Next