Rancher is an an open-source multi-cluster orchestration platform that makes it easy for you to deploy and manage an application on Kubernetes cluster.
...
RKE2 – Rancher Kubernetes Engine to set up Kubernetes environment.
Rancher UI – UI to centrally manage a multi-cluster Kubernetes environment.
Longhorn – To implement distributed block storage for Kubernetes.
Prometheus including Grafana – To monitor the system and its execution environment holistically, for example, CPU usage.
Elasticsearch, Fluentd, and Kibana (EFK) – To view the logs for each microservice.
Kubernetes Event Driven Autoscaler (KEDA) – Framework that can be used for horizontal pod autoscaling.
Adeptia Connect application
...
At least three Linux VMs (to be used as master/server nodes) with internet access, each with the following minimum configuration:
RAM – 32 GB
Processor cores – 8
Hard disk – 250 GB
One Jumpbox with internet access and SSH connectivity with the Linux nodes to download, extract, and run the Playbook.
Ansible 2.12 (or higher) installed on Jumpbox.
You can install Ansible on Ubuntu OS by running the following set of commands in the same order:Code Block language powershell $ sudo apt-add-repository ppa:ansible/ansible $ sudo apt install ansible 2.12.10
...
Info |
---|
You can use the PEM file with or without passphrase protection. |
CA/self signed certificates
The following inbound ports opened on the Load Balancer and the nodes:
9345 - required for RKE2 nodes clustering
6443 - required for Kubernetes API
DNS domain load balancer for accessing Rancher UI.
DNS domain for accessing Adeptia Connect portal.
...
Info |
---|
RKE2 server (or master) will be deployed on these nodes. For HA, 3 VMs. [agents] groups re |
Code Block | ||
---|---|---|
| ||
# rke2 cluster master/server nodes #
[servers]
xxx.xx.xx.xx
xxx.xx.xx.xx
xxx.xx.xx.xx
# rke2 cluster worker/agent nodes #
[agents]
xxx.xx.xx.xx
To be deleted....
[k8s:children]
servers
agents
[servers:vars]
rke2_type=“server”
[agents:vars]
rke2_type=“agent”
[all:vars]
ansible_user={{ ssh_user }}
ansible_ssh_private_key_file={{ ssh_key_path }} |
...
Navigate to /vars in the Ansible Playbook extracted folder.
Open the general-config.yaml file.
Update the following properties.
Property | Description Give sample values |
---|---|
ssh_key_path | Name of the SSH private key (PEM) file, for example abc.pem. |
rancher_lb_domain | Domain name for Rancher. Using this domain, you can access the Rancher UI and RKE2. |
app_lb_domain | Domain name for Adeptia Connect application. Using this domain, you can access the followings:
|
rke2_token | Secret token for node registration. Provide the value for this field in vault. |
execute_static_job | Adeptia Connect installation mode. Set the value for this property to true for fresh installation and false in case you are upgrading from a lower AC v4.x environment. |
ac_ha_mode | Enable/Disable High Availability (HA) mode. Default false Possible values are:
When set to true, the application is deployed in HA mode with all microservice (except for the Listener, License, ….. ) running at least two replicas. Autoscaling wiiol be enabled by default. may aoutoscale to upto 3 replicas |
backend_db_type | Backend database type. Possible values are:
|
backend_db_url | Value for Azure SQL Database
Value for Oracle Database
Value for Azure MySQL Database
|
log_db_type | Log database type. Possible values are:
|
log_db_url | Value for Azure SQL Database jdbc:sqlserver://<DB Hostname>:<Port Number>;database=<Log Database Name> Value for Oracle Database jdbc:oracle:thin:@<hostName>:<portNumber>:<S ID<SID/ServiceName> Value for Azure MySQL Database jdbc:mysql://<hostName>:<portNumber>/<DBName>?useSSL=true |
tlsCrt | TLS signed certificate in base64 encoding (for Ingress) |
tlsKey | TLS private key of certificate in base64 encoding (for ingress) |
Steps to update vault-config.yaml
Navigate to /vars in the Ansible Playbook extracted folder.
Open the vault-config.yaml file.
Provide the sensitive information, such as RKE2 token, in the respective properties.
PropertyValue | Description Default values, |
---|---|
vault_ansible_sudo_pass | <User User defined password for Jumpbox>Jumpbox |
vault_rancher_gui_password | <User User defined password for rancher GUI>GUI |
vault_rke2_token | <User defined RKE2 token> |
vault_backend_db_username | <User defined Backend DB username> |
vault_backend_db_password | <User defined Backend DB password> |
vault_log_db_username | <User defined Log DB username> |
vault_log_db_password | <User defined Log DB password> |
Encrypting/Decrypting vault-config.yaml
Optional, when you want to use it. You can encrypt the sensitive information specified in the vault-config.yaml file by using Ansible Vault.
...
You will be prompted to provide and confirm a password for the file. Once you have confirmed the password, a message “Encryption successful” confirming the encryption will be displayed.
Make them distinguishable
View To decrypt the file, navigate to the /vars folder, and then run the following command:
...
You can run the Ansible Playbook by executing the adeptia-connect.sh shell file (with appropriate arguments) after you have fulfilled all the prerequisites. Here are the steps to run the adeptia-connect.sh file in default mode by following which all the components including RKE2, Rancher, Longhorn, Prometheus, EFK, KEDA, and Adeptia Connect get installed.
Log in to the Jumpbox.
Run the following command to set Read/Write permission on the SSH private key file (PEM):
Code Block $ chmod 0600 <pem file>
Run the following command to set executable permission on the adeptia-connect.sh shell file:
Code Block $ chmod +x adeptia-connect.sh
Run the following command to execute the shell file, adeptia-connect.sh, available in the Ansible Playbook:
Code Block $ sudo ./adeptia-connect.sh
...
Following table contains the the list of some tags and their description:
If same cluster but different namespaces for different env
Tag | Description | ||
---|---|---|---|
--tag=install-all | Installs all the components
| ||
--tag=install-basic | Installs all the components | ||
--tag=install-ac | Installs Adeptia Connect application only. | ||
--tag=install-rke2 | Installs RKE2 (server/agent) only. | ||
--tag=install-prometheus | Installs Prometheus (including Grafana) only | ||
--tag=install-efk | Installs EFK only. |
Uninstalling the Ansible Playbook
Here are the steps to uninstall all the components including RKE2, Rancher, Longhorn, Prometheus, EFK, KEDA, and Adeptia Connect.
Log in to the Jumpbox.
Run the following command to set Read/Write permission on the SSH private key file (PEM):Code Block $ chmod 0600 <pem file>
Run the following command to set executable permission on theadeptia-connect.shshell file:Code Block $ chmod +x adeptia-connect.sh
Run the following command to execute the shell file, adeptia-connect.sh, available in the Ansible Playbook:
Code Block $ sudo ./adeptia-connect.sh --tag=uninstall-all
This uninstalls all the components. If you want to install different components based on your requirement, you can use the tag argument while executing the shell file. For example, if you want to uninstall Adeptia Connect application only, run the following command:
Code Block |
---|
$ sudo ./adeptia-connect.sh --tag=uninstall-ac |
Tip |
---|
To use multiple tags, provide comma separated values as shown below:
|
Panel | ||
---|---|---|
| ||
Important! place this in install as well If you are using encrypted vault-config.yaml file, you need to pass the argument --ask-vault-pass while executing the shell file (during install or uninstall) as shown in the example below:
|
...