How one can use Rancher in Kubernetes

0
78



How one can use Rancher in Kubernetes

Container Safety

Creator Chuck Losh units up a check deployment of Rancher to “reign in” his native check Docker-Desktop Kubernetes cluster, then units up a personal helm catalog to deploy Development Micro Cloud One Container Safety parts
By: Chuck Losh

February 12, 2021

Learn time:  ( phrases)

Hey all! Blissful Friday-eve! I wished to share with you some private experiments I used to be attempting out with Rancher. Rancher is a extremely cool technique to handle your Kubernetes Clusters! It was very easy to setup! I additionally wished to see how I might do a helm primarily based deployment with Rancher and deploy some Development Micro Cloud One Container Safety merchandise as nicely. So, be part of me in my journey the place I arrange a check deployment of Rancher to “reign in” my native check Docker-Desktop Kubernetes cluster. I will even setup a personal helm catalog in Rancher to deploy Development Micro Cloud One Container Safety parts!
To get began with these experiments, I setup a brand new Ubuntu Linux Digital Machine on my laptop computer utilizing Hyper-V Supervisor. You possibly can see that right here beneath for illustrative functions!

Subsequent, I went by way of the Rancher set up course of in terminal. Professional-Tip Alert! Observe: you will want Docker put in previous to working the Rancher set up.
sudo docker run –privileged -d –restart=unless-stopped -p 80:80 -p 443:443 rancher/rancher

Okay, so let’s examine if I can logon to Rancher within the browser! Yep I can! I’m now capable of setup my preliminary password, and in addition select the choice that I wish to create and/or handle a number of Kubernetes clusters.
Helps additionally if my passwords match! Doh!

As soon as logged in, I can add my native Docker-Desktop Kubernetes cluster to Rancher to be managed on level!

If I click on the add cluster button in Rancher, I get my choices exhibited to do precisely simply that by utilizing the corresponding kubectl command. Awesomeness!

Right here you may see me utilizing the “self-signed” certificates kubectl possibility working in Git Bash. The output show reveals that my Docker-Desktop Kubernetes cluster has been efficiently added to Rancher!

Let’s examine in on Rancher and see if the Docker-Desktop Kubernetes cluster reveals up on the net console now.

Yep, it’s now imported! I can now get standing data on the Kubernetes cluster, create namespaces, change settings, and concern deployments amongst a whole lot of different issues. Right here is an instance of standing data beneath utilizing Cluster Explorer. Actually cool dashboard!

Okay, so for starters I wish to check out a helm primarily based deployment now that my cluster is managed by Rancher. I made a decision set out on that journey by utilizing the Apps and Market possibility in Cluster Supervisor proven right here.

That is the place you may create your very personal non-public helm chart repository! I added the Development Micro Deep Safety Good Verify helm chart repository from GitHub proven right here. That is so I can add and deploy a Container Picture Scanner by way of Rancher into my native check Docker-Desktop Kubernetes Cluster.

When you add the helm chart repository from supply (GitHub), I now have a repository that I can deploy from and it’s displaying in an energetic state!

Okay, so now let’s go forward and concern a deployment of stated helm chart. If I’m going to the charts part. I’ve the flexibility to filter, choose, and deploy the non-public helm chart that I imported!

On the deployment display, I’ve the flexibility to view the small print of the chart and alter configuration values such because the namespace I wish to deploy to, and different values that I can change within the values.yaml file that the creator has allowed me to vary.

As soon as I’ve my namespace chosen and configuration values that I would like setup, I can go forward and kick off the deployment.

You possibly can monitor your deployments in real-time within the Rancher console. Which is approach cool!

We will see that it has been deployed efficiently right here and prepared for me to logon to the Container Picture Scanner. I can even see my newly created containers working on my Kubernetes cluster on the Docker-Desktop.

Let me see if I can entry the newly deployed software…

I can! Development Micro Deep Safety Good Verify answer is primed and able to go!
I can log in and add my Container Registries to be scanned.

Okay, so what if I wish to register my Development Micro Deep Safety Good Verify scanner to Development Micro Cloud One Container Safety? That is a very good one/two mixture, proper? I can try this by updating the helm chart I simply deployed with an related API Key. To get the API Key, I’m going forward and signal into Development Micro Cloud One Container Safety console.

I click on the add new scanner button underneath the scanners part to register a brand new Container Picture Scanner.

As soon as I identify it accordingly, I must be offered with an API key that I can seize and add/replace to my helm chart deployment and create a brand new launch from proper from inside Rancher!
You possibly can see me doing that right here on the next screens.

Okay, now that the improve is accomplished on the helm deployment a brand new launch has occurred. Let me try to scan a few of my Container Photos that I added in my Azure Container Registry, and see if I can now get these scan outcomes despatched to my Development Micro Cloud One Container Safety account.
What sorcery is that this???
Yep! Seems to be just like the the deployment improve was profitable. I’m now getting scanner data despatched to Development Micro Cloud One Container Safety.

So, as outcomes are available from the Development Micro Deep Safety Good Verify scanner they are going to be despatched to Development Micro Cloud One Container Safety console. Very cool!!

So, what can I do with the combination?
I can use these outcomes to make coverage primarily based choices with the Development Micro Cloud One Container Safety Admission Controller. I can deploy an admission Controller inside my Docker-Desktop Kubernetes cluster to offer data on which deployments are being despatched to the cluster and what’s allowed and never allowed. Equivalent to what pictures have been “scanned” or “not scanned”.
Let’s go forward and setup one other helm chart repository for the policy-based Admission Controller element.
First, off, the place can we get our palms on the helm chart? Properly, in your comfort its up on GitHub. Let’s “lasso” that chart in a brand new helm repository in Rancher!

Let’s log again on to Rancher to set that up.

Proven beneath, I’m establishing a brand new helm chart repository in Rancher for stated Admission Controller. I hyperlink within the GitHub showcased above to load the chart into Rancher.

Okay, now I can see that new chart repository for Development Micro Cloud One Container Safety Admission Controller is now onboarded.

Okay, superior! So, now I would like to enter my Development Micro Cloud One Container Safety console to register a brand new Admission Controller and generate an related API Key.
I try this by clicking the Add Cluster button. I identify it accordingly. Proper now we’ll depart the Admission Coverage unselected. We’ll get to that quickly! All in good time!

The very subsequent display will show my API Key from my Development Micro Cloud One Container Safety console. This can be utilized for my helm deployment in Rancher. Yesssss!

Okay, so again to my Cluster Supervisor in Rancher, underneath charts, I can choose my newly imported Container Safety chart and select a Kubernetes namespace to deploy to. I additionally go to the values yaml part and paste in my API Key to register the Admission Controller to the Development Micro Cloud One Container Safety console. Similar to I did with the Container Picture Scanner element.

After clicking Set up……We see right here within the Rancher output that the helm deployment was profitable to my check cluster.

Let’s return to the Development Micro Cloud One Container Safety console and setup an Admission Coverage to be assigned to the Admission Controller.

Right here underneath the Admission Polices part I created a brand new check coverage for Rancher and my Docker-Desktop Kubernetes cluster.
I set it to Log as a substitute of Block only for monitoring/testing functions. That approach upon a detected violation it (Container Safety) will simply inform me what “it might do” and the rationale why.
Different issues I added to the coverage resolution choices had been to not permit “un-scanned” pictures into the cluster and “scanned” pictures with malware. Two vital issues proper off the bat!

Okay, cool! Properly, after assigning coverage I began getting Admission Management occasions displaying up within the Development Micro Cloud One Container Safety console! Huzzah!
I even examined a brand new deployment in Rancher by deploying a container picture jenkins/jenkins:newest as a check.
Which that picture will not be in my present Azure Container Registry and has not been scanned by the Container Picture Scanner. It picked that up and logged it accordingly! Since I presently set the motion to Log, it might have made the willpower to “block” as proven right here! Very cool! That’s meant conduct and in addition offering me data on admission occasions to the Docker-Desktop Kubernetes cluster in real-time!

Tags

sXpIBdPeKzI9PC2p0SWMpUSM2NSxWzPyXTMLlbXmYa0R20xk