How to add a custom node in the Rancher 2.0 TP2 kubernetes cluster

Rancher is an open-source full-stack enterprise container management platform, the user in the rancher visual interface in a single click to complete all the container infrastructure (network, storage, load balancing, etc.) docking and deployment, to ensure that the container on any infrastructure (public and private cloud, virtual machine, The physical machine, etc.) runs seamlessly. All the work of using containers in a production environment can be done with simple, intuitive operation.
?
starting with Rancher 2.0, each cluster in the rancher will be based on Kubernetes. Users can take full advantage of Kubernetes's powerful performance and its rapidly growing ecosystem, and Rancher 2.0 will accelerate the popularity of kubernetes in the enterprise through a kubernetes-based, simple and intuitive user experience on the Rancher platform.
?

?
The second milestone version of Rancher 2.0 released in February 2018, Tech Preview 2, enables users to add custom nodes when creating Rke clusters. The user can either start the Rancher/agent container by running the generated Docker Run command, or add a custom node by connecting SSH to that node (the node that already has the Linux operating system and Docker configured). In this article, we'll show you how to use the Docker Run command to automatically generate commands to add nodes.
?
Note: Rancher 2.0 This release is a technical preview and is not yet suitable for production environments, it is recommended that you do not put your production workloads on top.
?
Requirements
?
? hosts that run Linux and Docker
? Install the JSON utility JQ to parse the API response
? sha256sum binary file for calculating CA certificate Checksum
?

Start Rancher Server

?
Before performing any action, we first need to start the Rancher/server container. The image of Rancher 2.0 Tech Preview 2 is Rancher/server:preview. A change from 1.6 to 2.0 is that we no longer expose port 8080. Instead, we expose ports 80 and 443, where 80 is redirected to 443 by default. You can start the container as follows:
?

docker run -d -p 80:80 -p 443:443 rancher/server:preview

?
If you want the data for this setting to persist, you can install the host volume to/Var/lib/rancher as follows:
?
docker run -d -p 80:80 -p 443:443 -v /data:/var/lib/rancher rancher/server:preview
?
Log in and create an API key
?
In rancher 1.x, authentication is not enabled by default. When the Rancher/server container is started, the user can access api/ui without any credentials. In Rancher 2.0, we use the default username and password management to enable authentication. Once logged in, we'll get an anonymous token that we can use to change the password. After changing the password, we will create an API key to perform other requests. The API key is also an anonymous token, which we call automation for automation purposes.
?
Login
?

# LoginLOGINRESPONSE=`curl -s ‘https://127.0.0.1/v3-public/localProviders/local?action=login‘ -H ‘content-type: application/json‘ --data-binary ‘{"username":"admin","password":"admin"}‘ --insecure`LOGINTOKEN=`echo $LOGINRESPONSE | jq -r .token`

?
Changing password (change password to Thisisyournewpassword)
?

# Change passwordcurl -s ‘https://127.0.0.1/v3/users?action=changepassword‘ -H ‘content-type: application/json‘ -H "Authorization: Bearer $LOGINTOKEN" --data-binary ‘{"currentPassword":"admin","newPassword":"thisisyournewpassword"}‘ --insecure

?
Creating an API Key
?

# Create API keyAPIRESPONSE=`curl -s ‘https://127.0.0.1/v3/token‘ -H ‘content-type: application/json‘ -H "Authorization: Bearer $LOGINTOKEN" --data-binary ‘{"type":"token","description":"automation"}‘ --insecure`

?

# Extract and store tokenAPITOKEN=`echo $APIRESPONSE | jq -r .token`

?
Create a cluster
Once the API key is generated, you can start creating the cluster. When creating a cluster, you have 3 options:
?
? launch a cloud cluster (Google kubernetes Engine/gke)
? Create a cluster (with our own Kubernetes installer, Rancher Kubernetes Engine)
Import an existing cluster (if you already have a kubernetes cluster, you can import it by inserting a kubeconfig file from that cluster)
?
For this article, we will use rancher Kubernetes Engine (Rke) to create a cluster. When you create a cluster, you can choose to create a new node directly when you create the cluster (by creating a node from a cloud provider like Digitalocean/amazon) or using an existing node, and have rancher connect to the node with SSH credentials. The method we discussed in this article (adding a node by running the Docker Run command) is only available after the cluster is created.
?
You can use the following command to create a cluster (your new cluster). As you can see, this contains only the parameter ignoredockerversion (ignoring the Docker version that kubernetes does not support). The rest will be the default, and we'll discuss it in a later article. Prior to this, you can discover configurable options through the UI.
?

# Create clusterCLUSTERRESPONSE=`curl -s ‘https://127.0.0.1/v3/cluster‘ -H ‘content-type: application/json‘ -H "Authorization: Bearer $APITOKEN" --data-binary ‘{"type":"cluster","nodes":[],"rancherKubernetesEngineConfig":{"ignoreDockerVersion":true},"name":"yournewcluster"}‘ --insecure`

?

# Extract clusterid to use for generating the docker run commandCLUSTERID=`echo $CLUSTERRESPONSE | jq -r .id`

?
After running the code, you should see your new cluster in the UI. Because no nodes are added, the cluster status will be "Wait for node configuration or wait for a valid configuration".
?

Assemble the Docker Run command to start Rancher/agent

?
The last part of the Add node is to start the Rancher/agent container, which will add the nodes to the cluster. To do this, we need:
?
? Proxy image coupled with rancher version
? node (ETCD and/or Control Panel and/or worker)
? can reach the address of the Rancher/server container
? The cluster token used by the agent to join the cluster
? Checksum of the CA certificate
?
You can retrieve the proxy image from the settings endpoint of the API:
?
AGENTIMAGE=``curl -s -H "Authorization: Bearer $APITOKEN" https://127.0.0.1/v3/settings/agent-image --insecure | jq -r .value
?
The role of the node, you can decide for yourself. (In this example, we will use all three roles):
?
ROLEFLAGS="--etcd --controlplane --worker"
?
The address that can reach the Rancher/server container should be self-extracting, and rancher/agent will connect to that endpoint.
?
RANCHERSERVER="https://rancher_server_address"
?
The cluster token can be retrieved from the created cluster. We saved the created Clusterid in Clusterid, and then we can use it to generate a token.
?

# Generate token (clusterRegistrationToken)AGENTTOKEN=`curl -s ‘https://127.0.0.1/v3/clusterregistrationtoken‘ -H ‘content-type: application/json‘ -H "Authorization: Bearer $APITOKEN" --data-binary ‘{"type":"clusterRegistrationToken","clusterId":"‘$CLUSTERID‘"}‘ --insecure | jq -r .token`

?
The generated CA certificate is also stored in the API and can be retrieved as follows, when you can add sha256sum to generate the checksum that we need to join the cluster.
?
# Retrieve CA certificate and generate checksum
cachecksum=curl -s -H "Authorization: Bearer $APITOKEN" https://127.0.0.1/v3/settings/cacerts --insecure | jq -r .value | sha256sum | awk ‘{ print $1 }‘
?
All the data needed to join the cluster is now available, and we just need to assemble the command.
?

# Assemble the docker run commandAGENTCOMMAND="docker run -d --restart=unless-stopped -v /var/run/docker.sock:/var/run/docker.sock --net=host $AGENTIMAGE $ROLEFLAGS --server $RANCHERSERVER --token $AGENTTOKEN --ca-checksum $CACHECKSUM"

?

# Show the commandecho $AGENTCOMMAND

?
The last Command (Echo $AGENTCOMMAND) should be like this.
?
docker run -d --restart=unless-stopped -v /var/run/docker.sock:/var/run/docker.sock --net=host rancher/agent:v2.0.2 --etcd --controlplane --worker --server https://rancher_server_address --token xg2hdr8rwljjbv8r94qhrbzpwbbfnkhphq5vjjs4dfxgmb4wrt9rpq --ca-checksum 3d6f14b44763184519a98697d4a5cc169a409e8dde143edeca38aebc1512c31d
?
After you run this command on a node, you should see it join the cluster and be configured by rancher.

Protip: These tokens can also be used directly as basic authentication, for example:
?
curl -u $APITOKEN https://127.0.0.1/v3/settings --insecure
?

Conclusion

Hopefully this article will help you achieve the first step in automating Rancher 2.0 Tech Preview 2. Rancher 2.0 Tech Preview 3 is about to be released, stay tuned!

How to add a custom node in the Rancher 2.0 TP2 kubernetes cluster