Rancher cloud-config.yml Example SSH keys in VMware vSphere nodes
If you have played around with modern Linux distributions like Ubuntu and specifically the Ubuntu cloud images, there is functionality built into new Linux distros called cloud-init that allows customizing and initializing your Linux installation. If you are using Rancher for deploying Ubuntu cloud images for Kubernetes nodes, we can use the Rancher cloud-config settings to initialize the Ubuntu nodes. It deploys cloud-init settings during the process of provisioning the Kubernetes nodes. One simple but important bit of initialization that we want to configure is providing SSH keys via cloud-init so we can connect to Rancher-controlled Ubuntu nodes. Let’s see how to do this in a Rancher cloud-config.yml Example.
What is cloud-init?
First of all, what is cloud-init? If you Google cloud-init, you will often hit on articles specific to Ubuntu. However, cloud-init is not an Ubuntu-specific technology. In fact, cloud-init is the industry standard multi-distribution method for cross-platform cloud initialization. Most hyperscaler cloud providers support cloud-init. You can use cloud-init in private cloud infrastructure and bare-metal installations.
When an instance is booted, cloud-inti will identify the environment it is running on, read metadata for configuration from the cloud, and configure/initialize the system accordingly.
Some of the configuration initialization you can perform with cloud-init include:
- Network configuration
- Storage device configuration
- Configuring SSH keys
- Customizing many other aspects of the system
Learn more about cloud-init from Canonical here:
Rancher vSphere node configuration using Cloud-config.yml
In playing around with Rancher to provision Kubernetes nodes on VMware vSphere, one of the things I initially overlooked was setting up the Ubuntu cloud image for authenticating locally using SSH keys. Why is this important? You always need to have some type of local access to your Kubernetes nodes controlled by Rancher.
If you don’t, if you run into a situation where your Kubernetes cluster becomes disconnected from Rancher control, you will be in a catch-22. You won’t be able to control the cluster using Rancher, and you won’t be able to log in locally to the nodes to troubleshoot. That is bad, and I have experienced this in the lab environment due to a dirty shutdown, or some other issue.
However, we can resolve this issue by adding SSH keys to our Rancher-controlled nodes using the cloud-config.yml file so you have a way to authenticate to your Kubernetes nodes. In that case, if you need to authenticate to the nodes and troubleshoot services, etc, you have a way to log into the nodes.
Rancher vSphere Node Template
I have written about this and created a video describing how you can configure your Rancher vSphere node template. The node template is the configuration template that tells Rancher how to authenticate to your vCenter Server, what storage to use to deploy, CPU & memory configuration, container networking, and cloud-init configuration.
For a good general overview of the vSphere Node template, read my blog post here:
Now, using the Rancher node template, we can specify cloud-init code to initialize the Rancher Kubernetes nodes as we want them to be initialized with various configuration settings. These settings include SSH keys, and other configuration settings we want to specify.
Rancher cloud-config.yml Example SSH keys
Let’s look at a Rancher cloud-config.yml Example. To get to your Node Templates configuration, navigate to Cluster Management > RKE1 Configuration > Node Templates. Then, click the ellipse to the right of the Node Template you have created. Also, you can create a new Node Template from this screen if you do not already have one.
Scroll down to the Cloud Config YAML section. Here is where you can pass in your SSH keys and other cloud-config settings.
After you have configured the Cloud-config in your Rancher Node Template, you need to specify the Node Template when you deploy a new cluster. Choosing the Node Template will ensure the cluster’s Kubernetes nodes will receive the cloud-config, cloud-init YAML as specified, including the SSH keys.
In the above Rancher cloud-config.yml Example, I am using the following configuration to specify my cloud-init to add SSH keys. Replace it with your public SSH key for your environment.
#cloud-config
users:
- name: linuxadmin
shell: /bin/bash
groups: wheel
sudo: ['ALL=(ALL) NOPASSWD:ALL']
ssh-authorized-keys:
- ssh-rsa AAAAB3NzaCU= TestingSSHKey
After deploying the Rancher Kubernetes cluster in vSphere, I can now log in to the Rancher Kubernetes nodes using the SSH key specified.
Rancher cloud-config.yml Example FAQs
- What is Rancher cloud-config.yml? The Rancher cloud-config.yml section of configuration in the Rancher Node Template defines the cloud-config settings when Rancher Nodes are deployed. It is a great way to initialize and customize the Rancher node template configuration for your specific environment.
- How do you set Rancher cloud-init SSH keys? As shown, the Rancher cloud-config.yml file should contain the #cloud-config users code block to define the username, groups, and SSH keys.
- Why should you use Rancher cloud-config.yml? It is the proper way to customize your Rancher nodes and keeps all the configuration inside Rancher which is what you want. You could customize the actual vSphere virtual machine template with the SSH keys. However, this is less desirable and less flexible than having this configuration stored inside Rancher and dynamically initialized as it provisions nodes. This way you don’t have to redeploy the VM template to change SSH keys, add, or remove the configuration.
- When is the Rancher Node Template used? It is used when customizing the Rancher Kubernetes nodes when these are deployed.
Wrapping Up
The cloud-init process is powerful when it is used during the deployment process of Kubernetes nodes in a Rancher cluster. It allows completely customizing and configuring the nodes for use in your environment. Making sure you have a way to access your Kubernetes nodes individually outside of Rancher or any other management plane provides a way to troubleshoot your nodes if these become disconnected from the cluster and you are unable to communicate with the nodes from the management side of things. Hopefully, this Rancher cloud-config.yml Example SSH keys in vSphere nodes will help show how to leverage cloud-init for configuration.
Read more of my Kubernetes posts here:
I want to use cloud config to install amazon linux machine using virtual box. May I know how do I can achieve this, Also want to install LAMP stack server while booting up the machine