[SOLVED: Scroll to my third post on this thread for the exact manual procedure I used to create an AWS Kubernetes environment through my Rancher server console.]
Although there is a Catalog section on the /admin/settings page of the rancher console, there is no Catalog tab that I can find. Both the Rancher Certified Library and the Community Contributed catalogs are enabled on the /admin/settings page.
Our entire rancher infrastructure is deployed in the private subnet of our Amazon VPC (very similar to Deploying Rancher into a private subnet of an AWS VPC). Is it possible that this setup has broken access to the Rancher Catalog in some way. We are using Rancher-v1.4.1, Docker 1.12.6, and RancherOS v0.8.1. We created a Kubernetes environment and added a couple of hosts, which are also EC2 instances in the private subnet. There are NAT gateways defined for each private subnet, and the routing works. We provide access to our team through an OpenVPN server running in a public subnet of our Amazon VPC. The rancher server web console has a 10.101.x.y private IP address, but it is reachable after we connect the OpenVPN tunnel form our laptops.
I was confused between the default Cattle environment and the Kubernetes environment that I wanted to create. I found that the rancher 1.4.1 documentation is somewhat scattered. But I have a reproducible instructions. In the first section, notice that I am not using the default Kubernetes template, since that won’t use the AWS cloud provider. Adding a new template seems to be a shortcut into the catalog.
This is the detailed checklist for the initial configuration of our Rancher/Kubernetes/AWS:
Prepare AWS IAM policies, for a User and an InstanceProfile
A User in a Group with necessary policy permissions for creating EC2s. This User is only used to supply API keys for launching an EC2 host.
A Role (with an Instance Profile) with necessary policy permissions for ELB, ECR, etc. This InstanceProfile is assigned to every EC2 host. Without these policy permissions, your AWS cloud provider will fail when Kubernetes needs to launch an ELB, access an ECR, etc.
Add “AWS Kubernetes” Template
Navigate to Default > Manage Environments
Click to “Add Template”
Name: AWS Kubernetes
Description: AWS cloud provider for Kubernetes Template
Orchestration: select Kubernetes
Click to “Edit Config”
Choose a version: v1.5.2-rancher1-4
Name: AWS Kubernetes
Cloud provider: aws
Click “Configure” at bottom of screen
Click “Create” at bottom of screen
Add “AWS-K8s” Environment
Navigate to Default > Manage Environments
Click to “Add Environment”
Name: AWS-K8s
Description: Kubernetes Environment with AWS cloud provider
Environment Template: select AWS Kubernetes
[DON’T SELECT PLAIN: Kubernetes !!!]
Click “Create” at bottom of screen
Make “AWS-K8S” the default environment
Find the “Default” row in the Environments section
Select “Deactivate” from the menu dropdown at far right.
Now “AWS-K8s” should automatically become the default.
It will still report as “Unhealthy”
Add a pair of rancher-node-* hosts
Navigate to Infrastructure > Hosts
Click to “Add Host”
Machine Drivers
Select “Amazon EC2” for the machine drivers.
Account Access
Region: us-east-1
Access Key: [Copy from rancher-iam-api-keys user]
Secret Key: [Copy from rancher-iam-api-keys user]
Availability Zone & VPC
Availability Zone: us-east-1a
VPC Subnet: [Select the private subnet corresponding to your VPC and AZ]
Security Group
Custom: [Could use default SG]
Instance
Name: rancher-node-
Quantity: 2
Note that “Hosts will be named rancher-node-1 — rancher-node-2”
Instance Options
Instance Type: m4.large
AMI: [Click though to RancherOS list, and find ami for correct region]
SSH User: rancher
IAM Profile: [Name of pre-prepared InstanceProfile]
Private IP: select “Use only private IP address”
Rancher Labels:
Project: rancher
Component: rancher-node
Click “Create” at bottom of screen
After 5-10 minutes, the nodes will have joined the cluster, and the Kubernetes infrastructure stack should be healthy.