Is there a fool proof guide to install rancher and k3s in Rocky Linux 9 in 2024?

Tried everything, nothing works. Anyone has a full proof guide that works under any circumstances?

It would be helpful if you specify what did not work ( what are the error messages, which commands did you use etc…)

In general, for a test/dev install rancher docker deployment works flawlessly, if you follow the instructions ( e.g. the container needs to be run privileged) and the ports are available.

1 Like

I agree with @bpedersen2 , we need to know more, but I just tried the following:

  • VM on Amazon EC2 with community Rockly Linux 9 AMI
  • K3S v1.26.11+k3s1
  • Cert Manager v1.13.3
  • Rancher v2.8.1 (latest)

And it works!

Here is what I did:

$ cat /etc/os-release 
NAME="Rocky Linux"
VERSION="9.1 (Blue Onyx)"
ID="rocky"
ID_LIKE="rhel centos fedora"
VERSION_ID="9.1"
PLATFORM_ID="platform:el9"
PRETTY_NAME="Rocky Linux 9.1 (Blue Onyx)"
ANSI_COLOR="0;32"
LOGO="fedora-logo-icon"
CPE_NAME="cpe:/o:rocky:rocky:9::baseos"
HOME_URL="https://rockylinux.org/"
BUG_REPORT_URL="https://bugs.rockylinux.org/"
ROCKY_SUPPORT_PRODUCT="Rocky-Linux-9"
ROCKY_SUPPORT_PRODUCT_VERSION="9.1"
REDHAT_SUPPORT_PRODUCT="Rocky Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="9.1"

Then, install K3s in version v1.26.11+k3s1 (Rancher v2.8.1 is only compatible with <=v1.27), and making it write the kubeconfig file with 666 file permissions:

curl -sfL https://get.k3s.io | INSTALL_K3S_VERSION=v1.26.11+k3s1 sh -s - server --write-kubeconfig-mode 666
  • Test the cluster:
$ kubectl cluster-info
Kubernetes control plane is running at https://127.0.0.1:6443
CoreDNS is running at https://127.0.0.1:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
Metrics-server is running at https://127.0.0.1:6443/api/v1/namespaces/kube-system/services/https:metrics-server:https/proxy

To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.
  • Install Cert manager CRDs:
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.3/cert-manager.crds.yaml
  • Create HelmChart manifest files, to avoid downloading and installing Helm (don’t forget to replace the placeholder with a valid public IP accessible from outside this VM):
export IP=<YOUR_PUBLIC_IP_ADDRESS>
cat <<EOF >> rancher-certmanager-helmcharts.yaml
apiVersion: helm.cattle.io/v1
kind: HelmChart
metadata:
  namespace: default
  name: rancher
spec:
  chart: rancher
  repo: https://releases.rancher.com/server-charts/latest
  targetNamespace: cattle-system
  set:
    hostname: $IP.nip.io
    bootstrapPassword: admin
  createNamespace: true
---
apiVersion: helm.cattle.io/v1
kind: HelmChart
metadata:
  namespace: default
  name: certmanager
spec:
  chart: cert-manager
  repo: https://charts.jetstack.io
  targetNamespace: cert-manager
  createNamespace: true
EOF
  • Finally, applying the above manifests file:
$ kubectl apply rancher-certmanager-helmcharts.yaml
helmchart.helm.cattle.io/rancher created
helmchart.helm.cattle.io/certmanager created

After waiting for 3-4 minutes, Rancher should be available in a browser using .nip.io.

You can check pods with :

kubectl get po -n cattle-system
kubectl get po -n cattle-system
kubectl get po

If the 2 first kubectl commands did not show anything, the 3rd one should show pods with a helm-install-XXX prefix. If not, you probably did not apply the manifest from above or it fails for some obscure reason.

1 Like

I am using Alma Linux 9 for this matter.

Step 1

Update the system.

sudo dnf update -y

Step 2

Reboot the system

sudo reboot

Step 3

Install docker

sudo dnf config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo
sudo dnf install -y docker-ce
sudo dnf install -y docker-ce-cli containerd.io
sudo systemctl start docker
sudo systemctl enable docker
sudo systemctl status docker

Step 4

Kernel Modules for rancher

sudo modprobe ip_tables && sudo modprobe ip_conntrack && sudo modprobe iptable_filter && sudo modprobe ipt_state

Step 5

Pull rancher docker image

docker run -d --name=rancherimaginelinux --privileged --restart=unless-stopped -p 80:80 -p 443:443 rancher/rancher:v2.4.9

Step 6

Disable firewalld and set SELINUX to disabled.

systemctl stop firewalld
systemctl disable firewalld

Because this is a test environment.

Step 7

Set up rancher now. Enter a new password.

Step 8

Import existing cluster.

kubectl apply -f https://localhost:443/v3/import/6hztsh2kd9n5wzcsp4dtmrt9wslxw9plnj86tfl6gts8z5fbl9l42v.yaml

OR

curl --insecure -sfL https://localhost:443/v3/import/6hztsh2kd9n5wzcsp4dtmrt9wslxw9plnj86tfl6gts8z5fbl9l42v.yaml | kubectl apply -f -

You’ll see kubectl command not found error. That’s why let’s install k3s in next step.

Step 9

Install k3s

curl -sfL https://get.k3s.io | sh - 

It’s stuck here.

So you now have a working rancher installation(but chech which serverurl is configured in the global settings, the globe on the left bottom).

This should be run against an existing cluster and assumes you already have a working (== existing) k8s environment ( so kubectl available and a working kubconfig for that cluster)
Possibly

Most probably you either have to wait longer ( depending on how beefy your machine is, it can take 10-30 min at least). And you are now trying to set up another k3s instance on the same machine (and you mapped pot 443 and port 80 already, so chances are that the default k3s traefik ingress will fail.

And why don’t you use your rancher installatio to create the new cluster ?

And current rancher version is 2.8.1, you should probably use that (if you want to upgrade from your 2.4.9 check the release notes!)

I’ll do one with rocky linux on a fresh OS. Wait some time.

If I’m using localhost:9487 9487 is the forwarded port. What will be my IP Address placeholder value?

Step 1

Download k3s

curl -sfL https://get.k3s.io | INSTALL_K3S_VERSION=v1.26.11+k3s1 sh -s - server --write-kubeconfig-mode 666

Step 2

Install cert manager.

kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.3/cert-manager.crds.yaml

Step 3

Install docker

sudo dnf config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo
sudo dnf install -y docker-ce
sudo dnf install -y docker-ce-cli containerd.io
sudo systemctl start docker && sudo systemctl enable docker && sudo systemctl status docker

Step 4

Install rancher

docker run -d --restart=unless-stopped \
  -p 80:80 -p 443:443 \
  --privileged \
  rancher/rancher:latest

Step 5

reboot

These are my SSH tunnel to access rancher web portal. My VM is natted at port 3232(Guest IP=10.0.2.15 Guest port=22)(Host IP=127.0.0.1 Host Port=3232)

Still I’m unable to access the web portal from https://localhost:9487, I get 404 page not found.

Here you are only forwarding the ssh port (22) to 3232. You need to forward also 443 …

And the local port needs of course to match what is configured in the serverurl. I general I suspect accessing rancher via such a tunnel is a very advanced topic and not really supported. It is assumed that rancher is accessible directly.

At this point, you have a working Rancher (because you say you set up the first password).

However, your generated import URL shows a problem: your Rancher hostname is localhost , which it should not be. Because you are supposed to have a Kubernetes cluster running somewhere else. If you are running the Docker Rancher (which you seem to be), you should be able to just change the localhost with the actual IP address in:

kubectl apply -f https://<HERE_ACTUAL_IP>:443/v3/import/6hztsh2kd9n5wzcsp4dtmrt9wslxw9plnj86tfl6gts8z5fbl9l42v.yaml

Now, let’s focus on the part where you are stuck.

This is purely K3s, not Rancher.
Also, see that it is stuck here:

[INFO]  Downloading binary https://github.com/k3s-io/k3s/releases/download/v1.28.5+k3s1/k3s

This can only be because of network issues:

  • Either your machine is not able to download the binary
  • Or your download is VERY slow!

Know that after this step, you should have:

[INFO]  Verifying binary download
[INFO]  Installing k3s to /usr/local/bin/k3s
[INFO]  Finding available k3s-selinux versions
...

Meaning, you didn’t get to the verifying the binary part, which in turn means, the download is stuck.

Another, point, I explicitely mentioned above that Rancher is NOT compatible with Kubernetes v1.28, so, please download another version as I mentioned in my first post.

Same happens when I bridge a network though. 404 not found.