Creating your Kubernetes cluster on EC2
Create your Rancher control panel from your Baasil.io dashboard
Note that if you're using your own Rancher control panel, then you can skip this step and go straight to "Launch your hosts from your Rancher control panel" below.
Before you can deploy your app, you first need to create your Kubernetes cluster through your Rancher environment/control panel.
You can create a new Rancher environment from your Baasil.io dashboard https://baasil.io/#!/dashboard - But before you can do this, you will need to make sure that your Baasil.io account is linked to your GitHub account - This is because Rancher uses GitHub OAuth for authentication.
To link your Baasil.io account to your GitHub account, you should navigate to the account tab https://baasil.io/#!/dashboard?main-tab=account, insert your GitHub account name (or organization) and then click on the 'LINK GITHUB ACCOUNT' button.
To create your Rancher Kubernetes environment, go to the infrastructure tab https://baasil.io/#!/dashboard?main-tab=infrastructure, enter a name for your environment and then click on the 'CREATE RANCHER ENV' button. A link to your Rancher control panel should appear.
Launch your hosts from your Rancher control panel
Initially, your Rancher Kubernetes environment will have no hosts in it - You will need to create some hosts before you can deploy your app.
To create some hosts, from your Rancher control panel's top bar, click on
Hosts then click on the
Add Host button.
This screen will come up and you will be able to choose between various drivers for creating new hosts:
To create hosts on your own EC2 infrastructure, click on the
Amazon EC2 option/icon among the provided machine drivers.
The EC2 screen should look like this:
Before you can create new hosts on EC2, you will need to provide an AWS API
Access Key and
Secret Key to allow Rancher to create new instances on your AWS account; to do this, you need to create a new access key from your AWS control panel.
To do this, open your AWS control panel and click on the dropdown button which has your name on it (near the right of the top navbar) and then click on
Security Credentials here:
A new page should come up - From there, expand the
Access Keys (Access Key ID and Secret Access Key) section:
Click on the
Create New Access Key button. A dialog should come up telling you that your access key has been created - Click on the
Show Access Key link and you will see your
Access Key and
Secret Key. Feel free to save them in a safe place.
Now you can go back to your Rancher control panel and insert your
Region of choice along with your
Access Key and
You should check your AWS/EC2 control panel to decide which
Region you want to use - If you specify an invalid region (which you don't have access to), your hosts will fail to launch (if that happens, you should go through all the Rancher
Add Host steps again from the beginning using a different
Once you've specified your AWS/EC2
Region, click on the
Next: Authenticate & select a network button.
On the next screen, you will be prompted for a more specific
Availability Zone (a, b, c, ...).
Once you select a zone from the combo box, it should prompt you for a VPC/subnet. Once the VPC options come up, select the first one as your
VPC/Subnet then click on the
Next: Select a Security Group button.
When it prompts you for a security, group, Rancher might offer to create a new
rancher-machine security group for you (or use an existing one) - The security group simply defines the rules under which your hosts/instances can be accessed - It lets you specify which ports to expose publicly on the internet or to other computers within a network. We recommend that you select the default
rancher-machine security group - We will modify it later using the AWS/EC2 control panel.
Now click on the
Next: Set Instance options button.
The following screen should look like this:
From this screen, you can tell Rancher how many machines it should create by dragging the slider under
Quantity - Note that it's perfectly fine to have a single-machine Kubernetes cluster - You can always add more machines later by going through the above steps again.
You need to provide a
Name for your host(s).
We also recommend that you set the
Instance Type to
t2.medium (or larger) - Smaller ones work too but they tend to be slow and unstable.
You can leave all the other fields as default.
We recommend that you leave the
AMI input field empty; it will use a Ubuntu image which works pretty well with Rancher/Kubernetes.
Now you can click on the
You should now be redirected to your
Infrastructure > Hosts screen and you should see your machine(s) launching - If you open up your EC2 control panel and click on the
Instances section, you should see your host/instance booting up. If you don't see your instance in EC2; make sure that you're looking at the correct view for your availability zone (use the dropdown menu near the top right of the page to switch between zones).
Configuring your rancher-machine security group
Earlier, we told Rancher to create a new
rancher-machine security group for us. This security group has some useful settings for operating a Rancher cluster but we would like to make a small change to it - Specifically, we want to allow all hosts/instances within the
rancher-machine security group to communicate freely with each other (on any port).
To do this, open your EC2 control panel. In the side menu, click on the
Security Groups link. Once that screen loads up, you should see your
rancher-machine security group and it should have a
Group ID in the format
sg-xxxxxxxx - Copy that ID. Now, click on the
rancher-machine security group; then, in the panel below, you should click on the
Inbound tab - We will add a new inbound rule to it.
Click on the
Edit button. When the
Edit inbound rules dialog comes up, click on the
Add Rule button. Now set the new rule to allow hosts which belong to your
rancher-machine security group to connect with each other on all ports.
The rule should look like this (you should substitute the group ID
sg-cb2073b1 shown in this screenshot with the group ID from your own
You only need to configure your security group once for your VPC. When you create new hosts in the future (within that VPC), you can just tell Rancher to reuse your existing
rancher-machine security group.