BestHub
search
Sign in
Cloud Native 16 min read

How to Deploy Rancher on K3s with Nginx, Keepalived, and MySQL

This guide walks through preparing the environment, installing required tools, configuring firewalls, setting up host files, deploying Nginx with Keepalived for high‑availability, installing Docker, MySQL, and finally installing K3s and Rancher using Helm, including certificate creation and troubleshooting steps.

Ops Development Stories
Ops Development Stories
Ops Development Stories
How to Deploy Rancher on K3s with Nginx, Keepalived, and MySQL

K3s (Lightweight Kubernetes)

K3s is a certified, lightweight Kubernetes distribution similar to RKE but newer, easier to use, and packaged as a single binary under 100 MB. Rancher v2.4 can be installed on a K3s cluster.

Rancher Overview

Rancher is a container management platform for companies using containers. It simplifies Kubernetes usage, enabling developers to run Kubernetes everywhere, meeting IT requirements and empowering DevOps teams.

System Preparation

Disable Firewall and SELinux

Stop and disable firewalld, set SELinux to permissive, and edit

/etc/selinux/config

to disable it.

<code>systemctl stop firewalld
systemctl disable firewalld
setenforce 0
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config</code>

On Ubuntu, disable ufw:

<code>sudo ufw disable</code>

Configure /etc/hosts

<code>192.168.111.21 nginx-master
192.168.111.22 nginx-backup
192.168.111.50 k3s-node1
192.168.111.51 k3s-node2
192.168.111.52 k3s-mysql</code>

Ensure each machine can resolve the hostnames of the others.

Required CLI Tools

Make sure

kubectl

and

helm

are installed and available in

$PATH

.

Installation Steps

Install kubectl

<code>sudo apt-get install snapd
sudo snap install kubectl --classic
kubectl help</code>

Install Helm

<code>wget https://get.helm.sh/helm-v3.2.1-linux-amd64.tar.gz
tar zxvf helm-v3.2.1-linux-amd64.tar.gz
sudo mv linux-amd64/helm /usr/local/bin/helm
helm help</code>

Create Nginx + Keepalived Cluster

Install Nginx

<code>wget http://nginx.org/download/nginx-1.17.10.tar.gz
tar zxvf nginx-1.17.10.tar.gz
yum install -y gcc gcc-c++ pcre pcre-devel zlib zlib-devel openssl openssl-devel libnl3-devel
cd nginx-1.17.10
mkdir -p /usr/local/nginx
./configure --prefix=/usr/local/nginx --with-stream
make && make install
ln -s /usr/local/nginx/sbin/nginx /usr/local/bin/nginx
nginx -V
nginx</code>

Install Keepalived

<code>wget https://www.keepalived.org/software/keepalived-2.0.20.tar.gz
tar zxvf keepalived-2.0.20.tar.gz
cd keepalived-2.0.20
./configure --prefix=/usr/local/keepalived/
make && make install
cp /usr/local/keepalived/sbin/keepalived /usr/sbin/keepalived
cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/keepalived
mkdir /etc/keepalived/
cp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/
systemctl start keepalived
systemctl enable keepalived</code>
<code># /etc/init.d/keepalived (script omitted for brevity)</code>
<code># /etc/keepalived/keepalived.conf (excerpt)
! Configuration File for keepalived

global_defs {
   router_id 192.168.111.21
}

vrrp_script chk_nginx {
    script "/usr/local/keepalived/check_ng.sh"
    interval 3
}

vrrp_instance VI_1 {
    state MASTER
    interface ens33
    virtual_router_id 51
    priority 120
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.111.20
    }
    track_script { chk_nginx }
}</code>
<code># /usr/local/keepalived/check_ng.sh
#!/bin/bash
d=$(date --date today +%Y%m%d_%H:%M:%S)
n=$(ps -C nginx --no-heading|wc -l)
if [ $n -eq "0" ]; then
    nginx
    n2=$(ps -C nginx --no-heading|wc -l)
    if [ $n2 -eq "0" ]; then
        echo "$d nginx down,keepalived will stop" >> /var/log/check_ng.log
        systemctl stop keepalived
    fi
fi</code>

Install Docker CE (on RKE node)

<code>sudo apt-get remove docker docker-engine docker.io containerd runc
sudo apt-get install -y apt-transport-https ca-certificates curl gnupg-agent software-properties-common
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
sudo apt-get update
sudo apt-get install -y docker-ce docker-ce-cli containerd.io
docker info
sudo usermod -aG docker $USER</code>

Configure Layer‑4 Load Balancer (Nginx)

<code># /usr/local/nginx/conf/nginx.conf (stream section)
stream {
    upstream rancher_servers_http {
        least_conn;
        server 192.168.111.50:80 max_fails=3 fail_timeout=5s;
        server 192.168.111.51:80 max_fails=3 fail_timeout=5s;
    }
    server { listen 80; proxy_pass rancher_servers_http; }

    upstream rancher_servers_https {
        least_conn;
        server 192.168.111.50:443 max_fails=3 fail_timeout=5s;
        server 192.168.111.51:443 max_fails=3 fail_timeout=5s;
    }
    server { listen 443; proxy_pass rancher_servers_https; }
}</code>

Deploy MySQL 5.7

<code># Create mysql user/group
groupadd -r mysql
useradd -r -g mysql mysql
# Extract and set up directories
tar zxvf mysql-5.7.30-linux-glibc2.12-x86_64.tar.gz
mkdir -p /app/mysql/data
mv mysql-5.7.30-linux-glibc2.12-x86_64/* /app/mysql/
chown -R mysql:mysql /app/mysql
# Initialize database
cd /app/mysql
./bin/mysqld --initialize --user=mysql --basedir=/app/mysql/ --datadir=/app/mysql/data/
# Create SSL keys
./bin/mysql_ssl_rsa_setup --datadir=/app/mysql/data/
# Install init script
cp support-files/mysql.server /etc/init.d/mysqld
chmod +x /etc/init.d/mysqld
chkconfig mysqld on
# Add to PATH
export PATH=/app/mysql/bin:$PATH
# Set up my.cnf (content omitted)
/etc/init.d/mysqld start
ln -s /app/mysql/mysql.sock /tmp/mysql.sock
# Login with initial password, then change it
mysql -uroot -p
ALTER USER 'root'@'localhost' IDENTIFIED BY "12345678";
GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY '12345678' WITH GRANT OPTION;
FLUSH PRIVILEGES;</code>

Deploy k3s

<code># Install k3s server on all nodes
curl -sfL https://docs.rancher.cn/k3s/k3s-install.sh | INSTALL_K3S_MIRROR=cn sh -s - server \
  --datastore-endpoint="mysql://root:12345678@tcp(192.168.111.52:3306)/k3s"
# Verify nodes
sudo k3s kubectl get nodes
# Copy kubeconfig
sudo cp /etc/rancher/k3s/k3s.yaml ~/.kube/config
sudo kubectl get pods --all-namespaces</code>

Deploy Rancher

<code># Add Helm repo
helm repo add rancher-stable https://releases.rancher.com/server-charts/stable
# Create namespace
sudo kubectl create namespace cattle-system
# Generate self‑signed certificates (openssl commands omitted for brevity)
# Create secrets
sudo kubectl -n cattle-system create secret tls tls-rancher-ingress --cert=./tls.crt --key=./tls.key
sudo kubectl -n cattle-system create secret generic tls-ca --from-file=cacerts.pem
# Install Rancher via Helm
sudo helm install rancher rancher-stable/rancher \
  --namespace cattle-system \
  --set hostname=rancher.local.com \
  --set ingress.tls.source=secret \
  --set privateCA=true
# Wait for rollout
sudo kubectl -n cattle-system rollout status deploy/rancher
# If deployment stalls, check status
sudo kubectl -n cattle-system get deploy rancher</code>

After completion, add

rancher.local.com

to your hosts file pointing to the load‑balancer IP and access

https://rancher.local.com

.

Rancher UI screenshot
Rancher UI screenshot
DockerkubernetesmysqlHelmKeepalivedK3sRancher
Ops Development Stories
Written by

Ops Development Stories

Maintained by a like‑minded team, covering both operations and development. Topics span Linux ops, DevOps toolchain, Kubernetes containerization, monitoring, log collection, network security, and Python or Go development. Team members: Qiao Ke, wanger, Dong Ge, Su Xin, Hua Zai, Zheng Ge, Teacher Xia.

0 followers
Reader feedback

How this landed with the community

login Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment