Knowledge Base | Xelon AG

How to: Secure Rancher with SSL via Load Balancing Service

Geschrieben von Michael Dudli | Aug 23, 2022 1:17:24 PM

The software stack Rancher addresses the challenges of managing multiple Kubernetes clusters across any infrastructure and provides DevOps teams with integrated tools for running containerized workloads. In this article, we are providing a step-by-step guide on how to secure Rancher with SSL via Load Balancing Service using the Cloud Platform Xelon HQ.

Please find below the requirements to secure Rancher with SSL:

  1. Xelon HQ Account
  2. Rancher Cluster

How to create a Load Balancer in the Xelon HQ:

  1. Log in to Xelon HQ and go to Networking -> Load Balancer -> Create a Load Balancer
  2. Name the Load Balancer.
  3. Select the right cluster via ‘apply to’. This means that the Load Balancer is directly connected to the cluster.
  4. Important: tick the box next to ‘Layer 7 Load Balancer’.

To finish our configuration we have to set a forwarding rule. Please note that it does not have to be a real URL because we first have to determine the assigned IP of the load balancer so that we can create an A record.

When the installation of the load balancer is finished, we can see the IP of the load balancer in the overview:

What to consider when creating a forwarding rule in the Xelon HQ:

Now we can create an A record. Once this is done, we can adjust the forwarding rule. To create the forwarding rule we need to open the Rancher config that we received when creating the Rancher cluster. After that, select the IP of the cluster:

Server: "https://Explicitip/k8s/clusters/c-fb7qq"

Once we have selected the IP, we can create the rule. When saving the rule, it is important to select ‘Use https on Backend’ and enable ‘SSL Generate’. This way an SSL will be generated.

After saving, the Rancher cluster is protected by SSL.

Now we open our config again and change the IP to the domain we defined when creating the Load Balancer in the Xelon HQ.

Now we are done. Our Rancher cluster is protected by SSL. Autobuild pipelines can now be created via GitLab or Helm charts to define, install, and upgrade Kubernetes applications can be set up. 

If you have any questions on how to secure Rancher with SSL please feel free to contact our support team!