With half a year gone since the last big release, v2.2 of open source cluster management platform Rancher is available for download now. New features include multi-tenant catalogues, multi-cluster apps, global DNS, and a Prometheus integration for better monitoring – all of which have been heavily requested by the company’s enterprise customers.
“In the last 18 months or so we found more and more people moving from the experimentation state with Kubernetes to handing containers over to production” explained Rancher’s head of product management Ankur Agarwal on a phone call.
“People are asking for resilient clusters, highly available apps, multi-tenancy, and supportability. All the features we’re announcing somehow fall into this category of making sure that at enterprise level you have those enterprise-grade production-ready clusters.”
Rancher can for example be used to deploy, secure and manage Kubernetes applications, so if you’re familiar with that, you’ll know that etcd was designed for high resilience and is already included in Kubernetes. Agarwal however still sees the need for an additional disaster recovery strategy for enterprise users on top of the resilience features in the popular container orchestrator: “We have designed a system where you can initiate and schedule backups.”
“Backups will be taken of your etcd cluster, and if the cluster goes down, you have a way to restore it and bring your cluster back up. You can see the (backup’s) history, who took it. […]The reason we do that is because to bring Kubernetes to the masses it has to be easy to use.”
High availability (HA) has also been on the minds of those Rancher engineers dealing with the Global DNS enhancement. It supports Amazon’s DNS Route 53, AliDNS, and, though still in alpha, CloudFlare to offer users a way of controlling applications across availability zones, and data centers. The feature can only be used in HA setups with local cluster enabled.
Those who have already used the Rancher 2.2 preview will know about the new monitoring options, but for those who like their releases stable, it’s worth mentioning that Rancher now comes with Prometheus and Grafana integrated. Though Rancher already offered monitoring, Prometheus is becoming more and more of a standard tool and adding it to the mix should give users a better insight into their clusters’ status.
Isolation of applications seems to be on the minds of many Rancher customers, which is why v2.2 also includes the so-called multi-tenant catalogues. They give admins of both single and multiple-cluster setups a way of isolating views by specifying which users can access which catalogues.
“Right now this is how catalogs work: Once you’ve added a catalogue it’s available to anybody who’s on your instance, which means across clusters anybody can see and use the catalogue” Agarwal reiterated. However: “In an enterprise teams have their own specialised apps that they don’t want others to see. So multiple enterprises have been reporting back asking for a way to just hide those.“
Another new feature aiming to help admins reduce management overhead is multi-cluster apps. They let users deploy, update and manage applications across multiple clusters and projects, making use of Helm as well.
Extra security can be achieved by the new option of rotating certificates for Kubernetes components (note that new clusters get a certificate which expires after ten years – before that it was only good for one, so maybe rotating isn’t a bad idea).
There’s now also support for Okta authentication, and admins can configure Kubernetes clusters to be accessed directly and not via the Rancher server. They can then still use Rancher authentication, but the change is meant to, for example, improve access to clusters that are geographically far away.