The team behind cluster management platform Rancher just released version 2.3 of its project into the enterprise world, promising better security and support for provisioning Windows clusters amongst other things.
In its second big release of the year, Rancher has focused on some of the major topics discussed in the containerisation realm today. As a result, version 2.3 comes with simplifications to get popular service mesh Istio up and running, and improvements in security. The former is meant to help with issues like observability, and facilitates the use of projects like Prometheus for monitoring, Jaeger for tracing or Kiali for traffic and telemetry visualisation. Users looking for an interface to work with Istio Virtual Services or set destination rules can take an experimental implementation of just that for a spin.
Security-wise, the Rancher team has introduced Rancher Kubernetes Engine (RKE) cluster templates to “enforce consistent cluster configuration” as they mention in a canned statement. The new addition is meant to help make sure only tested configurations are used across deployments and therefore minimise the security risks introduced by wrongly set up new clusters. It allows admins to create re-usable definitions, enforce cluster creators to use those, and offers more assistance when looking for insecure settings.
Since Kubernetes integrated production-level Windows Server support in version 1.14 which landed in March 2019, it was only a matter of time till Rancher followed suit. After all, developing company Rancher Labs set its eyes on “becoming the market leader in enterprise Kubernetes management”, which kind of describes an audience that tends to have cultivated its Microsoft bonds throughout the years. Version 2.3 is meant to sell the deal with them, presenting ways of modernising Windows applications or containerising them for cloud deployments.
Under the hood, the option of provisioning Windows clusters has been in the works since at least November 2018. The now generally available feature allows the creation of new Windows clusters with Flannel networking in VXLAN or host-gateway mode. Clusters can be mixed-mode or Windows Server 2019 only, though tolerations and node scheduling will have to be added if you want to run Linux and Windows workloads.
Apart from that, users can now add taints to nodes, define how long Rancher server should wait before deleting unresponsive nodes and recreating them, and use Google as an authentication provider.
A complete list of features can be found in the project’s release notes. There, the project maintainers mention that upgrading to the new version can lead to a restart of Kubernetes system components, which is something users should be aware of upfront. Companies with high availability installs of Rancher that use self-signed certificates and cert-manager should make sure the latter is installed in a version above 0.9.1, otherwise they might run into difficulties.
Rancher is open source, the platform’s code is protected under the Apache Licence 2.0 and can be found in a GitHub repository.