What is Rancher? The KaaS Landscape, Part 1

This article is the first in a series of pieces describing the various players in the Kubernetes as a Service (KaaS) area.  The idea is to give those considering using KaaS an idea of what's out there and what will best suit their needs. (If you're not sure whether this technology is for you, you might start with a look at KaaS in relation to another developer enablement strategy, Platform as a Service (PaaS).
Can't stand the suspense? Download this PDF to get a feature-by-feature comparison of KaaS and PaaS solutions from leading vendors.

We'll start by discussing the pros and cons of Rancher, one of the first such tools on the market.

What is Rancher?

Rancher is primarily a KaaS, in that it's designed to help deploy and manage Kubernetes clusters. It includes both a web-based GUI and a command line interface that enable you to create and scale not just clusters, but also Kubernetes objects such as pods and deployments.  You can also import existing clusters to be managed by the Rancher interface.  
While it does include an application catalog that gives it some similar capabilities to a PaaS, its architecture places it firmly in the KaaS camp; commands generally get proxied through the Rancher server, but once deployed, clusters can also operate independently.
Rancher is designed to integrate with other infrastructure tools such as CI/CD tools, code repositories, monitoring, and user management, and can deploy clusters to most available providers, such as OpenStack, AWS, and Microsoft Azure.

A quick overview of using Rancher

The Rancher server can be downloaded and installed for free, so you can quickly get a feel for what it does. Let's take a quick look at what the experience is like.

1. Once the software is deployed, you can finish configuration from the provided web address.  Start by creating your credentials and confirming the URL you'll use to access the server.
2. Now you're ready to add a new cluster.Click Add Cluster to get started.
3. Out of the box, Rancher supports multiple cloud providers.  Choose what's convenient for you.
4. If your provider requires additional information, the UI will prompt you for it.
5. Now we need to configure the nodes for the cluster.  For example, if you specified 2 nodes, you will see two additional VMs created. Note that by default these nodes are in a different zone than the Rancher server.
6. Rancher handles the security, and in some ways it's very convenient; for example Global RBAC control makes it easier to work with multi-cluster applications.  On the other hand, you have to be sure you understand what it's doing; because of the way resources are created, you must make sure to delete them from Rancher or you might have difficulty deleting them externally.  (Or at least, that's what happened when we tested this on Google Compute Engine.)
7. While the cluster is deploying, you can download the Rancher CLI to manage it if necessary.
8. Once the cluster has been deployed, you can deploy applications from provided repositories. You can also add your own charts repository.
9. You can also deploy containers directly. Rancher makes it easy to deploy using typical patterns, such as a stateful set or a pod that runs on a cron schedule, but there is one downside: it does not appear to support private image repositories, which can make it difficult to deploy sensitive applications.

So that's the general workflow; let's summarize the ups and downs of using Rancher.

Advantages of using Rancher for KaaS

Rancher has been around for several years, and as such it's a fairly comprehensive system, and it does have a number of advantages, including:

• Support for multi-cluster applications:  To help mitigate deployment and management errors, Rancher can deploy the same Helm-based application on multiple clusters simultaneously.  It will also handle upgrading those applications.
• Support for multiple operating systems:  While some KaaS's and PaaS are locked into a specific operating system -- for example, OpenShift requires the use of Red Hat Enterprise Linux (RHEL) -- Rancher supports multiple operating systems, including Ubuntu 16.04 and 18.04, RHEL, the RancherOS container-optimized operating system, and even Windows Server 2019.
• User management:  By providing the ability to control global RBAC settings, Rancher makes it easier to manage multiple clouds and multi-cloud applications.
• Networking support:  Rancher includes Container Network Interface (CNI) support for Canal, Flannel, Calico, and Weave.
• Storage support:  Rancher includes support for multiple storage drivers, including:
  • Amazon EBS Disk
  • AzureFile
  • AzureDisk
  • Ceph RBD
  • Gluster Volume
  • Google Persistent Disk
  • Openstack Cinder Volume
  • ScaleIO Volume
  • StorageOS
  • Vmware vSphere Volume

Disadvantages of using Rancher for KaaS

While Rancher is a very capable product, there are a few areas where you will want to be cautious:

• No secure storage of secrets:  Rancher isn't designed for heavy duty security, in that secrets are stored in plain text rather than being stored securely.
• VMs run using CRDs:  Many organizations still need to run VMs for applications that can't be containerized, but Rancher's method for doing this is through the use of Custom Resource Definitions to create "VM Pods".  This creates additional complexity and overhead compared to using something like Virtlet, which treats VMs as first-class citizens.
• No private registry capability: while Rancher does enable you to import a private application catalog, it doesn't have the ability to deploy containerized applications from a private image repository, making it more difficult to ensure particular images are used as the basis for applications.

Overall

Rancher is a comprehensive Kubernetes as a Service system enabling increased developer productivity for general application development, including for multi-cluster applications, but for those building applications in highly controlled and regulated environments, companies with significant non-containerized applications, or for which security is a topmost concern, it does have some gaps that would need to be considered.