Cluster Management

General Description

This module allows automated deployment of Rancher on top of a K3s Kubernetes cluster. Rancher provides a user-friendly web interface for managing Kubernetes clusters, including monitoring, application deployment via Helm Charts, certificate handling via cert-manager, and node scaling. The script includes support for installation with or without DNS and generates SSL certificates using Let’s Encrypt.

Resource	Link
Source code	Link to source code
Demo Video	Link to video

Contact

The following table includes contact information of the main developers in charge of the component:

Name	email	Organisation
Daniel González	dgonely@cigip.upv.es

License

Apache License 2.0

Technical Foundations

The Cluster Management module is built upon lightweight and widely adopted technologies to ensure flexibility, scalability, and modular deployment:

• K3s: A lightweight Kubernetes distribution ideal for edge and development environments. Uses containerd as the default container runtime.
• Rancher: Centralized Kubernetes management platform.
• Helm: Manages Kubernetes applications using reusable templates (Helm Charts).
• Cert-manager: Automates SSL certificate creation using Let’s Encrypt.
• Nginx: Used as an external LoadBalancer.
• Docker: Used for auxiliary component orchestration, such as the external Nginx LoadBalancer.

The module provides a single installation script that automates the setup and configuration of all these services on a compatible system (Ubuntu 22.04). It includes options for DNS and non-DNS environments and generates SSL certificates accordingly.

Integrated and Open Source Components

This section outlines both pre-existing technologies and open-source components that have been integrated into the component. It provides details on their sources, purposes, modifications, and compliance with licensing terms.

Overview

This module integrates a set of established, open-source tools—K3s, Rancher, Helm, Cert-manager, and Nginx—to enable a fully functional Kubernetes environment with centralized management and modular deployments. These components are installed and configured automatically via a custom script designed for Ubuntu 22.04. This setup is a foundational pillar in the AI-PRISM architecture, as it allows simplified deployment, visibility, and scaling of complex distributed systems, including ROS 2-based AI modules deployed via Rancher Helm Charts.

Pre-existing Components

K3s

Source

Base code of K3s available here

Description

K3s is a lightweight Kubernetes distribution developed by Rancher Labs, designed to simplify the installation and operation of clusters in resource-constrained environments such as edge computing, IoT or research labs. It includes all essential Kubernetes components in a single binary and enables high-availability configurations with lower operational overhead. K3s uses containerd as its default container runtime, instead of Docker, to reduce dependencies and optimize resource usage.

Modifications

In the context of the project, its deployment is automated through custom scripts, the default Ingress driver (Traefik) is disabled to integrate Ingress-Nginx, and its installation is optimized for virtual machines running on Ubuntu 22.04.

Purpose in AI-PRISM

It acts as the base cluster on which Rancher is deployed, providing a scalable and efficient infrastructure for running ROS 2 modules and AI services.

License

Apache License 2.0

Rancher

Source

Base code of Rancher available here

Description

Rancher is a Kubernetes management platform that provides a user-friendly graphical interface, multi-cluster management, role-based access control (RBAC), Helm catalog support, and tools for monitoring, authentication and backups. It greatly simplifies the use of Kubernetes in complex or collaborative environments.

Modifications

It is installed via Helm with custom parameters (such as local or public domains, SSL configuration, and load balancing). Its deployment is automated and adapted to the use of DNS or local environments without name resolution.

Purpose in AI-PRISM

It allows users to visually deploy and manage AI-PRISM modules, including ROS 2 components packaged as Charts. It also facilitates resource tracking, external cluster integration, and service lifecycle maintenance.

License

Apache License 2.0

Helm

Source

Base code of Helm available here

Description

Helm is the official package manager for Kubernetes. It allows you to define, install and update complex applications using “charts”, which encapsulate all the necessary resources (pods, services, volumes, etc.) in reusable and configurable templates.

Modifications

It is automatically integrated into the Rancher system and is used from both the GUI and command line to deploy Rancher, cert-manager and AI-PRISM modules.

Purpose in AI-PRISM

It is essential to achieve dynamic and configurable deployments of ROS 2 modular components. It allows to easily adapt execution environments according to specific needs.

License

Apache License 2.0

Nginx

Source

Base code of Nginx available here

Description

Nginx provides a layer of security, load balancing, and efficient content delivery. It enables handling of multiple concurrent connections with low resource usage, making it ideal for modern and distributed environments.

Modifications

It is deployed as an external Docker container outside the K3s cluster via the installation script. Its configuration enables forwarding of HTTP and HTTPS traffic to the appropriate NodePorts exposed by the cluster, without altering the content of the traffic (SSL passthrough).

Purpose in AI-PRISM

Nginx acts as an external Load Balancer and reverse proxy to the cluster. Incoming traffic is redirected as follows:

• HTTP (port 80) → forwarded to NodePort 30080

• HTTPS (port 443, via stream) → forwarded to NodePort 30443

This setup enables services such as Rancher to be securely exposed outside the cluster, while keeping TLS termination and certificate management within the Kubernetes environment.

License

BSD 2-Cluse License

Cert-manager

Source

Base code of Cert-manager available here

Description

Cert-manager is a native Kubernetes solution that automates the management and renewal of TLS certificates. It supports multiple certificate issuers, such as Let’s Encrypt, HashiCorp Vault, internal Certificate Authorities (CAs), among others. This ensures that cluster services such as Rancher can be securely exposed with valid certificates, even in environments without Internet access.

Modifications

It is automatically installed via the setup script. Integration can be configured with Let’s Encrypt (for environments with DNS and Internet access) or with a local CA (for development or private network environments). In the case of a local CA, the authority is generated and imported into the host system to avoid browser security warnings. For more information, see here.

Purpose in AI-PRISM

It enables secure HTTPS connections, either through Let’s Encrypt or, in local environments, via OpenSSL, which is configured with a local Certificate Authority (CA).

License

Apache License 2.0

Docker

Source

Base code of Docker available here

Description

Although K3s uses containerd as its container runtime, Docker is included in this setup specifically to run the external Nginx Load Balancer as a containerised service. The Docker engine is installed and managed independently from the Kubernetes cluster.

Modifications

It is automatically installed as part of the script and is required by K3s and other tools. It remains functionally unchanged.

Purpose in AI-PRISM

Docker provides the runtime environment for auxiliary services, in particular the external Nginx Load Balancer, which acts as a reverse proxy to securely expose Rancher and other internal services to the host machine or the network.

License

Apache License 2.0 (Docker CE)

How to install

The AI-PRISM component is deployed using the Cluster Management service via the k3s_rancher.sh script.

Installation Parameters:

sudo ./k3s_rancher.sh <ip_address> <subdomain>.<domain> <iface>

• ip_address: IP of the host running Rancher.
• domain/subdomain: Domain name for Rancher (can be fake/local).
• iface: Network interface (e.g. eth0).

You can choose to install with or without DNS o local DNS:

• With DNS: Recommended for production environments. Uses Let's Encrypt for SSL or Self-signed certificates.
• Without DNS: Suitable for local environments. Requires manual /etc/hosts update.

The script automatically installs Docker, K3s, Rancher, the Nginx Load Balancer, and optionally enables SSL support using Let’s Encrypt. If you are working in a local environment, here you can find detailed instructions.

How to use

1. Access Rancher via the domain configured during installation.

2. Log in using the auto-generated password (displayed at the end of the installation script).

3. Note:

   • If you used the script with Let’s Encrypt certificates in an environment with public DNS and a valid domain name, HTTPS will be configured automatically.
   • If you are running a local environment, you will need to generate a local Certificate Authority (CA) — as explained in the documentation — and import it into your preferred browser.

4. Add additional worker nodes using the provided K3s token.

5. Import existing Kubernetes clusters from external sources (e.g., MicroK8s-based clusters).

6. Add Helm Catalogs and deploy AI-PRISM components such as ROS 2 modules using Rancher Charts.