Created
February 22, 2022 19:51
-
-
Save doodlesbykumbi/9b9f7098af8cc50b46eaadc798d08c49 to your computer and use it in GitHub Desktop.
Automation for single node Rancher in Docker
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # TODO: inside any container consuming Rancher API | |
| # echo "172.17.0.1 local.com" >> /etc/hosts | |
| # Run single node | |
| docker run -d --name rancher --restart=unless-stopped \ | |
| -p 80:80 -p 443:443 \ | |
| --privileged \ | |
| rancher/rancher:latest | |
| # Wait for node to be ready | |
| while ! curl -k https://localhost/ping; do sleep 3; done | |
| # Login | |
| ADMINPASS=$(docker logs rancher 2>/dev/null | grep Password: | awk '{ print $6 }') | |
| LOGINRESPONSE=$(curl -s 'https://127.0.0.1/v3-public/localProviders/local?action=login' -H 'content-type: application/json' --data-binary '{"username":"admin","password":"'$ADMINPASS'"}' --insecure) | |
| LOGINTOKEN=$(echo $LOGINRESPONSE | jq -r .token) | |
| # Change password | |
| curl -s 'https://127.0.0.1/v3/users?action=changepassword' -H 'content-type: application/json' -H "Authorization: Bearer $LOGINTOKEN" --data-binary '{"currentPassword":"'$ADMINPASS'","newPassword":"thisisyournewpassword"}' --insecure | |
| # Create API key | |
| APIRESPONSE=$(curl -s 'https://127.0.0.1/v3/token' -H 'content-type: application/json' -H "Authorization: Bearer $LOGINTOKEN" --data-binary '{"type":"token","description":"automation"}' --insecure) | |
| # Extract and store token | |
| APITOKEN=$(echo $APIRESPONSE | jq -r .token) | |
| # Update server-url | |
| RANCHER_SERVER=https://172.17.0.1 | |
| curl -s 'https://127.0.0.1/v3/settings/server-url' -H 'content-type: application/json' -H "Authorization: Bearer $APITOKEN" -X PUT --data-binary '{"name":"server-url","value":"'$RANCHER_SERVER'"}' --insecure > /dev/null | |
| # Get kubeconfig for local cluster | |
| CLUSTERCONFIG=$(curl -s https://127.0.0.1/v3/clusters/local?action=generateKubeconfig -X POST -H 'content-type: application/json' -H "Authorization: Bearer $APITOKEN" --insecure | \ | |
| jq -r .config | ruby -r yaml -r json -e 'puts JSON.pretty_generate(YAML.load(ARGF.read))') | |
| CLUSTERTOKEN=$(echo $CLUSTERCONFIG | jq -r .users[0].user.token) | |
| CLUSTERAPIURL=$(echo $CLUSTERCONFIG | jq -r .clusters[0].cluster.server) | |
| CLUSTERCERT=$(echo $CLUSTERCONFIG | jq -r '.clusters[0].cluster["certificate-authority-data"]' | base64 -d) | |
| echo " | |
| CLUSTERTOKEN=${CLUSTERTOKEN} | |
| CLUSTERAPIURL=${CLUSTERAPIURL} | |
| CLUSTERCERT=${CLUSTERCERT} | |
| " |
Additionally, this route seems to have success for things (working locally on MacOS, adjust entrypoint mapping as needed):
# Make the needed dotfile directory
mkdir -p dot-rancher
# Start rancher
docker run --rm -it --privileged -e CATTLE_BOOTSTRAP_PASSWORD=password -p 127.0.0.1:8080:80 -p 127.0.0.1:8443:443 -v $(pwd)/bin/entrypoint.sh:/usr/bin/entrypoint.sh rancher/rancher
# Get token for rancher operations
RANCHER_TOKEN=$(curl -s 'https://127.0.0.1:8443/v3-public/localProviders/local?action=login' -H 'content-type: application/json' --data-binary '{"username":"admin","password":"'password'"}' --insecure | jq -r .token)
# Log in to the rancher CLI
docker run --rm -it --network host -v $(pwd)/rancher-dot/:/root/.rancher badouralix/rancher-cli rancher login https://localhost:8443 --token $RANCHER_TOKEN --skip-verify
# Get the kubeconfig for the cluster
docker run --rm -it --network host -v $(pwd)/rancher-dot/:/root/.rancher badouralix/rancher-cli rancher clusters kubeconfig local > kubeconfig.yml
# list namespaces in the cluster
KUBECONFIG=kubeconfig.yml kubectl get namespaces
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Adding
-e CATTLE_BOOTSTRAP_PASSWORD=passwordto the initial docker run command will set theADMINPASStopassword, meaning the change password step is unnecessary.