Last active
October 18, 2021 15:32
-
-
Save qskwood/79dea90dd5359e5e131b934f7c07be44 to your computer and use it in GitHub Desktop.
Rancher on OVH Managed Kubernetes
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: networking.k8s.io/v1 | |
| kind: Ingress | |
| metadata: | |
| name: rancher | |
| namespace: cattle-system | |
| annotations: | |
| # use the shared ingress-nginx | |
| kubernetes.io/ingress.class: "nginx" | |
| cert-manager.io/issuer: "letsencrypt-staging" | |
| spec: | |
| tls: | |
| - hosts: | |
| - rancher.example.com | |
| secretName: rancher-tls | |
| rules: | |
| - host: rancher.example.com | |
| http: | |
| paths: | |
| - path: / | |
| pathType: Prefix | |
| backend: | |
| service: | |
| name: rancher | |
| port: | |
| number: 80 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: cert-manager.io/v1 | |
| kind: Issuer | |
| metadata: | |
| name: letsencrypt-production | |
| namespace: cattle-system | |
| spec: | |
| acme: | |
| # The ACME server URL | |
| server: https://acme-v02.api.letsencrypt.org/directory | |
| # Email address used for ACME registration | |
| email: [email protected] | |
| # Name of a secret used to store the ACME account private key | |
| privateKeySecretRef: | |
| name: letsencrypt-production | |
| # Enable the HTTP-01 challenge provider | |
| solvers: | |
| - http01: | |
| ingress: | |
| class: nginx |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: cert-manager.io/v1 | |
| kind: Issuer | |
| metadata: | |
| name: letsencrypt-staging | |
| namespace: cattle-system | |
| spec: | |
| acme: | |
| # The ACME server URL | |
| server: https://acme-staging-v02.api.letsencrypt.org/directory | |
| # Email address used for ACME registration | |
| email: [email protected] | |
| # Name of a secret used to store the ACME account private key | |
| privateKeySecretRef: | |
| name: letsencrypt-staging | |
| # Enable the HTTP-01 challenge provider | |
| solvers: | |
| - http01: | |
| ingress: | |
| class: nginx |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: cert-manager.io/v1 | |
| kind: Issuer | |
| metadata: | |
| name: letsencrypt-production | |
| spec: | |
| acme: | |
| # The ACME server URL | |
| server: https://acme-v02.api.letsencrypt.org/directory | |
| # Email address used for ACME registration | |
| email: [email protected] | |
| # Name of a secret used to store the ACME account private key | |
| privateKeySecretRef: | |
| name: letsencrypt-production | |
| # Enable the HTTP-01 challenge provider | |
| solvers: | |
| - http01: | |
| ingress: | |
| class: nginx |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: cert-manager.io/v1 | |
| kind: Issuer | |
| metadata: | |
| name: letsencrypt-staging | |
| spec: | |
| acme: | |
| # The ACME server URL | |
| server: https://acme-staging-v02.api.letsencrypt.org/directory | |
| # Email address used for ACME registration | |
| email: [email protected] | |
| # Name of a secret used to store the ACME account private key | |
| privateKeySecretRef: | |
| name: letsencrypt-staging | |
| # Enable the HTTP-01 challenge provider | |
| solvers: | |
| - http01: | |
| ingress: | |
| class: nginx |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| This script — along with the supplied YAML files — will set up Rancher on OVH's managed Kubernetes infrastructure complete with a load balancer and an ingress controller configured with Let's Encrypt. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # install an ingress controller — in this case ingress-nginx | |
| # https://docs.ovh.com/us/en/kubernetes/installing-nginx-ingress/ | |
| helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx | |
| helm repo update | |
| helm -n ingress-nginx install ingress-nginx ingress-nginx/ingress-nginx --create-namespace | |
| # install Rancher (replace hostname and email with appropriate values) | |
| # https://rancher.com/docs/rancher/v2.6/en/installation/install-rancher-on-k8s/ | |
| helm repo add rancher-stable https://releases.rancher.com/server-charts/stable | |
| kubectl create namespace cattle-system | |
| helm repo add jetstack https://charts.jetstack.io | |
| helm repo update | |
| helm install cert-manager jetstack/cert-manager \ | |
| --namespace cert-manager \ | |
| --create-namespace \ | |
| --version v1.5.1 \ | |
| --set installCRDs=true | |
| helm install rancher rancher-stable/rancher \ | |
| --namespace cattle-system \ | |
| --set hostname=rancher.example.com \ | |
| --set bootstrapPassword=password \ | |
| --set ingress.tls.source=letsEncrypt \ | |
| --set [email protected] | |
| # configure two certificate issuers — one for testing and one for production — for Rancher's web UI. | |
| kubectl apply -f issuer-cattle-system-staging.yml | |
| kubectl apply -f issuer-cattle-system-production.yml | |
| # configure an ingress for Rancher | |
| kubectl apply -f ingress-rancher.yml | |
| # configure two certificate issuers — one for testing and one for production — for everything else | |
| kubectl apply -f issuer-default-staging.yml | |
| kubectl apply -f issuer-default-production.yml |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment