forked from alexarnoldy/Rancher
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathRancher_on_RKE2_the_easy_way.txt
79 lines (57 loc) · 3.24 KB
/
Rancher_on_RKE2_the_easy_way.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
# end-end breadcrumbs on EC2.
# Launched amazon/suse-sles-15-sp3-byos-v20220309-hvm-ssd-x86_64
# username=ec2-user
sudo SUSEConnect -r key -e [email protected]
sudo zypper -n up
sudo reboot
# Need a TLS Certificate. Will leverage the "Let’s Encrypt" tool called certbot.
# https://letsencrypt.org/getting-started/
# https://certbot.eff.org/instructions?ws=nginx&os=leap
sudo zypper addrepo --refresh https://download.opensuse.org/repositories/system:/snappy/openSUSE_Leap_15.3 snappy
sudo zypper --gpg-auto-import-keys refresh
sudo zypper dup --from snappy
sudo zypper install snapd
sudo systemctl enable --now snapd
sudo systemctl enable --now snapd.apparmor
sudo snap install core; sudo snap refresh core
# export /snap/bin="$HOME/bin:$PATH" # not needed - sym link below
sudo ln -s /snap/bin/certbot /usr/bin/certbot
sudo snap set certbot trust-plugin-with-root=ok
sudo snap install certbot-dns-route53
sudo snap refresh
# -------------------------------------------------------------
echo "export KUBECONFIG=/etc/rancher/rke2/rke2.yaml" >> ~/.bashrc
echo "PATH=${PATH}:/opt/rke2/bin:/var/lib/rancher/rke2/bin/" >> ~/.bashrc && source ~/.bashrc
sudo mkdir -p /etc/rancher/rke2/
##########
FQDN="" ## Enter your FQDN within the quotes
##########
nslookup ${FQDN} # Should show the public IP associated with the FQDN
sudo bash -c "cat <<EOF> /etc/rancher/rke2/config.yaml
write-kubeconfig-mode: "0644"
tls-san:
- "${FQDN}"
EOF"
cat /etc/rancher/rke2/config.yaml
sudo bash -c "curl -sfL https://get.rke2.io | INSTALL_RKE2_VERSION="v1.20.6+rke2r1" sh -"
sudo systemctl enable --now rke2-server.service
## After RKE2 is up and running (verify with watch -c kubectl get pods -A):
ec2-user@ip-10-0-23-127:~> kubectl get pods -A
error: error loading config file "/etc/rancher/rke2/rke2.yaml": open /etc/rancher/rke2/rke2.yaml: permission denied
sudo chmod +rw /etc/rancher/rke2/rke2.yaml
ec2-user@ip-10-0-23-127:~> kubectl get pods -A
The connection to the server 127.0.0.1:6443 was refused - did you specify the right host or port?
kubectl create namespace cattle-system## The following commands assumes the public TLS certficate, normally named fullchain.pem, exists in the local directory as tls.crt; and the associated private key, normally named privkey.pem, exists in the local directory as tls.key.#Examine the TLS cert, if desired:openssl x509 -noout --text -in tls.crt | less
kubectl -n cattle-system create secret tls tls-rancher-ingress \
--cert=tls.crt \
--key=tls.key
# Note that helm is only available (AFAICT) in PackageHub and software.opensuse.org
sudo SUSEConnect -p PackageHub/15.3/x86_64
sudo zypper -n in helm
# Alternately, you can use the rancher-stable or rancher-alpha repos, if you prefer
helm repo add rancher-latest https://releases.rancher.com/server-charts/latest############################BOOTSTRAPPW="Rancher4Me" ## Change if you'd like############################# Verify the variables before the next step:echo ${FQDN}; echo ${BOOTSTRAPPW}
helm install rancher rancher-latest/rancher \
--namespace cattle-system \
--set hostname=${FQDN} \
--set bootstrapPassword=${BOOTSTRAPPW} \
--set ingress.tls.source=secret# Rancher server consists of two deployments, rancher and rancher-webhookwatch -c kubectl -n cattle-system get deploy