From 2aa6fae041fd513546ad2f85d54d1a9782d29b6a Mon Sep 17 00:00:00 2001 From: catherineluse Date: Tue, 20 Oct 2020 13:29:31 -0700 Subject: [PATCH] Restore cluster.yml examples --- .../3-node-certificate-recognizedca/_index.md | 164 ++++++++++++++++ .../3-node-certificate/_index.md | 179 ++++++++++++++++++ .../3-node-externalssl-certificate/_index.md | 4 +- .../3-node-externalssl-recognizedca/_index.md | 4 +- 4 files changed, 347 insertions(+), 4 deletions(-) create mode 100644 content/rancher/v2.x/en/installation/resources/advanced/cluster-yml-templates/3-node-certificate-recognizedca/_index.md create mode 100644 content/rancher/v2.x/en/installation/resources/advanced/cluster-yml-templates/3-node-certificate/_index.md diff --git a/content/rancher/v2.x/en/installation/resources/advanced/cluster-yml-templates/3-node-certificate-recognizedca/_index.md b/content/rancher/v2.x/en/installation/resources/advanced/cluster-yml-templates/3-node-certificate-recognizedca/_index.md new file mode 100644 index 00000000000..4a233f537a9 --- /dev/null +++ b/content/rancher/v2.x/en/installation/resources/advanced/cluster-yml-templates/3-node-certificate-recognizedca/_index.md @@ -0,0 +1,164 @@ +--- +title: Template for an RKE Cluster with a Certificate Signed by Recognized CA and a Layer 4 Load Balancer +weight: 3 +aliases: + - /rancher/v2.x/en/installation/options/cluster-yml-templates/3-node-certificate-recognizedca +--- + +RKE uses a cluster.yml file to install and configure your Kubernetes cluster. + +This template is intended to be used for RKE add-on installs, which are only supported up to Rancher v2.0.8. Please use the Rancher Helm chart if you are installing a newer Rancher version. + +The following template can be used for the cluster.yml if you have a setup with: + +- Certificate signed by a recognized CA +- Layer 4 load balancer +- [NGINX Ingress controller](https://kubernetes.github.io/ingress-nginx/) + +> For more options, refer to [RKE Documentation: Config Options]({{}}/rke/latest/en/config-options/). + +```yaml +nodes: + - address: # hostname or IP to access nodes + user: # root user (usually 'root') + role: [controlplane,etcd,worker] # K8s roles for node + ssh_key_path: # path to PEM file + - address: + user: + role: [controlplane,etcd,worker] + ssh_key_path: + - address: + user: + role: [controlplane,etcd,worker] + ssh_key_path: + +services: + etcd: + snapshot: true + creation: 6h + retention: 24h + +addons: |- + --- + kind: Namespace + apiVersion: v1 + metadata: + name: cattle-system + --- + kind: ServiceAccount + apiVersion: v1 + metadata: + name: cattle-admin + namespace: cattle-system + --- + kind: ClusterRoleBinding + apiVersion: rbac.authorization.k8s.io/v1 + metadata: + name: cattle-crb + namespace: cattle-system + subjects: + - kind: ServiceAccount + name: cattle-admin + namespace: cattle-system + roleRef: + kind: ClusterRole + name: cluster-admin + apiGroup: rbac.authorization.k8s.io + --- + apiVersion: v1 + kind: Secret + metadata: + name: cattle-keys-ingress + namespace: cattle-system + type: Opaque + data: + tls.crt: # ssl cert for ingress. If self-signed, must be signed by same CA as cattle server + tls.key: # ssl key for ingress. If self-signed, must be signed by same CA as cattle server + --- + apiVersion: v1 + kind: Service + metadata: + namespace: cattle-system + name: cattle-service + labels: + app: cattle + spec: + ports: + - port: 80 + targetPort: 80 + protocol: TCP + name: http + - port: 443 + targetPort: 443 + protocol: TCP + name: https + selector: + app: cattle + --- + apiVersion: extensions/v1beta1 + kind: Ingress + metadata: + namespace: cattle-system + name: cattle-ingress-http + annotations: + nginx.ingress.kubernetes.io/proxy-connect-timeout: "30" + nginx.ingress.kubernetes.io/proxy-read-timeout: "1800" # Max time in seconds for ws to remain shell window open + nginx.ingress.kubernetes.io/proxy-send-timeout: "1800" # Max time in seconds for ws to remain shell window open + spec: + rules: + - host: # FQDN to access cattle server + http: + paths: + - backend: + serviceName: cattle-service + servicePort: 80 + tls: + - secretName: cattle-keys-ingress + hosts: + - # FQDN to access cattle server + --- + kind: Deployment + apiVersion: extensions/v1beta1 + metadata: + namespace: cattle-system + name: cattle + spec: + replicas: 1 + template: + metadata: + labels: + app: cattle + spec: + serviceAccountName: cattle-admin + containers: + # Rancher install via RKE addons is only supported up to v2.0.8 + - image: rancher/rancher:v2.0.8 + args: + - --no-cacerts + imagePullPolicy: Always + name: cattle-server + # env: + # - name: HTTP_PROXY + # value: "http://your_proxy_address:port" + # - name: HTTPS_PROXY + # value: "http://your_proxy_address:port" + # - name: NO_PROXY + # value: "localhost,127.0.0.1,0.0.0.0,10.43.0.0/16,your_network_ranges_that_dont_need_proxy_to_access" + livenessProbe: + httpGet: + path: /ping + port: 80 + initialDelaySeconds: 60 + periodSeconds: 60 + readinessProbe: + httpGet: + path: /ping + port: 80 + initialDelaySeconds: 20 + periodSeconds: 10 + ports: + - containerPort: 80 + protocol: TCP + - containerPort: 443 + protocol: TCP +``` \ No newline at end of file diff --git a/content/rancher/v2.x/en/installation/resources/advanced/cluster-yml-templates/3-node-certificate/_index.md b/content/rancher/v2.x/en/installation/resources/advanced/cluster-yml-templates/3-node-certificate/_index.md new file mode 100644 index 00000000000..ec05b5bc479 --- /dev/null +++ b/content/rancher/v2.x/en/installation/resources/advanced/cluster-yml-templates/3-node-certificate/_index.md @@ -0,0 +1,179 @@ +--- +title: Template for an RKE Cluster with a Self-signed Certificate and Layer 4 Load Balancer +weight: 2 +aliases: + - /rancher/v2.x/en/installation/options/cluster-yml-templates/3-node-certificate +--- +RKE uses a cluster.yml file to install and configure your Kubernetes cluster. + +This template is intended to be used for RKE add-on installs, which are only supported up to Rancher v2.0.8. Please use the Rancher Helm chart if you are installing a newer Rancher version. + +The following template can be used for the cluster.yml if you have a setup with: + +- Self-signed SSL +- Layer 4 load balancer +- [NGINX Ingress controller](https://kubernetes.github.io/ingress-nginx/) + +> For more options, refer to [RKE Documentation: Config Options]({{}}/rke/latest/en/config-options/). + +```yaml +nodes: + - address: # hostname or IP to access nodes + user: # root user (usually 'root') + role: [controlplane,etcd,worker] # K8s roles for node + ssh_key_path: # path to PEM file + - address: + user: + role: [controlplane,etcd,worker] + ssh_key_path: + - address: + user: + role: [controlplane,etcd,worker] + ssh_key_path: + +services: + etcd: + snapshot: true + creation: 6h + retention: 24h + +addons: |- + --- + kind: Namespace + apiVersion: v1 + metadata: + name: cattle-system + --- + kind: ServiceAccount + apiVersion: v1 + metadata: + name: cattle-admin + namespace: cattle-system + --- + kind: ClusterRoleBinding + apiVersion: rbac.authorization.k8s.io/v1 + metadata: + name: cattle-crb + namespace: cattle-system + subjects: + - kind: ServiceAccount + name: cattle-admin + namespace: cattle-system + roleRef: + kind: ClusterRole + name: cluster-admin + apiGroup: rbac.authorization.k8s.io + --- + apiVersion: v1 + kind: Secret + metadata: + name: cattle-keys-ingress + namespace: cattle-system + type: Opaque + data: + tls.crt: # ssl cert for ingress. If selfsigned, must be signed by same CA as cattle server + tls.key: # ssl key for ingress. If selfsigned, must be signed by same CA as cattle server + --- + apiVersion: v1 + kind: Secret + metadata: + name: cattle-keys-server + namespace: cattle-system + type: Opaque + data: + cacerts.pem: # CA cert used to sign cattle server cert and key + --- + apiVersion: v1 + kind: Service + metadata: + namespace: cattle-system + name: cattle-service + labels: + app: cattle + spec: + ports: + - port: 80 + targetPort: 80 + protocol: TCP + name: http + - port: 443 + targetPort: 443 + protocol: TCP + name: https + selector: + app: cattle + --- + apiVersion: extensions/v1beta1 + kind: Ingress + metadata: + namespace: cattle-system + name: cattle-ingress-http + annotations: + nginx.ingress.kubernetes.io/proxy-connect-timeout: "30" + nginx.ingress.kubernetes.io/proxy-read-timeout: "1800" # Max time in seconds for ws to remain shell window open + nginx.ingress.kubernetes.io/proxy-send-timeout: "1800" # Max time in seconds for ws to remain shell window open + spec: + rules: + - host: # FQDN to access cattle server + http: + paths: + - backend: + serviceName: cattle-service + servicePort: 80 + tls: + - secretName: cattle-keys-ingress + hosts: + - # FQDN to access cattle server + --- + kind: Deployment + apiVersion: extensions/v1beta1 + metadata: + namespace: cattle-system + name: cattle + spec: + replicas: 1 + template: + metadata: + labels: + app: cattle + spec: + serviceAccountName: cattle-admin + containers: + # Rancher install via RKE addons is only supported up to v2.0.8 + - image: rancher/rancher:v2.0.8 + imagePullPolicy: Always + name: cattle-server + # env: + # - name: HTTP_PROXY + # value: "http://your_proxy_address:port" + # - name: HTTPS_PROXY + # value: "http://your_proxy_address:port" + # - name: NO_PROXY + # value: "localhost,127.0.0.1,0.0.0.0,10.43.0.0/16,your_network_ranges_that_dont_need_proxy_to_access" + livenessProbe: + httpGet: + path: /ping + port: 80 + initialDelaySeconds: 60 + periodSeconds: 60 + readinessProbe: + httpGet: + path: /ping + port: 80 + initialDelaySeconds: 20 + periodSeconds: 10 + ports: + - containerPort: 80 + protocol: TCP + - containerPort: 443 + protocol: TCP + volumeMounts: + - mountPath: /etc/rancher/ssl + name: cattle-keys-volume + readOnly: true + volumes: + - name: cattle-keys-volume + secret: + defaultMode: 420 + secretName: cattle-keys-server +``` \ No newline at end of file diff --git a/content/rancher/v2.x/en/installation/resources/advanced/cluster-yml-templates/3-node-externalssl-certificate/_index.md b/content/rancher/v2.x/en/installation/resources/advanced/cluster-yml-templates/3-node-externalssl-certificate/_index.md index 3f840174b9e..593a42473c7 100644 --- a/content/rancher/v2.x/en/installation/resources/advanced/cluster-yml-templates/3-node-externalssl-certificate/_index.md +++ b/content/rancher/v2.x/en/installation/resources/advanced/cluster-yml-templates/3-node-externalssl-certificate/_index.md @@ -1,13 +1,13 @@ --- title: Template for an RKE Cluster with a Self-signed Certificate and SSL Termination on Layer 7 Load Balancer weight: 3 -aliases: +aliases: - /rancher/v2.x/en/installation/options/cluster-yml-templates/3-node-externalssl-certificate --- RKE uses a cluster.yml file to install and configure your Kubernetes cluster. -This template is intended to be used for RKE add-on installs, which are only supported up to Rancher v2.0.8. Please use the Rancher Helm chart if you are installing a newer Rancher version. For details, see the [Kubernetes Install - Installation Outline]({{}}/rancher/v2.x/en/installation/install-rancher-on-k8s/#installation-outline). +This template is intended to be used for RKE add-on installs, which are only supported up to Rancher v2.0.8. Please use the Rancher Helm chart if you are installing a newer Rancher version. The following template can be used for the cluster.yml if you have a setup with: diff --git a/content/rancher/v2.x/en/installation/resources/advanced/cluster-yml-templates/3-node-externalssl-recognizedca/_index.md b/content/rancher/v2.x/en/installation/resources/advanced/cluster-yml-templates/3-node-externalssl-recognizedca/_index.md index 316456d9e84..917a39af68c 100644 --- a/content/rancher/v2.x/en/installation/resources/advanced/cluster-yml-templates/3-node-externalssl-recognizedca/_index.md +++ b/content/rancher/v2.x/en/installation/resources/advanced/cluster-yml-templates/3-node-externalssl-recognizedca/_index.md @@ -1,13 +1,13 @@ --- title: Template for an RKE Cluster with a Recognized CA Certificate and SSL Termination on Layer 7 Load Balancer weight: 4 -aliases: +aliases: - /rancher/v2.x/en/installation/options/cluster-yml-templates/3-node-externalssl-recognizedca --- RKE uses a cluster.yml file to install and configure your Kubernetes cluster. -This template is intended to be used for RKE add-on installs, which are only supported up to Rancher v2.0.8. Please use the Rancher Helm chart if you are installing a newer Rancher version. For details, see the [Kubernetes Install - Installation Outline]({{}}/rancher/v2.x/en/installation/install-rancher-on-k8s/#installation-outline). +This template is intended to be used for RKE add-on installs, which are only supported up to Rancher v2.0.8. Please use the Rancher Helm chart if you are installing a newer Rancher version. The following template can be used for the cluster.yml if you have a setup with: