From 34a883e7c0c08f54e3ea906cfdf3e9a9b9f29791 Mon Sep 17 00:00:00 2001 From: Jason Greathouse Date: Fri, 9 Nov 2018 13:34:20 -0600 Subject: [PATCH 1/2] add extraAnnotation and addLocal options --- .../ha/helm-rancher/chart-options/_index.md | 26 ++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) diff --git a/content/rancher/v2.x/en/installation/ha/helm-rancher/chart-options/_index.md b/content/rancher/v2.x/en/installation/ha/helm-rancher/chart-options/_index.md index 39e9cf47214..71ed192c7bd 100644 --- a/content/rancher/v2.x/en/installation/ha/helm-rancher/chart-options/_index.md +++ b/content/rancher/v2.x/en/installation/ha/helm-rancher/chart-options/_index.md @@ -20,6 +20,7 @@ weight: 276 | Option | Default Value | Description | | --- | --- | --- | | `additionalTrustedCAs` | false | `bool` - See [Additional Trusted CAs](#additional-trusted-cas) | +| `addLocal` | "auto" | `string` - Have Rancher detect and import the "local" Rancher server cluster [Import "local Cluster](#import-local-cluster) | | `auditLog.destination` | "sidecar" | `string` - Stream to sidecar container console or hostPath volume - "sidecar, hostPath" | | `auditLog.hostPath` | "/var/log/rancher/audit" | `string` - log file destination on host | | `auditLog.level` | 0 | `int` - set the [API Audit Log]({{< baseurl >}}/rancher/v2.x/en/installation/api-auditing) level. 0 is off. [0-3] | @@ -28,7 +29,8 @@ weight: 276 | `auditLog.maxSize` | 100 | `int` - maximum size in megabytes of the audit log file before it gets rotated | | `debug` | false | `bool` - set debug flag on rancher server | | `imagePullSecrets` | [] | `list` - list of names of Secret resource containing private registry credentials | -| `proxy` | "" | `string` - string - HTTP[S] proxy server for Rancher | +| `ingress.extraAnnotations` | {} | `map` - additional annotations to customize the ingress | +| `proxy` | "" | `string` - HTTP[S] proxy server for Rancher | | `noProxy` | "127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16" | `string` - comma separated list of hostnames or ip address not to use the proxy | | `resources` | {} | `map` - rancher pod resource requests & limits | | `rancherImage` | "rancher/rancher" | `string` - rancher image source | @@ -51,6 +53,28 @@ By default enabling Audit Logging will create a sidecar container in the Rancher Set the `auditLog.destination` to `hostPath` to forward logs to volume shared with the host system instead of streaming to a sidecar container. When setting the destination to `hostPath` you may want to adjust the other auditLog parameters for log rotation. +### Import "local" Cluster + +By default Rancher server will detect and import the "local" cluster its running on. User with access to the "local" cluster will essentially have "root" access to all the clusters managed by Rancher server. + +If this is a concern in your environment you can set this option to "false" on your initial install. + +> Note: This option is only effective on the initial Rancher install. See [Issue 16522](https://github.com/rancher/rancher/issues/16522) for more information. + +```plain +--set addLocal="false" +``` + +### Customizing your Ingress + +To customize or use a different ingress with Rancher server you can set your own Ingress annotations. + +Example on setting a custom certificate issuer: + +```plain + --set ingress.extraAnnotations.'certmanager\.k8s\.io/cluster-issuer'=ca-key-pair +``` + ### HTTP Proxy Rancher requires internet access for some functionality (helm charts). Use `proxy` to set your proxy server. From 0965591c6720673082488cda90fe3b4002c13306 Mon Sep 17 00:00:00 2001 From: Jason Greathouse Date: Fri, 9 Nov 2018 16:49:24 -0600 Subject: [PATCH 2/2] format changes --- .../en/installation/ha/helm-rancher/chart-options/_index.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/rancher/v2.x/en/installation/ha/helm-rancher/chart-options/_index.md b/content/rancher/v2.x/en/installation/ha/helm-rancher/chart-options/_index.md index 71ed192c7bd..d14b9c29063 100644 --- a/content/rancher/v2.x/en/installation/ha/helm-rancher/chart-options/_index.md +++ b/content/rancher/v2.x/en/installation/ha/helm-rancher/chart-options/_index.md @@ -53,9 +53,9 @@ By default enabling Audit Logging will create a sidecar container in the Rancher Set the `auditLog.destination` to `hostPath` to forward logs to volume shared with the host system instead of streaming to a sidecar container. When setting the destination to `hostPath` you may want to adjust the other auditLog parameters for log rotation. -### Import "local" Cluster +### Import `local` Cluster -By default Rancher server will detect and import the "local" cluster its running on. User with access to the "local" cluster will essentially have "root" access to all the clusters managed by Rancher server. +By default Rancher server will detect and import the `local` cluster it's running on. User with access to the `local` cluster will essentially have "root" access to all the clusters managed by Rancher server. If this is a concern in your environment you can set this option to "false" on your initial install.