diff --git a/content/rancher/v2.x/en/installation/options/cluster-yml-templates/3-node-certificate-recognizedca/_index.md b/content/rancher/v2.x/en/installation/options/cluster-yml-templates/3-node-certificate-recognizedca/_index.md new file mode 100644 index 00000000000..b67ccc5370e --- /dev/null +++ b/content/rancher/v2.x/en/installation/options/cluster-yml-templates/3-node-certificate-recognizedca/_index.md @@ -0,0 +1,160 @@ +--- +title: Template for an RKE Cluster with a Certificate Signed by Recognized CA and a Layer 4 Load Balancer +weight: 3 +--- + +RKE uses a cluster.yml file to install and configure your Kubernetes cluster. + +The following template can be used for the cluster.yml if you have a setup with: + +- Certificate signed by a recognized CA +- Layer 4 load balancer +- [NGINX Ingress controller](https://kubernetes.github.io/ingress-nginx/) + +> For more options, refer to [RKE Documentation: Config Options]({{}}/rke/latest/en/config-options/). + +```yaml +nodes: + - address: # hostname or IP to access nodes + user: # root user (usually 'root') + role: [controlplane,etcd,worker] # K8s roles for node + ssh_key_path: # path to PEM file + - address: + user: + role: [controlplane,etcd,worker] + ssh_key_path: + - address: + user: + role: [controlplane,etcd,worker] + ssh_key_path: + +services: + etcd: + snapshot: true + creation: 6h + retention: 24h + +addons: |- + --- + kind: Namespace + apiVersion: v1 + metadata: + name: cattle-system + --- + kind: ServiceAccount + apiVersion: v1 + metadata: + name: cattle-admin + namespace: cattle-system + --- + kind: ClusterRoleBinding + apiVersion: rbac.authorization.k8s.io/v1 + metadata: + name: cattle-crb + namespace: cattle-system + subjects: + - kind: ServiceAccount + name: cattle-admin + namespace: cattle-system + roleRef: + kind: ClusterRole + name: cluster-admin + apiGroup: rbac.authorization.k8s.io + --- + apiVersion: v1 + kind: Secret + metadata: + name: cattle-keys-ingress + namespace: cattle-system + type: Opaque + data: + tls.crt: # ssl cert for ingress. If self-signed, must be signed by same CA as cattle server + tls.key: # ssl key for ingress. If self-signed, must be signed by same CA as cattle server + --- + apiVersion: v1 + kind: Service + metadata: + namespace: cattle-system + name: cattle-service + labels: + app: cattle + spec: + ports: + - port: 80 + targetPort: 80 + protocol: TCP + name: http + - port: 443 + targetPort: 443 + protocol: TCP + name: https + selector: + app: cattle + --- + apiVersion: extensions/v1beta1 + kind: Ingress + metadata: + namespace: cattle-system + name: cattle-ingress-http + annotations: + nginx.ingress.kubernetes.io/proxy-connect-timeout: "30" + nginx.ingress.kubernetes.io/proxy-read-timeout: "1800" # Max time in seconds for ws to remain shell window open + nginx.ingress.kubernetes.io/proxy-send-timeout: "1800" # Max time in seconds for ws to remain shell window open + spec: + rules: + - host: # FQDN to access cattle server + http: + paths: + - backend: + serviceName: cattle-service + servicePort: 80 + tls: + - secretName: cattle-keys-ingress + hosts: + - # FQDN to access cattle server + --- + kind: Deployment + apiVersion: extensions/v1beta1 + metadata: + namespace: cattle-system + name: cattle + spec: + replicas: 1 + template: + metadata: + labels: + app: cattle + spec: + serviceAccountName: cattle-admin + containers: + # Rancher install via RKE addons is only supported up to v2.0.8 + - image: rancher/rancher:v2.0.8 + args: + - --no-cacerts + imagePullPolicy: Always + name: cattle-server + # env: + # - name: HTTP_PROXY + # value: "http://your_proxy_address:port" + # - name: HTTPS_PROXY + # value: "http://your_proxy_address:port" + # - name: NO_PROXY + # value: "localhost,127.0.0.1,0.0.0.0,10.43.0.0/16,your_network_ranges_that_dont_need_proxy_to_access" + livenessProbe: + httpGet: + path: /ping + port: 80 + initialDelaySeconds: 60 + periodSeconds: 60 + readinessProbe: + httpGet: + path: /ping + port: 80 + initialDelaySeconds: 20 + periodSeconds: 10 + ports: + - containerPort: 80 + protocol: TCP + - containerPort: 443 + protocol: TCP +``` \ No newline at end of file diff --git a/content/rancher/v2.x/en/installation/options/cluster-yml-templates/3-node-certificate/_index.md b/content/rancher/v2.x/en/installation/options/cluster-yml-templates/3-node-certificate/_index.md new file mode 100644 index 00000000000..9b24f5b39d5 --- /dev/null +++ b/content/rancher/v2.x/en/installation/options/cluster-yml-templates/3-node-certificate/_index.md @@ -0,0 +1,175 @@ +--- +title: Template for an RKE Cluster with a Self-signed Certificate and Layer 4 Load Balancer +weight: 2 +--- +RKE uses a cluster.yml file to install and configure your Kubernetes cluster. + +The following template can be used for the cluster.yml if you have a setup with: + +- Self-signed SSL +- Layer 4 load balancer +- [NGINX Ingress controller](https://kubernetes.github.io/ingress-nginx/) + +> For more options, refer to [RKE Documentation: Config Options]({{}}/rke/latest/en/config-options/). + +```yaml +nodes: + - address: # hostname or IP to access nodes + user: # root user (usually 'root') + role: [controlplane,etcd,worker] # K8s roles for node + ssh_key_path: # path to PEM file + - address: + user: + role: [controlplane,etcd,worker] + ssh_key_path: + - address: + user: + role: [controlplane,etcd,worker] + ssh_key_path: + +services: + etcd: + snapshot: true + creation: 6h + retention: 24h + +addons: |- + --- + kind: Namespace + apiVersion: v1 + metadata: + name: cattle-system + --- + kind: ServiceAccount + apiVersion: v1 + metadata: + name: cattle-admin + namespace: cattle-system + --- + kind: ClusterRoleBinding + apiVersion: rbac.authorization.k8s.io/v1 + metadata: + name: cattle-crb + namespace: cattle-system + subjects: + - kind: ServiceAccount + name: cattle-admin + namespace: cattle-system + roleRef: + kind: ClusterRole + name: cluster-admin + apiGroup: rbac.authorization.k8s.io + --- + apiVersion: v1 + kind: Secret + metadata: + name: cattle-keys-ingress + namespace: cattle-system + type: Opaque + data: + tls.crt: # ssl cert for ingress. If selfsigned, must be signed by same CA as cattle server + tls.key: # ssl key for ingress. If selfsigned, must be signed by same CA as cattle server + --- + apiVersion: v1 + kind: Secret + metadata: + name: cattle-keys-server + namespace: cattle-system + type: Opaque + data: + cacerts.pem: # CA cert used to sign cattle server cert and key + --- + apiVersion: v1 + kind: Service + metadata: + namespace: cattle-system + name: cattle-service + labels: + app: cattle + spec: + ports: + - port: 80 + targetPort: 80 + protocol: TCP + name: http + - port: 443 + targetPort: 443 + protocol: TCP + name: https + selector: + app: cattle + --- + apiVersion: extensions/v1beta1 + kind: Ingress + metadata: + namespace: cattle-system + name: cattle-ingress-http + annotations: + nginx.ingress.kubernetes.io/proxy-connect-timeout: "30" + nginx.ingress.kubernetes.io/proxy-read-timeout: "1800" # Max time in seconds for ws to remain shell window open + nginx.ingress.kubernetes.io/proxy-send-timeout: "1800" # Max time in seconds for ws to remain shell window open + spec: + rules: + - host: # FQDN to access cattle server + http: + paths: + - backend: + serviceName: cattle-service + servicePort: 80 + tls: + - secretName: cattle-keys-ingress + hosts: + - # FQDN to access cattle server + --- + kind: Deployment + apiVersion: extensions/v1beta1 + metadata: + namespace: cattle-system + name: cattle + spec: + replicas: 1 + template: + metadata: + labels: + app: cattle + spec: + serviceAccountName: cattle-admin + containers: + # Rancher install via RKE addons is only supported up to v2.0.8 + - image: rancher/rancher:v2.0.8 + imagePullPolicy: Always + name: cattle-server + # env: + # - name: HTTP_PROXY + # value: "http://your_proxy_address:port" + # - name: HTTPS_PROXY + # value: "http://your_proxy_address:port" + # - name: NO_PROXY + # value: "localhost,127.0.0.1,0.0.0.0,10.43.0.0/16,your_network_ranges_that_dont_need_proxy_to_access" + livenessProbe: + httpGet: + path: /ping + port: 80 + initialDelaySeconds: 60 + periodSeconds: 60 + readinessProbe: + httpGet: + path: /ping + port: 80 + initialDelaySeconds: 20 + periodSeconds: 10 + ports: + - containerPort: 80 + protocol: TCP + - containerPort: 443 + protocol: TCP + volumeMounts: + - mountPath: /etc/rancher/ssl + name: cattle-keys-volume + readOnly: true + volumes: + - name: cattle-keys-volume + secret: + defaultMode: 420 + secretName: cattle-keys-server +``` \ No newline at end of file diff --git a/content/rancher/v2.x/en/installation/options/cluster-yml-templates/3-node-externalssl-certificate/_index.md b/content/rancher/v2.x/en/installation/options/cluster-yml-templates/3-node-externalssl-certificate/_index.md new file mode 100644 index 00000000000..3130e66e547 --- /dev/null +++ b/content/rancher/v2.x/en/installation/options/cluster-yml-templates/3-node-externalssl-certificate/_index.md @@ -0,0 +1,156 @@ +--- +title: Template for an RKE Cluster with a Self-signed Certificate and SSL Termination on Layer 7 Load Balancer +weight: 3 +--- + +RKE uses a cluster.yml file to install and configure your Kubernetes cluster. + +The following template can be used for the cluster.yml if you have a setup with: + +- Layer 7 load balancer with self-signed SSL termination (HTTPS) +- [NGINX Ingress controller](https://kubernetes.github.io/ingress-nginx/) + +> For more options, refer to [RKE Documentation: Config Options]({{}}/rke/latest/en/config-options/). + +```yaml +nodes: + - address: # hostname or IP to access nodes + user: # root user (usually 'root') + role: [controlplane,etcd,worker] # K8s roles for node + ssh_key_path: # path to PEM file + - address: + user: + role: [controlplane,etcd,worker] + ssh_key_path: + - address: + user: + role: [controlplane,etcd,worker] + ssh_key_path: + +services: + etcd: + snapshot: true + creation: 6h + retention: 24h + +addons: |- + --- + kind: Namespace + apiVersion: v1 + metadata: + name: cattle-system + --- + kind: ServiceAccount + apiVersion: v1 + metadata: + name: cattle-admin + namespace: cattle-system + --- + kind: ClusterRoleBinding + apiVersion: rbac.authorization.k8s.io/v1 + metadata: + name: cattle-crb + namespace: cattle-system + subjects: + - kind: ServiceAccount + name: cattle-admin + namespace: cattle-system + roleRef: + kind: ClusterRole + name: cluster-admin + apiGroup: rbac.authorization.k8s.io + --- + apiVersion: v1 + kind: Secret + metadata: + name: cattle-keys-server + namespace: cattle-system + type: Opaque + data: + cacerts.pem: # CA cert used to sign cattle server cert and key + --- + apiVersion: v1 + kind: Service + metadata: + namespace: cattle-system + name: cattle-service + labels: + app: cattle + spec: + ports: + - port: 80 + targetPort: 80 + protocol: TCP + name: http + selector: + app: cattle + --- + apiVersion: extensions/v1beta1 + kind: Ingress + metadata: + namespace: cattle-system + name: cattle-ingress-http + annotations: + nginx.ingress.kubernetes.io/proxy-connect-timeout: "30" + nginx.ingress.kubernetes.io/proxy-read-timeout: "1800" # Max time in seconds for ws to remain shell window open + nginx.ingress.kubernetes.io/proxy-send-timeout: "1800" # Max time in seconds for ws to remain shell window open + nginx.ingress.kubernetes.io/ssl-redirect: "false" # Disable redirect to ssl + spec: + rules: + - host: + http: + paths: + - backend: + serviceName: cattle-service + servicePort: 80 + --- + kind: Deployment + apiVersion: extensions/v1beta1 + metadata: + namespace: cattle-system + name: cattle + spec: + replicas: 1 + template: + metadata: + labels: + app: cattle + spec: + serviceAccountName: cattle-admin + containers: + # Rancher install via RKE addons is only supported up to v2.0.8 + - image: rancher/rancher:v2.0.8 + imagePullPolicy: Always + name: cattle-server + # env: + # - name: HTTP_PROXY + # value: "http://your_proxy_address:port" + # - name: HTTPS_PROXY + # value: "http://your_proxy_address:port" + # - name: NO_PROXY + # value: "localhost,127.0.0.1,0.0.0.0,10.43.0.0/16,your_network_ranges_that_dont_need_proxy_to_access" + livenessProbe: + httpGet: + path: /ping + port: 80 + initialDelaySeconds: 60 + periodSeconds: 60 + readinessProbe: + httpGet: + path: /ping + port: 80 + initialDelaySeconds: 20 + periodSeconds: 10 + ports: + - containerPort: 80 + protocol: TCP + volumeMounts: + - mountPath: /etc/rancher/ssl + name: cattle-keys-volume + readOnly: true + volumes: + - name: cattle-keys-volume + secret: + defaultMode: 420 + secretName: cattle-keys-server +``` \ No newline at end of file diff --git a/content/rancher/v2.x/en/installation/options/cluster-yml-templates/3-node-externalssl-recognizedca/_index.md b/content/rancher/v2.x/en/installation/options/cluster-yml-templates/3-node-externalssl-recognizedca/_index.md new file mode 100644 index 00000000000..9aeff93bcf0 --- /dev/null +++ b/content/rancher/v2.x/en/installation/options/cluster-yml-templates/3-node-externalssl-recognizedca/_index.md @@ -0,0 +1,140 @@ +--- +title: Template for an RKE Cluster with a Recognized CA Certificate and SSL Termination on Layer 7 Load Balancer +weight: 4 +--- + +RKE uses a cluster.yml file to install and configure your Kubernetes cluster. + +The following template can be used for the cluster.yml if you have a setup with: + +- Layer 7 load balancer with SSL termination (HTTPS) +- [NGINX Ingress controller](https://kubernetes.github.io/ingress-nginx/) + +> For more options, refer to [RKE Documentation: Config Options]({{}}/rke/latest/en/config-options/). + +```yaml +nodes: + - address: # hostname or IP to access nodes + user: # root user (usually 'root') + role: [controlplane,etcd,worker] # K8s roles for node + ssh_key_path: # path to PEM file + - address: + user: + role: [controlplane,etcd,worker] + ssh_key_path: + - address: + user: + role: [controlplane,etcd,worker] + ssh_key_path: + +services: + etcd: + snapshot: true + creation: 6h + retention: 24h + +addons: |- + --- + kind: Namespace + apiVersion: v1 + metadata: + name: cattle-system + --- + kind: ServiceAccount + apiVersion: v1 + metadata: + name: cattle-admin + namespace: cattle-system + --- + kind: ClusterRoleBinding + apiVersion: rbac.authorization.k8s.io/v1 + metadata: + name: cattle-crb + namespace: cattle-system + subjects: + - kind: ServiceAccount + name: cattle-admin + namespace: cattle-system + roleRef: + kind: ClusterRole + name: cluster-admin + apiGroup: rbac.authorization.k8s.io + --- + apiVersion: v1 + kind: Service + metadata: + namespace: cattle-system + name: cattle-service + labels: + app: cattle + spec: + ports: + - port: 80 + targetPort: 80 + protocol: TCP + name: http + selector: + app: cattle + --- + apiVersion: extensions/v1beta1 + kind: Ingress + metadata: + namespace: cattle-system + name: cattle-ingress-http + annotations: + nginx.ingress.kubernetes.io/proxy-connect-timeout: "30" + nginx.ingress.kubernetes.io/proxy-read-timeout: "1800" # Max time in seconds for ws to remain shell window open + nginx.ingress.kubernetes.io/proxy-send-timeout: "1800" # Max time in seconds for ws to remain shell window open + nginx.ingress.kubernetes.io/ssl-redirect: "false" # Disable redirect to ssl + spec: + rules: + - host: + http: + paths: + - backend: + serviceName: cattle-service + servicePort: 80 + --- + kind: Deployment + apiVersion: extensions/v1beta1 + metadata: + namespace: cattle-system + name: cattle + spec: + replicas: 1 + template: + metadata: + labels: + app: cattle + spec: + serviceAccountName: cattle-admin + containers: + # Rancher install via RKE addons is only supported up to v2.0.8 + - image: rancher/rancher:v2.0.8 + args: + - --no-cacerts + imagePullPolicy: Always + name: cattle-server + # env: + # - name: HTTP_PROXY + # value: "http://your_proxy_address:port" + # - name: HTTPS_PROXY + # value: "http://your_proxy_address:port" + # - name: NO_PROXY + # value: "localhost,127.0.0.1,0.0.0.0,10.43.0.0/16,your_network_ranges_that_dont_need_proxy_to_access" + livenessProbe: + httpGet: + path: /ping + port: 80 + initialDelaySeconds: 60 + periodSeconds: 60 + readinessProbe: + httpGet: + path: /ping + port: 80 + initialDelaySeconds: 20 + periodSeconds: 10 + ports: + - containerPort: 80 + protocol: TCP +``` \ No newline at end of file diff --git a/content/rancher/v2.x/en/installation/options/cluster-yml-templates/_index.md b/content/rancher/v2.x/en/installation/options/cluster-yml-templates/_index.md new file mode 100644 index 00000000000..2e4c7d93f60 --- /dev/null +++ b/content/rancher/v2.x/en/installation/options/cluster-yml-templates/_index.md @@ -0,0 +1,8 @@ +--- +title: cluster.yml Templates +weight: 1 +--- + +RKE uses a cluster.yml file to install and configure your Kubernetes cluster. This section provides templates that can be used to create the cluster.yml. + +> For more cluster.yml options, refer to the[RKE configuration reference.]({{}}/rke/latest/en/config-options/). \ No newline at end of file diff --git a/content/rancher/v2.x/en/installation/options/helm2/rke-add-on/layer-4-lb/_index.md b/content/rancher/v2.x/en/installation/options/helm2/rke-add-on/layer-4-lb/_index.md index f3c16cb9404..6b88e593545 100644 --- a/content/rancher/v2.x/en/installation/options/helm2/rke-add-on/layer-4-lb/_index.md +++ b/content/rancher/v2.x/en/installation/options/helm2/rke-add-on/layer-4-lb/_index.md @@ -162,8 +162,8 @@ RKE uses a `.yml` config file to install and configure your Kubernetes cluster. 1. Download one of following templates, depending on the SSL certificate you're using. - - [Template for self-signed certificate
`3-node-certificate.yml`](https://raw.githubusercontent.com/rancher/rancher/master/rke-templates/3-node-certificate.yml) - - [Template for certificate signed by recognized CA
`3-node-certificate-recognizedca.yml`](https://raw.githubusercontent.com/rancher/rancher/master/rke-templates/3-node-certificate-recognizedca.yml) + - [Template for self-signed certificate
`3-node-certificate.yml`]({{}}/rancher/v2.x/en/installation/options/cluster-yml-templates/3-node-certificate) + - [Template for certificate signed by recognized CA
`3-node-certificate-recognizedca.yml`]({{}}/rancher/v2.x/en/installation/options/cluster-yml-templates/3-node-certificate-recognizedca) >**Advanced Config Options:** > diff --git a/content/rancher/v2.x/en/installation/options/helm2/rke-add-on/layer-7-lb/_index.md b/content/rancher/v2.x/en/installation/options/helm2/rke-add-on/layer-7-lb/_index.md index 379ccf801b5..f5485b14c82 100644 --- a/content/rancher/v2.x/en/installation/options/helm2/rke-add-on/layer-7-lb/_index.md +++ b/content/rancher/v2.x/en/installation/options/helm2/rke-add-on/layer-7-lb/_index.md @@ -112,8 +112,8 @@ RKE uses a YAML config file to install and configure your Kubernetes cluster. Th 1. Download one of following templates, depending on the SSL certificate you're using. - - [Template for self-signed certificate
`3-node-externalssl-certificate.yml`](https://raw.githubusercontent.com/rancher/rancher/master/rke-templates/3-node-externalssl-certificate.yml) - - [Template for certificate signed by recognized CA
`3-node-externalssl-recognizedca.yml`](https://raw.githubusercontent.com/rancher/rancher/master/rke-templates/3-node-externalssl-recognizedca.yml) + - [Template for self-signed certificate
`3-node-externalssl-certificate.yml`]({{}}/rancher/v2.x/en/installation/options/cluster-yml-templates/3-node-externalssl-certificate) + - [Template for certificate signed by recognized CA
`3-node-externalssl-recognizedca.yml`]({{}}/rancher/v2.x/en/installation/options/cluster-yml-templates/3-node-externalssl-recognizedca) >**Advanced Config Options:** > diff --git a/content/rancher/v2.x/en/installation/options/rke-add-on/layer-4-lb/_index.md b/content/rancher/v2.x/en/installation/options/rke-add-on/layer-4-lb/_index.md index d2aac77497f..f40f56075be 100644 --- a/content/rancher/v2.x/en/installation/options/rke-add-on/layer-4-lb/_index.md +++ b/content/rancher/v2.x/en/installation/options/rke-add-on/layer-4-lb/_index.md @@ -164,8 +164,8 @@ RKE uses a `.yml` config file to install and configure your Kubernetes cluster. 1. Download one of following templates, depending on the SSL certificate you're using. - - [Template for self-signed certificate
`3-node-certificate.yml`](https://raw.githubusercontent.com/rancher/rancher/master/rke-templates/3-node-certificate.yml) - - [Template for certificate signed by recognized CA
`3-node-certificate-recognizedca.yml`](https://raw.githubusercontent.com/rancher/rancher/master/rke-templates/3-node-certificate-recognizedca.yml) + - [Template for self-signed certificate
`3-node-certificate.yml`]({{}}/rancher/v2.x/en/installation/options/cluster-yml-templates/3-node-certificate) + - [Template for certificate signed by recognized CA
`3-node-certificate-recognizedca.yml`]({{}}/rancher/v2.x/en/installation/options/cluster-yml-templates/3-node-certificate-recognizedca) >**Advanced Config Options:** > diff --git a/content/rancher/v2.x/en/installation/options/rke-add-on/layer-7-lb/_index.md b/content/rancher/v2.x/en/installation/options/rke-add-on/layer-7-lb/_index.md index 0a99c09559c..a41889022ff 100644 --- a/content/rancher/v2.x/en/installation/options/rke-add-on/layer-7-lb/_index.md +++ b/content/rancher/v2.x/en/installation/options/rke-add-on/layer-7-lb/_index.md @@ -112,8 +112,8 @@ RKE uses a YAML config file to install and configure your Kubernetes cluster. Th 1. Download one of following templates, depending on the SSL certificate you're using. - - [Template for self-signed certificate
`3-node-externalssl-certificate.yml`](https://raw.githubusercontent.com/rancher/rancher/master/rke-templates/3-node-externalssl-certificate.yml) - - [Template for certificate signed by recognized CA
`3-node-externalssl-recognizedca.yml`](https://raw.githubusercontent.com/rancher/rancher/master/rke-templates/3-node-externalssl-recognizedca.yml) + - [Template for self-signed certificate
`3-node-externalssl-certificate.yml`]({{}}/rancher/v2.x/en/installation/options/cluster-yml-templates/3-node-externalssl-certificate) + - [Template for certificate signed by recognized CA
`3-node-externalssl-recognizedca.yml`]({{}}/rancher/v2.x/en/installation/options/cluster-yml-templates/3-node-externalssl-recognizedca) >**Advanced Config Options:** >