Add separate examples for Rancher Helm install with privateCA

2026-05-16 18:13:17 +00:00 · 2020-05-01 13:31:16 -07:00
parent 7bf0696cd5
commit 960a0938ba
6 changed files with 76 additions and 8 deletions
@@ -200,7 +200,6 @@ Although an entry in the `Subject Alternative Names` is technically required, ha

 - Set the `hostname`.
 - Set `ingress.tls.source` to `secret`.
- If you are using a Private CA signed certificate , add `--set privateCA=true` to the command shown below.
 - If you are installing an alpha version, Helm requires adding the `--devel` option to the command. 

 ```
@@ -210,6 +209,16 @@ helm install rancher rancher-<CHART_REPO>/rancher \
  --set ingress.tls.source=secret
 ```

+If you are using a Private CA signed certificate , add `--set privateCA=true` to the command:
+
+```
+helm install rancher rancher-latest/rancher \
+  --namespace cattle-system \
+  --set hostname=rancher.my.org \
+  --set ingress.tls.source=secret \
+  --set privateCA=true
+```
+
 Now that Rancher is deployed, see [Adding TLS Secrets]({{<baseurl>}}/rancher/v2.x/en/installation/options/tls-secrets/) to publish the certificate files so Rancher and the Ingress controller can use them.
 {{% /tab %}}
 {{% /tabs %}}
@@ -132,13 +132,12 @@ Create Kubernetes secrets from your own certificates for Rancher to use. The com

 Render the Rancher template, declaring your chosen options. Use the reference table below to replace each placeholder. Rancher needs to be configured to use the private registry in order to provision any Rancher launched Kubernetes clusters or Rancher tools.

-If you are using a Private CA signed cert, add `--set privateCA=true` following `--set ingress.tls.source=secret`.
-
 | Placeholder                      | Description                                     |
 | -------------------------------- | ----------------------------------------------- |
 | `<VERSION>`                      | The version number of the output tarball.       |
 | `<RANCHER.YOURDOMAIN.COM>`       | The DNS name you pointed at your load balancer. |
 | `<REGISTRY.YOURDOMAIN.COM:PORT>` | The DNS name for your private registry.         |
+
 ```plain
   helm template ./rancher-<VERSION>.tgz --output-dir . \
    --name rancher \
@@ -150,6 +149,20 @@ If you are using a Private CA signed cert, add `--set privateCA=true` following
    --set useBundledSystemChart=true # Available as of v2.3.0, use the packaged Rancher system charts
 ```

+If you are using a Private CA signed cert, add `--set privateCA=true` following `--set ingress.tls.source=secret`:
+
+```plain
+   helm template ./rancher-<VERSION>.tgz --output-dir . \
+    --name rancher \
+    --namespace cattle-system \
+    --set hostname=<RANCHER.YOURDOMAIN.COM> \
+    --set rancherImage=<REGISTRY.YOURDOMAIN.COM:PORT>/rancher/rancher \
+    --set ingress.tls.source=secret \
+    --set privateCA=true \
+    --set systemDefaultRegistry=<REGISTRY.YOURDOMAIN.COM:PORT> \ # Available as of v2.2.0, set a default private registry to be used in Rancher
+    --set useBundledSystemChart=true # Available as of v2.3.0, use the packaged Rancher system charts
+```
+
 Then refer to [Adding TLS Secrets]({{<baseurl>}}/rancher/v2.x/en/installation/options/tls-secrets/) to publish the certificate files so Rancher and the ingress controller can use them.

 {{% /accordion %}}
@@ -156,7 +156,6 @@ Create Kubernetes secrets from your own certificates for Rancher to use.
 > **Note:** The `Common Name` or a `Subject Alternative Names` entry in the server certificate must match the `hostname` option, or the ingress controller will fail to configure correctly. Although an entry in the `Subject Alternative Names` is technically required, having a matching `Common Name` maximizes compatibility with older browsers/applications. If you want to check if your certificates are correct, see [How do I check Common Name and Subject Alternative Names in my server certificate?]({{<baseurl>}}/rancher/v2.x/en/faq/technical/#how-do-i-check-common-name-and-subject-alternative-names-in-my-server-certificate)

 - Set `hostname` and set `ingress.tls.source` to `secret`.
- If you are using a Private CA signed certificate , add `--set privateCA=true` to the command shown below.
 - If you are installing an alpha version, Helm requires adding the `--devel` option to the command. 

 ```
@@ -167,6 +166,17 @@ helm install rancher-<CHART_REPO>/rancher \
  --set ingress.tls.source=secret
 ```

+If you are using a Private CA signed certificate , add `--set privateCA=true` to the command:
+
+```
+helm install rancher-<CHART_REPO>/rancher \
+  --name rancher \
+  --namespace cattle-system \
+  --set hostname=rancher.my.org \
+  --set ingress.tls.source=secret
+  --set privateCA=true
+```
+
 Now that Rancher is deployed, see [Adding TLS Secrets]({{<baseurl>}}/rancher/v2.x/en/installation/options/helm2/helm-rancher/tls-secrets/) to publish the certificate files so Rancher and the ingress controller can use them.

 After adding the secrets, check if Rancher was rolled out successfully:
@@ -131,13 +131,12 @@ Create Kubernetes secrets from your own certificates for Rancher to use. The com

 Render the Rancher template, declaring your chosen options. Use the reference table below to replace each placeholder. Rancher needs to be configured to use the private registry in order to provision any Rancher launched Kubernetes clusters or Rancher tools.

-If you are using a Private CA signed cert, add `--set privateCA=true` following `--set ingress.tls.source=secret`.
-
 | Placeholder                      | Description                                     |
 | -------------------------------- | ----------------------------------------------- |
 | `<VERSION>`                      | The version number of the output tarball.       |
 | `<RANCHER.YOURDOMAIN.COM>`       | The DNS name you pointed at your load balancer. |
 | `<REGISTRY.YOURDOMAIN.COM:PORT>` | The DNS name for your private registry.         |
+
 ```plain
   helm template rancher ./rancher-<VERSION>.tgz --output-dir . \
    --namespace cattle-system \
@@ -148,6 +147,19 @@ If you are using a Private CA signed cert, add `--set privateCA=true` following
    --set useBundledSystemChart=true # Available as of v2.3.0, use the packaged Rancher system charts
 ```

+If you are using a Private CA signed cert, add `--set privateCA=true` following `--set ingress.tls.source=secret`:
+
+```plain
+   helm template rancher ./rancher-<VERSION>.tgz --output-dir . \
+    --namespace cattle-system \
+    --set hostname=<RANCHER.YOURDOMAIN.COM> \
+    --set rancherImage=<REGISTRY.YOURDOMAIN.COM:PORT>/rancher/rancher \
+    --set ingress.tls.source=secret \
+    --set privateCA=true \
+    --set systemDefaultRegistry=<REGISTRY.YOURDOMAIN.COM:PORT> \ # Available as of v2.2.0, set a default private registry to be used in Rancher
+    --set useBundledSystemChart=true # Available as of v2.3.0, use the packaged Rancher system charts
+```
+
 **Optional**: To install a specific Rancher version, set the `rancherImageTag` value, example: `--set rancherImageTag=v2.3.6`

 Then refer to [Adding TLS Secrets]({{<baseurl>}}/rancher/v2.x/en/installation/options/tls-secrets/) to publish the certificate files so Rancher and the ingress controller can use them.
@@ -158,7 +158,18 @@ helm template ./rancher-<VERSION>.tgz --output-dir . \
 {{% /accordion %}}
 {{% accordion id="secret" label="Option B: Certificates From Files using Kubernetes Secrets" %}}

->**Note:** If you are using a Private CA signed cert, add `--set privateCA=true` following `--set ingress.tls.source=secret`.
+```plain
+helm template ./rancher-<VERSION>.tgz --output-dir . \
+--name rancher \
+--namespace cattle-system \
+--set hostname=<RANCHER.YOURDOMAIN.COM> \
+--set rancherImage=<REGISTRY.YOURDOMAIN.COM:PORT>/rancher/rancher \
+--set ingress.tls.source=secret \
+--set systemDefaultRegistry=<REGISTRY.YOURDOMAIN.COM:PORT> \ # Available as of v2.2.0, set a default private registry to be used in Rancher
+--set useBundledSystemChart=true # Available as of v2.3.0, use the packaged Rancher system charts
+```
+
+If you are using a Private CA signed cert, add `--set privateCA=true` following `--set ingress.tls.source=secret`:

 ```plain
 helm template ./rancher-<VERSION>.tgz --output-dir . \
@@ -167,6 +178,7 @@ helm template ./rancher-<VERSION>.tgz --output-dir . \
 --set hostname=<RANCHER.YOURDOMAIN.COM> \
 --set rancherImage=<REGISTRY.YOURDOMAIN.COM:PORT>/rancher/rancher \
 --set ingress.tls.source=secret \
+--set privateCA=true \
 --set systemDefaultRegistry=<REGISTRY.YOURDOMAIN.COM:PORT> \ # Available as of v2.2.0, set a default private registry to be used in Rancher
 --set useBundledSystemChart=true # Available as of v2.3.0, use the packaged Rancher system charts
 ```
@@ -160,7 +160,18 @@ helm template ./rancher-<VERSION>.tgz --output-dir . \
 {{% /accordion %}}
 {{% accordion id="secret" label="Option B: Certificates From Files using Kubernetes Secrets" %}}

->**Note:** If you are using a Private CA signed cert, add `--set privateCA=true` following `--set ingress.tls.source=secret`.
+```plain
+helm template ./rancher-<VERSION>.tgz --output-dir . \
+--name rancher \
+--namespace cattle-system \
+--set hostname=<RANCHER.YOURDOMAIN.COM> \
+--set rancherImage=<REGISTRY.YOURDOMAIN.COM:PORT>/rancher/rancher \
+--set ingress.tls.source=secret \
+--set systemDefaultRegistry=<REGISTRY.YOURDOMAIN.COM:PORT> \ # Available as of v2.2.0, set a default private registry to be used in Rancher
+--set useBundledSystemChart=true # Available as of v2.3.0, use the packaged Rancher system charts
+```
+
+If you are using a Private CA signed cert, add `--set privateCA=true` following `--set ingress.tls.source=secret`:

 ```plain
 helm template ./rancher-<VERSION>.tgz --output-dir . \
@@ -169,6 +180,7 @@ helm template ./rancher-<VERSION>.tgz --output-dir . \
 --set hostname=<RANCHER.YOURDOMAIN.COM> \
 --set rancherImage=<REGISTRY.YOURDOMAIN.COM:PORT>/rancher/rancher \
 --set ingress.tls.source=secret \
+--set privateCA=true \
 --set systemDefaultRegistry=<REGISTRY.YOURDOMAIN.COM:PORT> \ # Available as of v2.2.0, set a default private registry to be used in Rancher
 --set useBundledSystemChart=true # Available as of v2.3.0, use the packaged Rancher system charts
 ```