From 960a0938ba7fdc246cfd7db5765b2104e5a16c02 Mon Sep 17 00:00:00 2001 From: Catherine Luse Date: Fri, 1 May 2020 13:31:16 -0700 Subject: [PATCH] Add separate examples for Rancher Helm install with privateCA --- .../k8s-install/helm-rancher/_index.md | 11 ++++++++++- .../air-gap-helm2/install-rancher/_index.md | 17 +++++++++++++++-- .../options/helm2/helm-rancher/_index.md | 12 +++++++++++- .../air-gap/install-rancher/_index.md | 16 ++++++++++++++-- .../v2.x/en/upgrades/upgrades/ha/_index.md | 14 +++++++++++++- .../en/upgrades/upgrades/ha/helm2/_index.md | 14 +++++++++++++- 6 files changed, 76 insertions(+), 8 deletions(-) diff --git a/content/rancher/v2.x/en/installation/k8s-install/helm-rancher/_index.md b/content/rancher/v2.x/en/installation/k8s-install/helm-rancher/_index.md index dc7e7ac01ea..fbcb1377b9e 100644 --- a/content/rancher/v2.x/en/installation/k8s-install/helm-rancher/_index.md +++ b/content/rancher/v2.x/en/installation/k8s-install/helm-rancher/_index.md @@ -200,7 +200,6 @@ Although an entry in the `Subject Alternative Names` is technically required, ha - Set the `hostname`. - Set `ingress.tls.source` to `secret`. -- If you are using a Private CA signed certificate , add `--set privateCA=true` to the command shown below. - If you are installing an alpha version, Helm requires adding the `--devel` option to the command. ``` @@ -210,6 +209,16 @@ helm install rancher rancher-/rancher \ --set ingress.tls.source=secret ``` +If you are using a Private CA signed certificate , add `--set privateCA=true` to the command: + +``` +helm install rancher rancher-latest/rancher \ + --namespace cattle-system \ + --set hostname=rancher.my.org \ + --set ingress.tls.source=secret \ + --set privateCA=true +``` + Now that Rancher is deployed, see [Adding TLS Secrets]({{}}/rancher/v2.x/en/installation/options/tls-secrets/) to publish the certificate files so Rancher and the Ingress controller can use them. {{% /tab %}} {{% /tabs %}} diff --git a/content/rancher/v2.x/en/installation/options/air-gap-helm2/install-rancher/_index.md b/content/rancher/v2.x/en/installation/options/air-gap-helm2/install-rancher/_index.md index f5895de9604..25b92591799 100644 --- a/content/rancher/v2.x/en/installation/options/air-gap-helm2/install-rancher/_index.md +++ b/content/rancher/v2.x/en/installation/options/air-gap-helm2/install-rancher/_index.md @@ -132,13 +132,12 @@ Create Kubernetes secrets from your own certificates for Rancher to use. The com Render the Rancher template, declaring your chosen options. Use the reference table below to replace each placeholder. Rancher needs to be configured to use the private registry in order to provision any Rancher launched Kubernetes clusters or Rancher tools. -If you are using a Private CA signed cert, add `--set privateCA=true` following `--set ingress.tls.source=secret`. - | Placeholder | Description | | -------------------------------- | ----------------------------------------------- | | `` | The version number of the output tarball. | | `` | The DNS name you pointed at your load balancer. | | `` | The DNS name for your private registry. | + ```plain helm template ./rancher-.tgz --output-dir . \ --name rancher \ @@ -150,6 +149,20 @@ If you are using a Private CA signed cert, add `--set privateCA=true` following --set useBundledSystemChart=true # Available as of v2.3.0, use the packaged Rancher system charts ``` +If you are using a Private CA signed cert, add `--set privateCA=true` following `--set ingress.tls.source=secret`: + +```plain + helm template ./rancher-.tgz --output-dir . \ + --name rancher \ + --namespace cattle-system \ + --set hostname= \ + --set rancherImage=/rancher/rancher \ + --set ingress.tls.source=secret \ + --set privateCA=true \ + --set systemDefaultRegistry= \ # Available as of v2.2.0, set a default private registry to be used in Rancher + --set useBundledSystemChart=true # Available as of v2.3.0, use the packaged Rancher system charts +``` + Then refer to [Adding TLS Secrets]({{}}/rancher/v2.x/en/installation/options/tls-secrets/) to publish the certificate files so Rancher and the ingress controller can use them. {{% /accordion %}} diff --git a/content/rancher/v2.x/en/installation/options/helm2/helm-rancher/_index.md b/content/rancher/v2.x/en/installation/options/helm2/helm-rancher/_index.md index 239ed927a3b..cc723eacaa6 100644 --- a/content/rancher/v2.x/en/installation/options/helm2/helm-rancher/_index.md +++ b/content/rancher/v2.x/en/installation/options/helm2/helm-rancher/_index.md @@ -156,7 +156,6 @@ Create Kubernetes secrets from your own certificates for Rancher to use. > **Note:** The `Common Name` or a `Subject Alternative Names` entry in the server certificate must match the `hostname` option, or the ingress controller will fail to configure correctly. Although an entry in the `Subject Alternative Names` is technically required, having a matching `Common Name` maximizes compatibility with older browsers/applications. If you want to check if your certificates are correct, see [How do I check Common Name and Subject Alternative Names in my server certificate?]({{}}/rancher/v2.x/en/faq/technical/#how-do-i-check-common-name-and-subject-alternative-names-in-my-server-certificate) - Set `hostname` and set `ingress.tls.source` to `secret`. -- If you are using a Private CA signed certificate , add `--set privateCA=true` to the command shown below. - If you are installing an alpha version, Helm requires adding the `--devel` option to the command. ``` @@ -167,6 +166,17 @@ helm install rancher-/rancher \ --set ingress.tls.source=secret ``` +If you are using a Private CA signed certificate , add `--set privateCA=true` to the command: + +``` +helm install rancher-/rancher \ + --name rancher \ + --namespace cattle-system \ + --set hostname=rancher.my.org \ + --set ingress.tls.source=secret + --set privateCA=true +``` + Now that Rancher is deployed, see [Adding TLS Secrets]({{}}/rancher/v2.x/en/installation/options/helm2/helm-rancher/tls-secrets/) to publish the certificate files so Rancher and the ingress controller can use them. After adding the secrets, check if Rancher was rolled out successfully: diff --git a/content/rancher/v2.x/en/installation/other-installation-methods/air-gap/install-rancher/_index.md b/content/rancher/v2.x/en/installation/other-installation-methods/air-gap/install-rancher/_index.md index bf61b5f7647..94dc1d0d93c 100644 --- a/content/rancher/v2.x/en/installation/other-installation-methods/air-gap/install-rancher/_index.md +++ b/content/rancher/v2.x/en/installation/other-installation-methods/air-gap/install-rancher/_index.md @@ -131,13 +131,12 @@ Create Kubernetes secrets from your own certificates for Rancher to use. The com Render the Rancher template, declaring your chosen options. Use the reference table below to replace each placeholder. Rancher needs to be configured to use the private registry in order to provision any Rancher launched Kubernetes clusters or Rancher tools. -If you are using a Private CA signed cert, add `--set privateCA=true` following `--set ingress.tls.source=secret`. - | Placeholder | Description | | -------------------------------- | ----------------------------------------------- | | `` | The version number of the output tarball. | | `` | The DNS name you pointed at your load balancer. | | `` | The DNS name for your private registry. | + ```plain helm template rancher ./rancher-.tgz --output-dir . \ --namespace cattle-system \ @@ -148,6 +147,19 @@ If you are using a Private CA signed cert, add `--set privateCA=true` following --set useBundledSystemChart=true # Available as of v2.3.0, use the packaged Rancher system charts ``` +If you are using a Private CA signed cert, add `--set privateCA=true` following `--set ingress.tls.source=secret`: + +```plain + helm template rancher ./rancher-.tgz --output-dir . \ + --namespace cattle-system \ + --set hostname= \ + --set rancherImage=/rancher/rancher \ + --set ingress.tls.source=secret \ + --set privateCA=true \ + --set systemDefaultRegistry= \ # Available as of v2.2.0, set a default private registry to be used in Rancher + --set useBundledSystemChart=true # Available as of v2.3.0, use the packaged Rancher system charts +``` + **Optional**: To install a specific Rancher version, set the `rancherImageTag` value, example: `--set rancherImageTag=v2.3.6` Then refer to [Adding TLS Secrets]({{}}/rancher/v2.x/en/installation/options/tls-secrets/) to publish the certificate files so Rancher and the ingress controller can use them. diff --git a/content/rancher/v2.x/en/upgrades/upgrades/ha/_index.md b/content/rancher/v2.x/en/upgrades/upgrades/ha/_index.md index 6b57e500f0a..cd17c75caa3 100644 --- a/content/rancher/v2.x/en/upgrades/upgrades/ha/_index.md +++ b/content/rancher/v2.x/en/upgrades/upgrades/ha/_index.md @@ -158,7 +158,18 @@ helm template ./rancher-.tgz --output-dir . \ {{% /accordion %}} {{% accordion id="secret" label="Option B: Certificates From Files using Kubernetes Secrets" %}} ->**Note:** If you are using a Private CA signed cert, add `--set privateCA=true` following `--set ingress.tls.source=secret`. +```plain +helm template ./rancher-.tgz --output-dir . \ +--name rancher \ +--namespace cattle-system \ +--set hostname= \ +--set rancherImage=/rancher/rancher \ +--set ingress.tls.source=secret \ +--set systemDefaultRegistry= \ # Available as of v2.2.0, set a default private registry to be used in Rancher +--set useBundledSystemChart=true # Available as of v2.3.0, use the packaged Rancher system charts +``` + +If you are using a Private CA signed cert, add `--set privateCA=true` following `--set ingress.tls.source=secret`: ```plain helm template ./rancher-.tgz --output-dir . \ @@ -167,6 +178,7 @@ helm template ./rancher-.tgz --output-dir . \ --set hostname= \ --set rancherImage=/rancher/rancher \ --set ingress.tls.source=secret \ +--set privateCA=true \ --set systemDefaultRegistry= \ # Available as of v2.2.0, set a default private registry to be used in Rancher --set useBundledSystemChart=true # Available as of v2.3.0, use the packaged Rancher system charts ``` diff --git a/content/rancher/v2.x/en/upgrades/upgrades/ha/helm2/_index.md b/content/rancher/v2.x/en/upgrades/upgrades/ha/helm2/_index.md index da4d7ba5cd6..59bacf23036 100644 --- a/content/rancher/v2.x/en/upgrades/upgrades/ha/helm2/_index.md +++ b/content/rancher/v2.x/en/upgrades/upgrades/ha/helm2/_index.md @@ -160,7 +160,18 @@ helm template ./rancher-.tgz --output-dir . \ {{% /accordion %}} {{% accordion id="secret" label="Option B: Certificates From Files using Kubernetes Secrets" %}} ->**Note:** If you are using a Private CA signed cert, add `--set privateCA=true` following `--set ingress.tls.source=secret`. +```plain +helm template ./rancher-.tgz --output-dir . \ +--name rancher \ +--namespace cattle-system \ +--set hostname= \ +--set rancherImage=/rancher/rancher \ +--set ingress.tls.source=secret \ +--set systemDefaultRegistry= \ # Available as of v2.2.0, set a default private registry to be used in Rancher +--set useBundledSystemChart=true # Available as of v2.3.0, use the packaged Rancher system charts +``` + +If you are using a Private CA signed cert, add `--set privateCA=true` following `--set ingress.tls.source=secret`: ```plain helm template ./rancher-.tgz --output-dir . \ @@ -169,6 +180,7 @@ helm template ./rancher-.tgz --output-dir . \ --set hostname= \ --set rancherImage=/rancher/rancher \ --set ingress.tls.source=secret \ +--set privateCA=true \ --set systemDefaultRegistry= \ # Available as of v2.2.0, set a default private registry to be used in Rancher --set useBundledSystemChart=true # Available as of v2.3.0, use the packaged Rancher system charts ```