search

techno-tim / k3s-ansible

The easiest way to bootstrap a self-hosted High Availability Kubernetes cluster. A fully automated HA k3s etcd install with kube-vip, MetalLB, and more. Build. Destroy. Repeat.
https://technotim.live/posts/k3s-etcd-ansible/
Apache License 2.0
2.41k stars 1.05k forks source link

How to include rancher GUI and Longhorn #35

Closed christofer-f closed 2 years ago

christofer-f commented 2 years ago

Hi and thanks for a great script!

I am trying to run this on a single workstation for testing purposes... and I have some questions:

In hosts.ini should I remove the node section?

[master]
localhost ansible_connection=local

[node]
localhost ansible_connection=local

[k3s_cluster:children]
master
node

I fail to install rancher and longhorn... 

curl -#L https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash
helm repo add rancher-latest https://releases.rancher.com/server-charts/latest
helm repo add jetstack https://charts.jetstack.io
kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.6.1/cert-manager.crds.yaml

# helm install jetstack
helm upgrade -i cert-manager jetstack/cert-manager --namespace cert-manager --create-namespace

helm upgrade -i rancher rancher-latest/rancher --create-namespace --namespace cattle-system --set hostname=rancher.localhost --set bootstrapPassword=mysecretpass --set replicas=1

What am I doing wrong? Can rancher and longhorn be included in the script?

jinja2ninja commented 2 years ago

I'm having similar issues (most likely just due to my lack of kubernetes understanding). I can get rancher to work, but it still wants to use the default ingress so I can't get SSL working. In my case cert manager fails to do its dns-01 challenge (the dns records get created, but cert manager never sees it). I assume this has something to do with not having the standard k3s ingress installed

jinja2ninja commented 2 years ago

@christofer-f I was able to get cert manager working by following Tim's docs to install Traefik. I then created a clusterissuer for cert-manager that uses the dns-01 challenge (my cluster is on my lan so I can't resolve anything externally). With the clusterissuer I was able to make a cert for rancher with a yaml file

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: tls-rancher-ingress
  namespace: cattle-system
spec:
  secretName: tls-rancher-ingress
  issuerRef:
    name: letsencrypt-prod
    kind: ClusterIssuer
  dnsNames:
  - rancher.your.domain

https://docs.technotim.live/posts/k3s-traefik-rancher/#install-traefik-2