Projekte

User Tools

Site Tools

Trace: setup_on_pikvm
k8s:rancher:run_the_rancher_ui_as_a_container_image

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
k8s:rancher:run_the_rancher_ui_as_a_container_image [2023/08/17 21:58] – external edit (Unknown date) 127.0.0.1k8s:rancher:run_the_rancher_ui_as_a_container_image [2023/11/15 22:01] (current) admin
Line 1: Line 1:
 # Run the Rancher UI as a container image # Run the Rancher UI as a container image
  
-We use CentOS 8 as base distribution for running Rancher UI.+We use CentOS 8/9 as base distribution for running Rancher UI.
 Traditionally Rancher UI came in form of (docker) container images which conained the kubernetes cluster Rancher UI runs on. Traditionally Rancher UI came in form of (docker) container images which conained the kubernetes cluster Rancher UI runs on.
 This is now phased out in favor of a solution that launches a small kubernetes distribution directly instead of packaging it in a container. This is now phased out in favor of a solution that launches a small kubernetes distribution directly instead of packaging it in a container.
 +
 +## First install prerequisites
 +
 +```bash
 +sudo modprobe ip_tables && echo 'ip_tables' | sudo tee -a /etc/modules-load.d/rancher.conf
 +sudo firewall-cmd --zone=public --permanent --add-service=http
 +sudo firewall-cmd --zone=public --permanent --add-service=https
 +sudo firewall-cmd --zone=public --add-service=http
 +sudo firewall-cmd --zone=public --add-service=https
 +```
 +
 +## Getting a certificate using certbot
 +
 +We use `certbot` because this mimics the professional setup better which does not use letsencrypt but the acme api
 +
 +```bash
 +sudo certbot certonly --standalone --preferred-challenges http -d rancher.machine-deck.jeffries-tube.at
 +sudo nano /etc/letsencrypt/renewal/rancher.machine-deck.jeffries-tube.at.conf
 +# Add
 +#[renewalparams]
 +#[...]
 +#pre_hook = systemctl stop rancher
 +#post_hook = systemctl restart rancher
 +```
  
 ## Setting up Rancher UI using podman ## Setting up Rancher UI using podman
 +
 +_Note_: podman as root can not handle IPv6. A reverse proxy can handle IPv6 and then forward to IPv4.
  
 ```bash ```bash
-sudo podman create --network podman1 --p 80:80 -p 443:443 +sudo podman create --name rancher-2-a-b \ 
-  -e HTTP_PROXY="http://192.168.1.250:8080"+ -v /etc/letsencrypt/live/rancher.machine-deck.jeffries-tube.at/fullchain.pem:/etc/rancher/ssl/cert.pem \ 
-  -e HTTPS_PROXY="http://192.168.1.250:8080"+ -v /etc/letsencrypt/live/rancher.machine-deck.jeffries-tube.at/privkey.pem:/etc/rancher/ssl/key.pem 
-  -e NO_PROXY="localhost,127.0.0.1,0.0.0.0,10.0.0.0/8,cattle-system.svc,.svc,.cluster.local,192.168.1.0/24"+ -e HTTP_PROXY="http://192.168.1.250:8080"
-  -e no_proxy="localhost,127.0.0.1,0.0.0.0,10.0.0.0/8,cattle-system.svc,.svc,.cluster.local,192.168.1.0/24"+ -e HTTPS_PROXY="http://192.168.1.250:8080"
-  --privileged \ + -e NO_PROXY="localhost,127.0.0.1,0.0.0.0,10.0.0.0/8,cattle-system.svc,.svc,.cluster.local,192.168.1.0/24"
-  --name rancher-x-y-rancher/rancher:vx.y.--acme-domain rancher.machine-deck.jeffries-tube.at+ -e no_proxy="localhost,127.0.0.1,0.0.0.0,10.0.0.0/8,cattle-system.svc,.svc,.cluster.local,192.168.1.0/24"
 + --privileged \ 
 + -p 80:80 -p 443:443 --log-driver journald \ 
 + rancher/rancher:v2.a.--no-cacerts
 ``` ```
  
Line 25: Line 54:
 [Unit] [Unit]
 Description=Rancher Management Server Description=Rancher Management Server
-After=heketi.service 
-Wants=heketi.service 
- 
  
 [Service] [Service]
Line 48: Line 74:
 _Note:_ `sudo podman stop rancher` will result in an immediate restart. Use `sudo systemctl stop rancher` instead _Note:_ `sudo podman stop rancher` will result in an immediate restart. Use `sudo systemctl stop rancher` instead
  
 +Check the certbot timer
 +```bash
 +# watch
 +journalctl -f
 +# in another terminal
 +sudo certbot renew --standalone --dry-run
 +# This should stop and restart rancher
 +sudo systemctl enable --now certbot-renew.timer
 +```
 ## Upgrading to a new Rancher version ## Upgrading to a new Rancher version
  
Line 90: Line 125:
 ```bash ```bash
 sudo podman create --name rancher-2-a-b \ sudo podman create --name rancher-2-a-b \
-  -e HTTP_PROXY="http://192.168.1.250:8080"+ -v /etc/letsencrypt/live/rancher.machine-deck.jeffries-tube.at/fullchain.pem:/etc/rancher/ssl/cert.pem \ 
-  -e HTTPS_PROXY="http://192.168.1.250:8080"+ -v /etc/letsencrypt/live/rancher.machine-deck.jeffries-tube.at/privkey.pem:/etc/rancher/ssl/key.pem \ 
-  -e NO_PROXY="localhost,127.0.0.1,0.0.0.0,10.0.0.0/8,cattle-system.svc,.svc,.cluster.local,192.168.1.0/24"+ -e HTTP_PROXY="http://192.168.1.250:8080"
-  -e no_proxy="localhost,127.0.0.1,0.0.0.0,10.0.0.0/8,cattle-system.svc,.svc,.cluster.local,192.168.1.0/24"+ -e HTTPS_PROXY="http://192.168.1.250:8080"
-  --privileged \ + -e NO_PROXY="localhost,127.0.0.1,0.0.0.0,10.0.0.0/8,cattle-system.svc,.svc,.cluster.local,192.168.1.0/24"
-  -p 80:80 -p 443:443 --log-driver journald rancher/rancher:v2.a.b+ -e no_proxy="localhost,127.0.0.1,0.0.0.0,10.0.0.0/8,cattle-system.svc,.svc,.cluster.local,192.168.1.0/24"
 + --privileged \ 
 + -p 80:80 -p 443:443 --log-driver journald 
 + rancher/rancher:v2.a.b --no-cacerts
 ``` ```
 Now restore the backup of the entire configuration into the new container Now restore the backup of the entire configuration into the new container
k8s/rancher/run_the_rancher_ui_as_a_container_image.1692302322.txt.gz · Last modified: by 127.0.0.1