Differences

This shows you the differences between two versions of the page.

--- k8s:rancher:run_the_rancher_ui_as_a_container_image [2023/11/11 22:02] – admin
+++ k8s:rancher:run_the_rancher_ui_as_a_container_image [2023/11/15 22:01] (current) – admin
@@ Line 1: / Line 1: @@
 # Run the Rancher UI as a container image
-We use CentOS 8 as base distribution for running Rancher UI.
+We use CentOS 8/9 as base distribution for running Rancher UI.
 Traditionally Rancher UI came in form of (docker) container images which conained the kubernetes cluster Rancher UI runs on.
 This is now phased out in favor of a solution that launches a small kubernetes distribution directly instead of packaging it in a container.
+## First install prerequisites
+```bash
+sudo modprobe ip_tables && echo 'ip_tables' | sudo tee -a /etc/modules-load.d/rancher.conf
+sudo firewall-cmd --zone=public --permanent --add-service=http
+sudo firewall-cmd --zone=public --permanent --add-service=https
+sudo firewall-cmd --zone=public --add-service=http
+sudo firewall-cmd --zone=public --add-service=https
+```
 ## Getting a certificate using certbot
@@ Line 24: / Line 34: @@
 ```bash
-sudo podman create --name rancher-2-7-9 \
+sudo podman create --name rancher-2-a-b \
  -v /etc/letsencrypt/live/rancher.machine-deck.jeffries-tube.at/fullchain.pem:/etc/rancher/ssl/cert.pem \
  -v /etc/letsencrypt/live/rancher.machine-deck.jeffries-tube.at/privkey.pem:/etc/rancher/ssl/key.pem \
@@ Line 33: / Line 43: @@
  --privileged \
  -p 80:80 -p 443:443 --log-driver journald \
- rancher/rancher:v2.7.9 --no-cacerts
+ rancher/rancher:v2.a.b --no-cacerts
 ```
@@ Line 44: / Line 54: @@
 [Unit]
 Description=Rancher Management Server
-After=heketi.service
-Wants=heketi.service
 [Service]
@@ Line 67: / Line 74: @@
 _Note:_ `sudo podman stop rancher` will result in an immediate restart. Use `sudo systemctl stop rancher` instead
+Check the certbot timer
+```bash
+# watch
+journalctl -f
+# in another terminal
+sudo certbot renew --standalone --dry-run
+# This should stop and restart rancher
+sudo systemctl enable --now certbot-renew.timer
+```
 ## Upgrading to a new Rancher version
@@ Line 109: / Line 125: @@
 ```bash
 sudo podman create --name rancher-2-a-b \
-  -e HTTP_PROXY="http://192.168.1.250:8080" \
+ -v /etc/letsencrypt/live/rancher.machine-deck.jeffries-tube.at/fullchain.pem:/etc/rancher/ssl/cert.pem \
-  -e HTTPS_PROXY="http://192.168.1.250:8080" \
+ -v /etc/letsencrypt/live/rancher.machine-deck.jeffries-tube.at/privkey.pem:/etc/rancher/ssl/key.pem \
-  -e NO_PROXY="localhost,127.0.0.1,0.0.0.0,10.0.0.0/8,cattle-system.svc,.svc,.cluster.local,192.168.1.0/24" \
+ -e HTTP_PROXY="http://192.168.1.250:8080" \
-  -e no_proxy="localhost,127.0.0.1,0.0.0.0,10.0.0.0/8,cattle-system.svc,.svc,.cluster.local,192.168.1.0/24" \
+ -e HTTPS_PROXY="http://192.168.1.250:8080" \
-  --privileged \
+ -e NO_PROXY="localhost,127.0.0.1,0.0.0.0,10.0.0.0/8,cattle-system.svc,.svc,.cluster.local,192.168.1.0/24" \
-  -p 80:80 -p 443:443 --log-driver journald rancher/rancher:v2.a.b --acme-domain rancher.machine-deck.jeffries-tube.at
+ -e no_proxy="localhost,127.0.0.1,0.0.0.0,10.0.0.0/8,cattle-system.svc,.svc,.cluster.local,192.168.1.0/24" \
+ --privileged \
+ -p 80:80 -p 443:443 --log-driver journald \
+ rancher/rancher:v2.a.b --no-cacerts
 ```
 Now restore the backup of the entire configuration into the new container