:wave: all. I'm setting up Rancher Manager using t...
# generalc
crooked-salesmen-94179
10/30/2023, 10:05 PM👋 all. I'm setting up Rancher Manager using the docs here. Using Pulumi Python on an EKS cluster which has cert-manger and traefik installed. I've got the following values set :
Copy code
"ingress" : {
"enabled" : "true",
"tls" : {
"source" : "letsEncrypt"
},
"extraAnnotations": {
"<http://traefik.ingress.kubernetes.io/ingress.class|traefik.ingress.kubernetes.io/ingress.class>" : "traefik",
"<http://traefik.ingress.kubernetes.io/router.entrypoints|traefik.ingress.kubernetes.io/router.entrypoints>" : "websecure",
"<http://traefik.ingress.kubernetes.io/router.tls|traefik.ingress.kubernetes.io/router.tls>" : "true",
"<http://cert-manager.io/cluster-issuer|cert-manager.io/cluster-issuer>" : "letsencrypt-production",
"<http://cert-manager.io/issuer-kind|cert-manager.io/issuer-kind>" : "ClusterIssuer",
},
},
"tls" : "ingress",
"letsEncrypt" : {
"email" : self.acmeEmail,
"environment" : "production",
"ingress" : {
"class" : "traefik"
}
}, Copy code
USER-SUPPLIED VALUES:
bootstrapPassword: pwrd
hostname: <http://rancher.example.com|rancher.example.com> #edited
ingress:
enabled: "true"
extraAnnotations:
<http://cert-manager.io/cluster-issuer|cert-manager.io/cluster-issuer>: letsencrypt-production
<http://cert-manager.io/issuer-kind|cert-manager.io/issuer-kind>: ClusterIssuer
<http://traefik.ingress.kubernetes.io/ingress.class|traefik.ingress.kubernetes.io/ingress.class>: traefik
<http://traefik.ingress.kubernetes.io/router.entrypoints|traefik.ingress.kubernetes.io/router.entrypoints>: websecure
<http://traefik.ingress.kubernetes.io/router.tls|traefik.ingress.kubernetes.io/router.tls>: "true"
tls:
source: letsEncrypt
letsEncrypt:
email: <mailto:noreply@example.com|noreply@example.com>
environment: production
ingress:
class: traefik
tls: ingressYour connection isn't privateAttackers might be trying to steal your information from <http://rancher.example.com|rancher.example.com> (for example, passwords, messages or credit cards).NET::ERR_CERT_AUTHORITY_INVALIDSubject: TRAEFIK DEFAULT CERTIssuer: TRAEFIK DEFAULT CERT Copy code
apiVersion: <http://networking.k8s.io/v1|networking.k8s.io/v1>
kind: Ingress
metadata:
annotations:
<http://cert-manager.io/cluster-issuer|cert-manager.io/cluster-issuer>: letsencrypt-production
<http://cert-manager.io/issuer|cert-manager.io/issuer>: rancher
<http://cert-manager.io/issuer-kind|cert-manager.io/issuer-kind>: ClusterIssuer
<http://field.cattle.io/publicEndpoints|field.cattle.io/publicEndpoints>: '[{"addresses":[""],"port":443,"protocol":"HTTPS","serviceName":"cattle-system:rancher","ingressName":"cattle-system:rancher","hostname":"<http://rancher.example.com|rancher.example.com>","path":"/","allNodes":false}]'
<http://meta.helm.sh/release-name|meta.helm.sh/release-name>: rancher
<http://meta.helm.sh/release-namespace|meta.helm.sh/release-namespace>: cattle-system
<http://nginx.ingress.kubernetes.io/proxy-connect-timeout|nginx.ingress.kubernetes.io/proxy-connect-timeout>: "30"
<http://nginx.ingress.kubernetes.io/proxy-read-timeout|nginx.ingress.kubernetes.io/proxy-read-timeout>: "1800"
<http://nginx.ingress.kubernetes.io/proxy-send-timeout|nginx.ingress.kubernetes.io/proxy-send-timeout>: "1800"
<http://traefik.ingress.kubernetes.io/ingress.class|traefik.ingress.kubernetes.io/ingress.class>: traefik
<http://traefik.ingress.kubernetes.io/router.entrypoints|traefik.ingress.kubernetes.io/router.entrypoints>: websecure
<http://traefik.ingress.kubernetes.io/router.tls|traefik.ingress.kubernetes.io/router.tls>: "true"