Channels
extensions
rancher-extensions
supermicro-sixsq
ozt
os
one-point-x
rio
onlinemeetup
v16-v21-migration
events
onlinetraining
training-1220
training-0110
training-0124
k3s-contributor
submariner
storage
k3os
windows
ci-cd
theranchcast
rfed_ara
nederlands
ukranian
danish
training-0131
masterclass
training-0207
training-0214
terraform-controller
epinio
phillydotnet
swarm
rancher-wrangler
deutsch
russian
chinese
mesos
français
japanese
arm
longhorn-dev
terraform-provider-rke
service-mesh
azure
gcp
academy
random
elemental
espanol
lima
harvester-dev
portugues
kubernetes
kim
hypper
kubewarden
opni
logging
neuvector-security
rancher-setup
developer
office-hours
mexico
cabpr
rke
vsphere
longhorn-storage
k3s
k3d
terraform-provider-rancher2
fleet
amazon
harvester
rke2
s3gw
hobbyfarm
rancher-desktop
general
Title
q
quiet-cpu-11420
10/11/2022, 2:00 PMHas anyone been able to manage Rancher project/user/user RBAC resources with a standard K8S CD tool like ArgoCD, Spinnaker, Flux CD? Seems like there's a disconnect here when it comes to Rancher, as things have to now go through API calls to Rancher itself, and not K8S CRDs. Curious if anybody solved this issue in a uniform way. Trying to manage a bunch of clusters and now having to write CRUD operations to handle it (or use the Rancher CLI) goes away from the K8S declarative approach and is getting VERY hairy.
➕ 2
👀 1
s
sparse-fireman-14239
10/11/2022, 6:37 PMSame issue - seriously thinking about ditching Rancher as we don't feel it adds much value besides tying the various monitoring UIs nicely together, but that's very much a nice-to-have feature rather than important.
💯 1
q
quiet-cpu-11420
10/11/2022, 10:25 PMYeah just trying to get everything to work together in a seamless way, I keep thinking I'm missing something because things just rapidly seem to fall apart the second things scale out or need ongoing maintenance work. Glad to see others having similar struggles, at least I'm not 100% crazy. Having to use external REST API calls for anything that "manages" Kubernetes resources just doesn't make any sense to me, it's like we're going backwards to go forwards.
CAPI now going GA handles provisioning pretty seamlessly (at least for vSphere, but if VMware works, I have faith that the other big 3 cloud providers would be even more mature). Everything is, as you expect, just a CRD. The quick-start was phenomenal and cluster setup time maybe took 30 minutes the first time through. I suppose the dashboard is pretty nice for investigative graphical work, but even something like K8S dashboard can get you most of the way there; or just a standard desktop app like Lens.
Centralized auth is the next piece but dex/keycloak and something like kubelogin would do the trick imo, then we can just roll it out with ArgoCD ApplicationSets across all clusters 🤷♂️
b
best-accountant-61831
10/13/2022, 1:31 PMI'm very new to this approach. I have no idea what the copntext is of neding to do things via the API instead of applying a CRD based manifest? What are the issues happening here?