https://rancher.com/ logo
Title
k

kind-air-74358

07/07/2022, 8:48 AM
Hi, I am deploying Rancher on a Kubernetes cluster following this guide. To configure SSL, I have to install cert-manager. Is it possible to install cert-manager after installing Rancher, but still using Let’s Encrypt for provisioning a valid certificate)? A little background; We want to use Terraform to deploy Rancher, cert-manager and monitoring. When we have to install cert-manager before Rancher I will use the Helm chart as described in the guide. Next installing Rancher and adding the Rancher App ‘Monitoring’ (conditional). Next I want to update cert-manager to deploy a ServiceMonitor (which can be done via upgrading the existing Helm Release). I can’t configure cert-manager at first as the CRD for ServiceMonitor is not yet available. So my idea was actually to deploy first Rancher, then Monitoring (via Apps) and last cert-manager (via Apps instead directly via Helm).
a

agreeable-oil-87482

07/07/2022, 8:57 AM
Could the terraform process be:
Deploy k8s cluster -> Install Monitoring chart -> Install cert manager -> Install Rancher
?
k

kind-air-74358

07/07/2022, 9:08 AM
That could be possible indeed, but I prefer to use Rancher Apps for all charts instead of managing some charts via Helm and others via Rancher Apps
a

agreeable-oil-87482

07/07/2022, 9:10 AM
End result should be the same
k

kind-air-74358

07/07/2022, 9:11 AM
True, but when I want to update / reconfigure one of those charts using just a single resource type would be easier 🙂
And agree I can deal with it this way, but was just wondering if I could just use Rancher Apps and not using Helm resources in Terraform
a

agreeable-oil-87482

07/07/2022, 9:13 AM
Rancher apps is basically just helm
But I guess in this context you're talking about terraform resources?
k

kind-air-74358

07/07/2022, 9:13 AM
I know, but from a Terraform point of view it are two different resources (using two different providers)
a

agreeable-oil-87482

07/07/2022, 9:13 AM
Got it, that's fair
k

kind-air-74358

07/07/2022, 9:14 AM
So as a workaround I can use terraform import and terraform state rm to ‘move’ helm resources to rancher app resources
a

agreeable-oil-87482

07/07/2022, 9:15 AM
You could supply your own (temporary) secret/cert for Rancher for the initial install, then upgrade the Rancher install afterwards to leverage cert-manager and LE
1
k

kind-air-74358

07/07/2022, 9:19 AM
Ah indeed, that could work. Will give that a try. Thank you!