From 4ffbcfa3128623e064a4a358f7b1f5ba284d8869 Mon Sep 17 00:00:00 2001 From: MichaelFisher1997 Date: Tue, 24 Mar 2026 01:53:04 +0000 Subject: [PATCH] Add Rancher management UI --- .../addons/kustomization-rancher.yaml | 17 +++++++ infrastructure/addons/kustomization.yaml | 1 + .../addons/rancher/helmrelease-rancher.yaml | 45 +++++++++++++++++++ .../rancher/helmrepository-rancher.yaml | 8 ++++ .../addons/rancher/ingress-rancher.yaml | 26 +++++++++++ .../addons/rancher/kustomization.yaml | 8 ++++ ...her-bootstrap-password-externalsecret.yaml | 21 +++++++++ ...ik-helmchartconfig-rancher-entrypoint.yaml | 15 +++++++ 8 files changed, 141 insertions(+) create mode 100644 infrastructure/addons/kustomization-rancher.yaml create mode 100644 infrastructure/addons/rancher/helmrelease-rancher.yaml create mode 100644 infrastructure/addons/rancher/helmrepository-rancher.yaml create mode 100644 infrastructure/addons/rancher/ingress-rancher.yaml create mode 100644 infrastructure/addons/rancher/kustomization.yaml create mode 100644 infrastructure/addons/rancher/rancher-bootstrap-password-externalsecret.yaml create mode 100644 infrastructure/addons/rancher/traefik-helmchartconfig-rancher-entrypoint.yaml diff --git a/infrastructure/addons/kustomization-rancher.yaml b/infrastructure/addons/kustomization-rancher.yaml new file mode 100644 index 0000000..c707201 --- /dev/null +++ b/infrastructure/addons/kustomization-rancher.yaml @@ -0,0 +1,17 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: addon-rancher + namespace: flux-system +spec: + interval: 10m + prune: true + sourceRef: + kind: GitRepository + name: platform + path: ./infrastructure/addons/rancher + wait: true + timeout: 15m + suspend: false + dependsOn: + - name: addon-tailscale-operator diff --git a/infrastructure/addons/kustomization.yaml b/infrastructure/addons/kustomization.yaml index 29a8970..a7aaabe 100644 --- a/infrastructure/addons/kustomization.yaml +++ b/infrastructure/addons/kustomization.yaml @@ -9,3 +9,4 @@ resources: - kustomization-tailscale-proxyclass.yaml - kustomization-observability.yaml - kustomization-observability-content.yaml + - kustomization-rancher.yaml diff --git a/infrastructure/addons/rancher/helmrelease-rancher.yaml b/infrastructure/addons/rancher/helmrelease-rancher.yaml new file mode 100644 index 0000000..d748025 --- /dev/null +++ b/infrastructure/addons/rancher/helmrelease-rancher.yaml @@ -0,0 +1,45 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: rancher + namespace: flux-system +spec: + interval: 10m + targetNamespace: cattle-system + chart: + spec: + chart: rancher + version: "2.9.3" + sourceRef: + kind: HelmRepository + name: rancher-stable + namespace: flux-system + install: + createNamespace: true + remediation: + retries: 3 + upgrade: + remediation: + retries: 3 + values: + hostname: k8s-cluster-cp-1.silverside-gopher.ts.net + tls: external + replicas: 1 + bootstrapPassword: password + extraEnv: + - name: CATTLE_PROMETHEUS_METRICS + value: "true" + resources: + requests: + cpu: 500m + memory: 512Mi + limits: + cpu: 1000m + memory: 1Gi + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: node-role.kubernetes.io/control-plane + operator: DoesNotExist diff --git a/infrastructure/addons/rancher/helmrepository-rancher.yaml b/infrastructure/addons/rancher/helmrepository-rancher.yaml new file mode 100644 index 0000000..2d88e15 --- /dev/null +++ b/infrastructure/addons/rancher/helmrepository-rancher.yaml @@ -0,0 +1,8 @@ +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: rancher-stable + namespace: flux-system +spec: + interval: 1h + url: https://releases.rancher.com/server-charts/stable diff --git a/infrastructure/addons/rancher/ingress-rancher.yaml b/infrastructure/addons/rancher/ingress-rancher.yaml new file mode 100644 index 0000000..96833c2 --- /dev/null +++ b/infrastructure/addons/rancher/ingress-rancher.yaml @@ -0,0 +1,26 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: rancher + namespace: cattle-system + annotations: + traefik.ingress.kubernetes.io/router.entrypoints: rancher + traefik.ingress.kubernetes.io/router.tls: "true" + cert-manager.io/cluster-issuer: "selfsigned-cluster-issuer" +spec: + ingressClassName: traefik + rules: + - host: k8s-cluster-cp-1.silverside-gopher.ts.net + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: rancher + port: + number: 80 + tls: + - hosts: + - k8s-cluster-cp-1.silverside-gopher.ts.net + secretName: rancher-tls diff --git a/infrastructure/addons/rancher/kustomization.yaml b/infrastructure/addons/rancher/kustomization.yaml new file mode 100644 index 0000000..78a86fc --- /dev/null +++ b/infrastructure/addons/rancher/kustomization.yaml @@ -0,0 +1,8 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - helmrepository-rancher.yaml + - helmrelease-rancher.yaml + - traefik-helmchartconfig-rancher-entrypoint.yaml + - ingress-rancher.yaml + - rancher-bootstrap-password-externalsecret.yaml diff --git a/infrastructure/addons/rancher/rancher-bootstrap-password-externalsecret.yaml b/infrastructure/addons/rancher/rancher-bootstrap-password-externalsecret.yaml new file mode 100644 index 0000000..feef17a --- /dev/null +++ b/infrastructure/addons/rancher/rancher-bootstrap-password-externalsecret.yaml @@ -0,0 +1,21 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: rancher-bootstrap-password + namespace: cattle-system +spec: + refreshInterval: 1h + secretStoreRef: + name: doppler-hetznerterra + kind: ClusterSecretStore + target: + name: rancher-bootstrap-password + creationPolicy: Owner + template: + type: Opaque + data: + bootstrapPassword: "{{ .rancherBootstrapPassword }}" + data: + - secretKey: rancherBootstrapPassword + remoteRef: + key: RANCHER_BOOTSTRAP_PASSWORD diff --git a/infrastructure/addons/rancher/traefik-helmchartconfig-rancher-entrypoint.yaml b/infrastructure/addons/rancher/traefik-helmchartconfig-rancher-entrypoint.yaml new file mode 100644 index 0000000..210dcab --- /dev/null +++ b/infrastructure/addons/rancher/traefik-helmchartconfig-rancher-entrypoint.yaml @@ -0,0 +1,15 @@ +apiVersion: helm.cattle.io/v1 +kind: HelmChartConfig +metadata: + name: traefik + namespace: kube-system +spec: + valuesContent: |- + additionalArguments: + - "--entryPoints.rancher.address=:9442/tcp" + ports: + rancher: + port: 9442 + expose: true + exposedPort: 9442 + protocol: TCP