HomeInfra/HetznerTerra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add Rancher management UI
All checks were successful
Deploy Cluster / Terraform (push) Successful in 2m13s
Details
Deploy Cluster / Ansible (push) Successful in 8m52s
Details

Browse Source
This commit is contained in:
MichaelFisher1997
2026-03-24 01:53:04 +00:00
parent 8745bcda47
commit 4ffbcfa312
8 changed files with 141 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
infrastructure/addons/rancher/helmrelease-rancher.yaml Normal file
View File

@@ -0,0 +1,45 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: rancher
namespace: flux-system
spec:
interval: 10m
targetNamespace: cattle-system
chart:
spec:
chart: rancher
version: "2.9.3"
sourceRef:
kind: HelmRepository
name: rancher-stable
namespace: flux-system
install:
createNamespace: true
remediation:
retries: 3
upgrade:
remediation:
retries: 3
values:
hostname: k8s-cluster-cp-1.silverside-gopher.ts.net
tls: external
replicas: 1
bootstrapPassword: password
extraEnv:
- name: CATTLE_PROMETHEUS_METRICS
value: "true"
resources:
requests:
cpu: 500m
memory: 512Mi
limits:
cpu: 1000m
memory: 1Gi
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: node-role.kubernetes.io/control-plane
operator: DoesNotExist

8
infrastructure/addons/rancher/helmrepository-rancher.yaml Normal file
View File

@@ -0,0 +1,8 @@
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: rancher-stable
namespace: flux-system
spec:
interval: 1h
url: https://releases.rancher.com/server-charts/stable

26
infrastructure/addons/rancher/ingress-rancher.yaml Normal file
View File

@@ -0,0 +1,26 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: rancher
namespace: cattle-system
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: rancher
traefik.ingress.kubernetes.io/router.tls: "true"
cert-manager.io/cluster-issuer: "selfsigned-cluster-issuer"
spec:
ingressClassName: traefik
rules:
- host: k8s-cluster-cp-1.silverside-gopher.ts.net
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: rancher
port:
number: 80
tls:
- hosts:
- k8s-cluster-cp-1.silverside-gopher.ts.net
secretName: rancher-tls

8
infrastructure/addons/rancher/kustomization.yaml Normal file
View File

@@ -0,0 +1,8 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- helmrepository-rancher.yaml
- helmrelease-rancher.yaml
- traefik-helmchartconfig-rancher-entrypoint.yaml
- ingress-rancher.yaml
- rancher-bootstrap-password-externalsecret.yaml

21
infrastructure/addons/rancher/rancher-bootstrap-password-externalsecret.yaml Normal file
View File

@@ -0,0 +1,21 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: rancher-bootstrap-password
namespace: cattle-system
spec:
refreshInterval: 1h
secretStoreRef:
name: doppler-hetznerterra
kind: ClusterSecretStore
target:
name: rancher-bootstrap-password
creationPolicy: Owner
template:
type: Opaque
data:
bootstrapPassword: "{{ .rancherBootstrapPassword }}"
data:
- secretKey: rancherBootstrapPassword
remoteRef:
key: RANCHER_BOOTSTRAP_PASSWORD

15
infrastructure/addons/rancher/traefik-helmchartconfig-rancher-entrypoint.yaml Normal file
View File

@@ -0,0 +1,15 @@
apiVersion: helm.cattle.io/v1
kind: HelmChartConfig
metadata:
name: traefik
namespace: kube-system
spec:
valuesContent: |-
additionalArguments:
- "--entryPoints.rancher.address=:9442/tcp"
ports:
rancher:
port: 9442
expose: true
exposedPort: 9442
protocol: TCP