micqdf
9c0523e880
Rancher installs were stalling on transient Docker Hub TLS handshake timeouts for rancher shell, webhook, and system-upgrade-controller images. Pre-pull the required images onto all nodes after k3s comes up, extend the Rancher HelmRelease timeout, and reset/force the Rancher HelmRelease before waiting on addon-rancher so bootstrap can recover from stale failed remediation state.
50 lines
1.1 KiB
YAML
50 lines
1.1 KiB
YAML
apiVersion: helm.toolkit.fluxcd.io/v2
|
|
kind: HelmRelease
|
|
metadata:
|
|
name: rancher
|
|
namespace: flux-system
|
|
spec:
|
|
interval: 10m
|
|
timeout: 15m
|
|
targetNamespace: cattle-system
|
|
chart:
|
|
spec:
|
|
chart: rancher
|
|
version: "2.13.3"
|
|
sourceRef:
|
|
kind: HelmRepository
|
|
name: rancher-stable
|
|
namespace: flux-system
|
|
install:
|
|
createNamespace: true
|
|
remediation:
|
|
retries: 3
|
|
upgrade:
|
|
remediation:
|
|
retries: 3
|
|
values:
|
|
hostname: rancher.silverside-gopher.ts.net
|
|
replicas: 1
|
|
extraEnv:
|
|
- name: CATTLE_PROMETHEUS_METRICS
|
|
value: "true"
|
|
resources:
|
|
requests:
|
|
cpu: 500m
|
|
memory: 512Mi
|
|
limits:
|
|
cpu: 1000m
|
|
memory: 1Gi
|
|
affinity:
|
|
nodeAffinity:
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
nodeSelectorTerms:
|
|
- matchExpressions:
|
|
- key: node-role.kubernetes.io/control-plane
|
|
operator: DoesNotExist
|
|
valuesFrom:
|
|
- kind: Secret
|
|
name: rancher-bootstrap-password
|
|
valuesKey: bootstrapPassword
|
|
targetPath: bootstrapPassword
|