-
Notifications
You must be signed in to change notification settings - Fork 16
Home
Ansible playbook to create a 3 node HA Rancher Kubernetes Cluster. This is based on Rancher's reference architecture. This assumes you've got an external load balancer handling SSL termination, the default IP is already set on each VM, and this is running on Ubuntu 20.04.
This will deploy a Rancher with a trusted internal CA, and enable full end-to-end HTTPS for all Rancher communication and management. If you're using a public CA trusted by Ubuntu 20.04 by default, you can remove the CA Certs parts in the Common role and the Kubernetes/Rancher roles. Regrettably, even if the host system trusts your CA, the Rancher docker container will not. See the other requirements section below for more info about certificate requirements.
The UFW setup is overly tiresome due to THIS happening with all changes, not just disable, which is due to THIS underlying issue in UFW.
I'm including the common role because these settings are applied to my base image, and I've not tested this setup at all without them. YMMV.