# Rancher 使用 Let's Encrypt 部屬 * 注意: rancher 需開啟 80 & 443 port ## 安裝 rke2 ``` $ curl -sfL https://get.rke2.io --output install.sh && chmod +x install.sh ``` ``` $ sudo mkdir -p /etc/rancher/rke2/ && \ cat <<EOF | sudo tee /etc/rancher/rke2/config.yaml node-name: - "susetw" token: my-shared-secret EOF ``` ``` $ sudo INSTALL_RKE2_CHANNEL=v1.26.12+rke2r1 ./install.sh && \ export PATH=$PATH:/opt/rke2/bin && \ sudo systemctl enable rke2-server --now ``` ``` $ mkdir -p $HOME/.kube && sudo cp /etc/rancher/rke2/rke2.yaml $HOME/.kube/config && sudo chown $(id -u):$(id -g) $HOME/.kube/config && sudo cp /var/lib/rancher/rke2/bin/kubectl /usr/local/bin/ && \ kubectl get po -A ``` ## 安裝 helm 與 cert-manager CRD ``` $ curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash && \ helm repo add rancher-prime https://charts.rancher.com/server-charts/prime && \ kubectl create ns cattle-system && \ kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.11.0/cert-manager.crds.yaml ``` ## 安裝 cert-manager ``` $ helm repo add jetstack https://charts.jetstack.io && \ helm repo update && \ helm install cert-manager jetstack/cert-manager \ --namespace cert-manager \ --create-namespace \ --version v1.11.0 && \ kubectl get pods -n cert-manager ``` ## 安裝 rancher ``` * 註冊的 domain 是要在外部可以解析到的 $ host letsenc.cooloo9871.com letsenc.cooloo9871.com has address 192.168.11.130 # 需要設定有效 email $ helm install rancher rancher-prime/rancher \ --namespace cattle-system \ --create-namespace \ --set hostname=letsenc.cooloo9871.com \ --set ingress.tls.source=letsEncrypt \ --set letsEncrypt.email=example@suse.com \ --set replicas=1 \ --set bootstrapPassword=rancheradmin \ --version 2.8.2 ``` ``` $ watch -n 1 kubectl -n cattle-system get po ```