| pingBackend() { | |
| BACKEND_NAME="$1" | |
| BACKEND_URL="$2" | |
| DETAIL=$(curl -sL -o /dev/null -w "code=%{response_code} time=%{time_total} error=%{errormsg}\n" "$BACKEND_URL") | |
| if [ $? -eq 0 ]; then | |
| RES=" OK " | |
| else | |
| RES="FAIL" | |
| fi | |
| echo "[${RES}][$BACKEND_NAME] $DETAIL" |
| export CRI_CONFIG_FILE=/var/lib/rancher/rke2/agent/etc/crictl.yaml | |
| export CONTAINERD_ADDRESS=unix:///run/k3s/containerd/containerd.sock | |
| export PATH=$PATH:/var/lib/rancher/rke2/bin | |
| echo "=== CHECK BEFORE ===" | |
| ( | |
| curl --cacert /var/lib/rancher/rke2/server/tls/kube-controller-manager/kube-controller-manager.crt \ | |
| https://127.0.0.1:10257/healthz >/dev/null 2>&1 \ | |
| && echo "[OK] Kube Controller probe" \ | |
| || echo "[FAIL] Kube Controller probe"; |
| function getdockerstat { | |
| for CTID in $@ | |
| do | |
| CTNAME=$(docker inspect $CTID|grep ' "Name"'|head -n 1 |awk '{print $2}'|tr -d '",') | |
| CTCONSO=$(docker stats --no-stream $CTID |tail -n 1|awk '{print $3" "$4}') | |
| echo "=======[ CT $CTID ($CTNAME) ]========" | |
| echo " Conso: $CTCONSO" | |
| docker inspect $CTID \ | |
| |grep ' "Source":'\ | |
| |awk '{print $2}'\ |
| - hosts: all | |
| become: yes | |
| tasks: | |
| # Install specified packages | |
| - name: Install specified packages | |
| ansible.builtin.package: | |
| name: "{{ item }}" | |
| state: present | |
| loop: |
Registering Rancher managed clusters in Argo CD doesn't work out of the box unless the Authorized Cluster Endpoint is used. Many users will prefer an integration of Argo CD via the central Rancher authentication proxy (which shares the network endpoint of the Rancher API/GUI). So let's find out why registering clusters via Rancher auth proxy fails and how to make it work.
Hint: If you are just looking for the solution scroll to the bottom of this page.
| #!/bin/bash | |
| function failure { echo $@ >&2; exit 1; } | |
| RANCHER_NAMESPACE=${RANCHER_NAMESPACE:-cattle-system} | |
| RANCHER_RELEASE_NAME=${RANCHER_RELEASE_NAME:-rancher} | |
| # Pre-Flight checks | |
| echo "ok"|sed -r "s/^(ok)/yes/"|grep yes >/dev/null \ | |
| && echo "Preflight test : sed ok" \ | |
| || failure "Your sed does not support extended regexp, more info at https://github.com/rancher/rancher/issues/35319#issuecomment-1173825923" |
| helm repo add bitnami https://charts.bitnami.com/bitnami | |
| kubectl create ns cert-manager | |
| helm upgrade --install -n cert-manager cert-manager bitnami/cert-manager \ | |
| --set global.cattle.url=https://rancher.lp.ibd.sh \ | |
| --set installCRDs=true | |
| kubectl apply -f - <<EOF | |
| apiVersion: cert-manager.io/v1 | |
| kind: ClusterIssuer |
| #==================================================== | |
| # ____ | |
| # / ___|___ _ __ ___ _ __ ___ ___ _ __ | |
| # | | / _ \| '_ ` _ \| '_ ` _ \ / _ \| '_ \ | |
| # | |__| (_) | | | | | | | | | | | (_) | | | | | |
| # \____\___/|_| |_| |_|_| |_| |_|\___/|_| |_| | |
| # | |
| #==================================================== |
| FROM busybox:latest AS bootstrap | |
| ENV OSURL=https://dl-cdn.alpinelinux.org/alpine/v3.15/releases/x86_64/alpine-minirootfs-3.15.0-x86_64.tar.gz | |
| RUN wget ${OSURL} -O /$(basename ${OSURL}) \ | |
| && mkdir /bootstrap \ | |
| && cd /bootstrap \ | |
| && tar -xf /$(basename ${OSURL}) | |
| #=== Build base container ========================= | |
| FROM scratch | |
| COPY --from=bootstrap /bootstrap/ / |
| useradd -m -s /bin/bash ibeaute | |
| mkdir -p /home/ibeaute/.ssh | |
| echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIC9AfLHFPpXiVkOy1Qe2oL41AUrcrSAEHNJm67x0jHe ivan@fabrique-it.fr" > /home/ibeaute/.ssh/authorized_keys | |
| chmod 700 /home/ibeaute/.ssh/authorized_keys | |
| chown -R ibeaute:ibeaute /home/ibeaute/ | |
| echo "ibeaute ALL = (ALL) NOPASSWD: ALL" >> /etc/sudoers |