gregkeys/gist:3a8a9820b7ba45b59c2ae91e1c2557ee

## gistfile1.txt
# default k8s version: v1.8.9-rancher1-1
# default network plugin: flannel
nodes:
  - address: 1.1.1.1
    user: rancher
    role: [controlplane,etcd,worker]
    ssh_key_path: ~/.ssh/id_rsa.pem
  - address: 1.1.1.2
    user: rancher
    role: [controlplane,etcd,worker]
    ssh_key_path: ~/.ssh/id_rsa.pem
  - address: 1.1.1.3
    user: rancher
    role: [controlplane,etcd,worker]
    ssh_key_path: ~/.ssh/id_rsa.pem

ingress:
  provider: nginx
  extra_args:
    enable-ssl-passthrough: ""

addons: |-
  ---
  kind: Namespace
  apiVersion: v1
  metadata:
    name: cattle-system
  ---
  kind: ServiceAccount
  apiVersion: v1
  metadata:
    name: cattle-admin
    namespace: cattle-system
  ---
  kind: ClusterRoleBinding
  apiVersion: rbac.authorization.k8s.io/v1
  metadata:
    name: cattle-crb
    namespace: cattle-system
  subjects:
  - kind: ServiceAccount
    name: cattle-admin
    namespace: cattle-system
  roleRef:
    kind: ClusterRole
    name: cluster-admin
    apiGroup: rbac.authorization.k8s.io
  ---
  apiVersion: v1
  kind: Service
  metadata:
    namespace: cattle-system
    name: cattle-service
    labels:
      app: cattle
  spec:
    ports:
    - port: 80
      targetPort: 80
      protocol: TCP
      name: http
    - port: 443
      targetPort: 443
      protocol: TCP
      name: https
    selector:
      app: cattle
  ---
  apiVersion: extensions/v1beta1
  kind: Ingress
  metadata:
    namespace: cattle-system
    name: cattle-ingress-http
    annotations:
      nginx.ingress.kubernetes.io/proxy-connect-timeout: "30"
      nginx.ingress.kubernetes.io/proxy-read-timeout: "1800"   # Max time in seconds for ws to remain shell window open
      nginx.ingress.kubernetes.io/proxy-send-timeout: "1800"   # Max time in seconds for ws to remain shell window open
      nginx.ingress.kubernetes.io/ssl-passthrough: "true"      # Enable ssl-passthrough to backend.
      nginx.ingress.kubernetes.io/force-ssl-redirect: "true"   # Force redirect to ssl.
  spec:
    rules:
    - host: example.com
      http:
        paths:
        - backend:
            serviceName: cattle-service
            servicePort: 443
  ---
  kind: Deployment
  apiVersion: extensions/v1beta1
  metadata:
    namespace: cattle-system
    name: cattle
  spec:
    replicas: 1
    template:
      metadata:
        labels:
          app: cattle
      spec:
        serviceAccountName: cattle-admin
        containers:
        - image: rancher/rancher:master
          command: ["rancher"]
          args: [
            " --http-listen-port=80",
            " --https-listen-port=443",
            " --acme-domain=my.example.com"
          ]
          imagePullPolicy: Always
          name: cattle-server
          ports:
          - containerPort: 80
            protocol: TCP
          - containerPort: 443
            protocol: TCP
	# default k8s version: v1.8.9-rancher1-1
	# default network plugin: flannel
	nodes:
	- address: 1.1.1.1
	user: rancher
	role: [controlplane,etcd,worker]
	ssh_key_path: ~/.ssh/id_rsa.pem
	- address: 1.1.1.2
	user: rancher
	role: [controlplane,etcd,worker]
	ssh_key_path: ~/.ssh/id_rsa.pem
	- address: 1.1.1.3
	user: rancher
	role: [controlplane,etcd,worker]
	ssh_key_path: ~/.ssh/id_rsa.pem

	ingress:
	provider: nginx
	extra_args:
	enable-ssl-passthrough: ""

	addons: \|-
	---
	kind: Namespace
	apiVersion: v1
	metadata:
	name: cattle-system
	---
	kind: ServiceAccount
	apiVersion: v1
	metadata:
	name: cattle-admin
	namespace: cattle-system
	---
	kind: ClusterRoleBinding
	apiVersion: rbac.authorization.k8s.io/v1
	metadata:
	name: cattle-crb
	namespace: cattle-system
	subjects:
	- kind: ServiceAccount
	name: cattle-admin
	namespace: cattle-system
	roleRef:
	kind: ClusterRole
	name: cluster-admin
	apiGroup: rbac.authorization.k8s.io
	---
	apiVersion: v1
	kind: Service
	metadata:
	namespace: cattle-system
	name: cattle-service
	labels:
	app: cattle
	spec:
	ports:
	- port: 80
	targetPort: 80
	protocol: TCP
	name: http
	- port: 443
	targetPort: 443
	protocol: TCP
	name: https
	selector:
	app: cattle
	---
	apiVersion: extensions/v1beta1
	kind: Ingress
	metadata:
	namespace: cattle-system
	name: cattle-ingress-http
	annotations:
	nginx.ingress.kubernetes.io/proxy-connect-timeout: "30"
	nginx.ingress.kubernetes.io/proxy-read-timeout: "1800" # Max time in seconds for ws to remain shell window open
	nginx.ingress.kubernetes.io/proxy-send-timeout: "1800" # Max time in seconds for ws to remain shell window open
	nginx.ingress.kubernetes.io/ssl-passthrough: "true" # Enable ssl-passthrough to backend.
	nginx.ingress.kubernetes.io/force-ssl-redirect: "true" # Force redirect to ssl.
	spec:
	rules:
	- host: example.com
	http:
	paths:
	- backend:
	serviceName: cattle-service
	servicePort: 443
	---
	kind: Deployment
	apiVersion: extensions/v1beta1
	metadata:
	namespace: cattle-system
	name: cattle
	spec:
	replicas: 1
	template:
	metadata:
	labels:
	app: cattle
	spec:
	serviceAccountName: cattle-admin
	containers:
	- image: rancher/rancher:master
	command: ["rancher"]
	args: [
	" --http-listen-port=80",
	" --https-listen-port=443",
	" --acme-domain=my.example.com"
	]
	imagePullPolicy: Always
	name: cattle-server
	ports:
	- containerPort: 80
	protocol: TCP
	- containerPort: 443
	protocol: TCP