单机部署k3s和rancher 使用本地自签证书

部署k3sh2

这部分文档官网非常详尽 https://docs.rancher.cn/docs/k3s/installation/airgap/_index/

部署rancherh2

如何自签证书, 我有写文章, 站内搜索自建CA使用SAN签发证书

配置helmh3

helm repo add rancher-latest https://releases.rancher.com/server-charts/latest
helm repo update

创建证书h3

kubectl create namespace cattle-system
kubectl create secret tls tls-rancher-ingress --cert=domain.dev.crt \
 --key=domain.dev.key -n cattle-system
kubectl -n cattle-system create secret generic tls-ca   --from-file=cacerts.pem

部署rancherh3

把helm pull下来, 然后解压, 使用本地的安装, 方便维护

helm  pull rancher-latest/rancher
tar -xf  rancher-2.10.3.tgz
# systemDefaultRegistry:

helm install   rancher ./  \
  --namespace cattle-system \
  --set hostname=rancher.domain.dev \
  --set bootstrapPassword=domain \
  --set ingress.tls.source=secret \
  --set privateCA=true

私有镜像仓库配置参考 https://docs.rancher.cn/docs/k3s/installation/private-registry/_index

mirrors:
  docker.io:
    endpoint:
      - "https://harbor.com"
configs:
  "harbor.com:443":
    auth:
      username: domain
      password: "Aa123123"
    tls:
      cert_file: /opt/certs.d/harbor.com/harbor.com.cert
      key_file:  /opt/certs.d/harbor.com/harbor.com.key
      ca_file:   /opt/certs.d/harbor.com/ca.crt