more chart updates

rancherfederal · Nov 22, 2023 · 658b587 · 658b587
1 parent b163159
commit 658b587
Show file tree

Hide file tree

Showing 2 changed files with 37 additions and 26 deletions.
diff --git a/charts/cluster-templates/README.md b/charts/cluster-templates/README.md
@@ -24,17 +24,17 @@ Verified and Tested:
 
 ```bash
 helm repo add cluster-templates https://rancherfederal.github.io/rancher-cluster-templates
-helm install cluster cluster-templates/rancher-cluster-templates -n fleet-default -f values.yaml
+helm upgrade -i cluster cluster-templates/rancher-cluster-templates -n fleet-default -f values.yaml
 ```
 
 ```bash
-helm status -n
+helm status cluster -n fleet-default
 ```
 
 ## Uninstalling the Chart
 
 ```bash
-helm uninstall -n
+helm delete cluster -n fleet-default
 ```
 
 ## Example Configurations

diff --git a/examples/aws/values-aws.yaml b/examples/aws/values-aws.yaml
@@ -3,10 +3,13 @@ cloudCredentialSecretName: cattle-global-data:cc-rqcgw # required: replace with
 cluster:
   annotations: {}
   labels:
-    cluster_name: rke2-aws
-  name: rke2-aws
+    cluster_name: aws-rke2-cluster
+  name: aws-rke2-cluster
 kubernetesVersion: v1.25.15+rke2r2
 cni: canal
+system_default_registry: docker.io
+monitoring:
+  enabled: false
 rke:
   localClusterAuthEndpoint:
     enabled: false
@@ -44,19 +47,19 @@ nodepools:
   worker: false
   labels: {}
   taints: {}
-  quantity: 3
+  quantity: 1
   paused: false
-  name: control-planes
-  ami: ami-0fc5d935ebf8bc3bc # optional: replace with your ami
+  name: control-plane-nodes
+  ami: ami-09c77dc92e45bc3ea # optional: replace with your ami
   deviceName: /dev/sda1
   encryptEbsVolume: false
   endpoint: ""
-  iamInstanceProfile: aws-rgs-rke2-iam-profile-control # required: replace with your iam instance profile
+  iamInstanceProfile: "" # required: replace with your iam instance profile
   insecureTransport: false
   instanceType: m5.xlarge
   region: us-east-1
-  createSecurityGroup: true
-  securityGroups: []
+  createSecurityGroup: false
+  securityGroups: ["aws-rgs-rke2-sg"] # required: replace with your security group
   keypairName: ""
   securityGroupReadonly: false
   sshKeyContents: ""
@@ -71,15 +74,15 @@ nodepools:
   tags: provisioner,rancher,KeepRunning,true
   retries: 5
   rootSize: 32
-  sshUser: ubuntu
+  sshUser: rocky
   volumeType: gp3
   vpcId: vpc-0126d1d91f8d8dbc0 # required: replace with your vpc
   useEbsOptimizedInstance: false
   usePrivateAddress: true
   userdata: |
     #cloud-config
     write_files:
-    - path: /etc/sysctl.d/60-rke2-cis.conf
+    - path: /etc/sysctl.conf
       owner: root
       content: |
         vm.swappiness=0
@@ -181,28 +184,32 @@ nodepools:
                             security-scan,
                             tigera-operator]
     runcmd:
-    - useradd -r -c "etcd user" -s /sbin/nologin -M etcd -U
-    - systemctl restart systemd-sysctl
-    - apt update
+    - sudo sysctl -p > /dev/null 2>&1
+    - sudo yum install -y iptables container-selinux iptables libnetfilter_conntrack libnfnetlink libnftnl policycoreutils-python-utils cryptsetup nfs-utils iscsi-initiator-utils zip zstd tree jq
+    - sudo echo "InitiatorName=$(/sbin/iscsi-iname)" > /etc/iscsi/initiatorname.iscsi && systemctl enable --now iscsid
+    - sudo systemctl stop firewalld; systemctl disable firewalld; systemctl stop nm-cloud-setup; systemctl disable nm-cloud-setup; systemctl stop nm-cloud-setup.timer; systemctl disable nm-cloud-setup.timer
+    - sudo echo -e "[keyfile]\nunmanaged-devices=interface-name:cali*;interface-name:flannel*" > /etc/NetworkManager/conf.d/rke2-canal.conf
+    - sudo mkdir -p /opt/rke2-artifacts/ /etc/rancher/rke2/ /var/lib/rancher/rke2/server/manifests/
+    - sudo useradd -r -c "etcd user" -s /sbin/nologin -M etcd -U
   zone: a
 - etcd: false
   controlplane: false
   worker: true
   labels: {}
   taints: {}
-  quantity: 4
+  quantity: 1
   paused: false
-  name: workers
-  ami: ami-0fc5d935ebf8bc3bc # optional: replace with your ami
+  name: worker-nodes
+  ami: ami-09c77dc92e45bc3ea # optional: replace with your ami
   deviceName: /dev/sda1
   encryptEbsVolume: false
   endpoint: ""
-  iamInstanceProfile: aws-rgs-rke2-iam-profile-worker # required: replace with your iam instance profile
+  iamInstanceProfile: "" # required: replace with your iam instance profile
   insecureTransport: false
   instanceType: m5.2xlarge
   region: us-east-1
-  createSecurityGroup: true
-  securityGroups: []
+  createSecurityGroup: false
+  securityGroups: ["aws-rgs-rke2-sg"] # required: replace with your security group
   keypairName: ""
   securityGroupReadonly: false
   sshKeyContents: ""
@@ -217,15 +224,15 @@ nodepools:
   tags: provisioner,rancher,KeepRunning,true
   retries: 5
   rootSize: 128
-  sshUser: ubuntu
+  sshUser: rocky
   volumeType: gp3
   vpcId: vpc-0126d1d91f8d8dbc0 # required: replace with your vpc
   useEbsOptimizedInstance: false
   usePrivateAddress: true
   userdata: |
     #cloud-config
     write_files:
-    - path: /etc/sysctl.d/60-rke2-cis.conf
+    - path: /etc/sysctl.conf
       owner: root
       content: |
         vm.swappiness=0
@@ -259,6 +266,10 @@ nodepools:
         fs.inotify.max_user_instances=8192
         fs.inotify.max_user_watches=1048576
     runcmd:
-    - systemctl restart systemd-sysctl
-    - apt update
+    - sudo sysctl -p > /dev/null 2>&1
+    - sudo yum install -y iptables container-selinux iptables libnetfilter_conntrack libnfnetlink libnftnl policycoreutils-python-utils cryptsetup nfs-utils iscsi-initiator-utils zip zstd tree jq
+    - sudo echo "InitiatorName=$(/sbin/iscsi-iname)" > /etc/iscsi/initiatorname.iscsi && systemctl enable --now iscsid
+    - sudo systemctl stop firewalld; systemctl disable firewalld; systemctl stop nm-cloud-setup; systemctl disable nm-cloud-setup; systemctl stop nm-cloud-setup.timer; systemctl disable nm-cloud-setup.timer
+    - sudo echo -e "[keyfile]\nunmanaged-devices=interface-name:cali*;interface-name:flannel*" > /etc/NetworkManager/conf.d/rke2-canal.conf
+    - sudo mkdir -p /etc/rancher/rke2/
   zone: a