Update master_node_install.sh

2026-03-27 08:08:45 +00:00 · 2026-03-27 08:08:45 +00:00 · 9c27ffaa2e
parent e931116308
commit 9c27ffaa2e
1 changed files with 27 additions and 30 deletions
--- a/master_node_install.sh
+++ b/master_node_install.sh
@ -5,7 +5,7 @@ set -Eeuo pipefail
 # Arch Linux Kubernetes Control Plane
 # Fully automated master node installer
 # + Helm
-# + Traefik
+# + ingress-nginx
 # + cert-manager
 # + Rancher
 ########################################
@ -20,19 +20,21 @@ JOIN_COMMAND_FILE="/root/kubeadm-join-command.sh"
 INSTALL_HELM="${INSTALL_HELM:-true}"
 INSTALL_RANCHER="${INSTALL_RANCHER:-true}"
-# Single-node/lab convenience
+# Single-node/lab convenience:
 # Rancher, ingress-nginx, cert-manager, CoreDNS, etc. need schedulable capacity.
 # On a single control-plane node, removing the control-plane taint is the simplest way.
 ALLOW_WORKLOADS_ON_CONTROL_PLANE="${ALLOW_WORKLOADS_ON_CONTROL_PLANE:-true}"
 # Rancher settings
 RANCHER_REPO_CHANNEL="${RANCHER_REPO_CHANNEL:-stable}"    # stable | latest | alpha
 RANCHER_BOOTSTRAP_PASSWORD="${RANCHER_BOOTSTRAP_PASSWORD:-}"
 RANCHER_HOSTNAME="${RANCHER_HOSTNAME:-}"                  # if empty, auto-generate rancher.<NODE_IP>.sslip.io
-RANCHER_REPLICAS="${RANCHER_REPLICAS:-1}"
+RANCHER_REPLICAS="${RANCHER_REPLICAS:-1}"                # 1 for single-node lab installs
 RANCHER_NAMESPACE="${RANCHER_NAMESPACE:-cattle-system}"
-# Traefik settings
+# ingress-nginx settings
-TRAEFIK_NAMESPACE="${TRAEFIK_NAMESPACE:-traefik}"
+INGRESS_NAMESPACE="${INGRESS_NAMESPACE:-ingress-nginx}"
-TRAEFIK_INGRESS_CLASS_NAME="${TRAEFIK_INGRESS_CLASS_NAME:-traefik}"
+INGRESS_CLASS_NAME="${INGRESS_CLASS_NAME:-nginx}"
 # cert-manager settings
 CERT_MANAGER_NAMESPACE="${CERT_MANAGER_NAMESPACE:-cert-manager}"
@ -294,7 +296,7 @@ chmod 600 /root/rancher-bootstrap-password.txt
 # ---------- Step 21: Install Helm repos ----------
 if [[ "${INSTALL_HELM}" == "true" ]]; then
  log "Configuring Helm repositories"
-  helm_repo_add_force traefik https://traefik.github.io/charts
+  helm_repo_add_force ingress-nginx https://kubernetes.github.io/ingress-nginx
  helm_repo_add_force jetstack https://charts.jetstack.io
  case "${RANCHER_REPO_CHANNEL}" in
@ -318,34 +320,29 @@ if [[ "${INSTALL_HELM}" == "true" ]]; then
  helm repo update
 fi
-# ---------- Step 22: Install Traefik ----------
+# ---------- Step 22: Install ingress-nginx ----------
 if [[ "${INSTALL_RANCHER}" == "true" ]]; then
-  log "Installing Traefik"
+  log "Installing ingress-nginx"
-  kubectl_ns_apply "${TRAEFIK_NAMESPACE}"
+  kubectl_ns_apply "${INGRESS_NAMESPACE}"
-  helm upgrade --install traefik traefik/traefik \
+  helm upgrade --install ingress-nginx ingress-nginx/ingress-nginx \
-    --namespace "${TRAEFIK_NAMESPACE}" \
+    --namespace "${INGRESS_NAMESPACE}" \
    --create-namespace \
-    --set deployment.kind=DaemonSet \
+    --set controller.kind=DaemonSet \
-    --set updateStrategy.type=RollingUpdate \
+    --set controller.hostNetwork=true \
-    --set updateStrategy.rollingUpdate.maxUnavailable=1 \
+    --set controller.dnsPolicy=ClusterFirstWithHostNet \
-    --set updateStrategy.rollingUpdate.maxSurge=0 \
+    --set controller.service.type=ClusterIP \
-    --set hostNetwork=true \
+    --set controller.ingressClass="${INGRESS_CLASS_NAME}" \
-    --set deployment.dnsPolicy=ClusterFirstWithHostNet \
+    --set controller.ingressClassResource.name="${INGRESS_CLASS_NAME}" \
-    --set ingressClass.enabled=true \
+    --set controller.ingressClassResource.default=true \
-    --set ingressClass.isDefaultClass=true \
+    --set controller.watchIngressWithoutClass=true \
-    --set ingressClass.name="${TRAEFIK_INGRESS_CLASS_NAME}" \
+    --set controller.reportNodeInternalIp=true \
    --set providers.kubernetesIngress.enabled=true \
    --set ports.web.port=80 \
    --set ports.websecure.port=443 \
    --set service.enabled=false \
    --set logs.general.level=INFO \
    --wait \
    --timeout 15m
-  log "Waiting for Traefik rollout"
+  log "Waiting for ingress-nginx controller"
-  kubectl -n "${TRAEFIK_NAMESPACE}" rollout status daemonset/traefik --timeout=15m
+  kubectl -n "${INGRESS_NAMESPACE}" rollout status daemonset/ingress-nginx-controller --timeout=15m
 fi
 # ---------- Step 23: Install cert-manager ----------
@ -379,7 +376,7 @@ if [[ "${INSTALL_RANCHER}" == "true" ]]; then
    --set hostname="${RANCHER_HOSTNAME}" \
    --set bootstrapPassword="${RANCHER_BOOTSTRAP_PASSWORD}" \
    --set replicas="${RANCHER_REPLICAS}" \
-    --set ingress.ingressClassName="${TRAEFIK_INGRESS_CLASS_NAME}" \
+    --set ingress.ingressClassName="${INGRESS_CLASS_NAME}" \
    --wait \
    --timeout 20m
@ -424,7 +421,7 @@ if [[ "${INSTALL_RANCHER}" == "true" ]]; then
  echo
  echo "Notes:"
  echo "  - sslip.io is used automatically when RANCHER_HOSTNAME is not set."
-  echo "  - Because Traefik is using host networking, access Rancher directly on this node's IP over 443."
+  echo "  - Because ingress-nginx is using host networking, access Rancher directly on this node's IP over 443."
  echo "  - If a local firewall is enabled, ensure ports 80 and 443 are allowed."
  echo
 fi