All nodes are using Ubuntu 20.04.
I created a small 3 node cluster and used RKE 2.5.6 to setup that cluster using the built in cert ca.
Ingress is set to “none” in cluster.yaml
After deploying RKE:
Deployed cert-manager 1.0.4
Then deployed rancher (server) 2.6.5 into the cluster using helm 3.
Then deployed Metal LB.
Patched the rancher service to type LoadBalancer
Logged into the Rancher UI
Under Global, created a new cluster, then used the “copy” to paste the registration command
SSH’d into the node paste the registration command to join. Then checked the rancher agent docker logs and I see this:
“Certificate chain is not complete, please check if all needed intermediate certificates are included in the server certificate (in the correct order) and if the cacerts setting in Rancher either contains the correct CA certificate (in the case of using self signed certificates) or is empty (in the case of using a certificate signed by a recognized CA). Certificate information is displayed above. error: Get “https://192.168.60.50”: x509: certificate signed by unknown authority (possibly because of “x509: ECDSA verification failure” while trying to verify candidate authority certificate “dynamiclistener-ca”)”
I also tried to add an existing cluster to manage and it too shows this error. When trying to run the “kubectl apply -f https://xxxxxx”
“unable to connect to the server: x509: certificate signed by unknown authority”
I’m not sure what is missing, especially with what intermediary cert I am missing.