I have rancher 2.2.3 in HA mode (install using helm). Followed this document for the install: https://rancher.com/docs/rancher/v2.x/en/installation/ha/
It was installed with self-signed certificate, and all is well.
Now, I need to remove self-signed certificate and install one from CA (cert from file).
Need guidance on how to accomplish this? Is there a document for this?
Thanks, following the document, I am trying to remove the existing self-signed cert with:
kubectl -n cattle-system delete secret tls-rancher-ingress
And I get:
secret “tls-rancher-ingress” deleted
However, within seconds the same cert re-appears…
If I run this command, I get “already exists”:
kubectl -n cattle-system create secret tls tls-rancher-ingress --cert=rancher.crt --key=rancher.key
Error from server (AlreadyExists): secrets "tls-rancher-ingress" already exists
I have the same problem and followed the below steps to overcome the problem. Here cert-manager is recreating it .so need to delete that. I hope this will help.
– Check the cert-manager resources exits
$kubectl get certificaterequests.cert-manager.io -n cattle-system
$kubectl get certificatesigningrequests.certificates.k8s.io -n cattle-system
$kubectl delete certificates.cert-manager.io -n cattle-system tls-rancher-ingress
$kubectl get certificates.cert-manager.io -n cattle-system
No resources found in cattle-system namespace.
–Then rerun the command again
$ kubectl -n cattle-system create secret tls tls-rancher-ingress --cert=rancher.crt --key=rancher.key