I have one single host rancher installation and we have created some clusters already.
Now we need to change the certificates so that the company control the certs.
The problem we encounter is that when we change the CA the already created clusters loose contact with the rancher host.
I will explain the steps I have done and the results.
First I started the rancher with the default command below.
Clean installation.
docker run -d --restart=unless-stopped \
-p 80:80 -p 443:443 \
-v /opt/rancher/:/var/lib/rancher \
rancher/rancher:latest
It starts rancher with default cattle-ca
Then I created a new cluster ”cluster1defaultca” with only one node for testing
Then I stopped rancher and started it again with my certificates.
Install rancher with company certs.
docker run -d --restart=unless-stopped
-p 80:80 -p 443:443
-v /opt/rancher/:/var/lib/rancher
-v /home/serverdrift/cert/rancher2.cer:/etc/rancher/ssl/cert.pem
-v /home/serverdrift/cert/rancher2.key:/etc/rancher/ssl/key.pem
-v /home/serverdrift/cert/ca.crt:/etc/rancher/ssl/cacerts.pem
rancher/rancher:latest
Now when I check the cacert it’s my company’s cert.
And the rancher shows that my cluster is unavailable.
Any ideas on how I will will get contact with my cluster again ?