we’re using an HA install and we were able to inject our corporate root CA to the rancher server install (additional-ca Secret way) . So the rancher Server Helm-Application is able to communicate with our other corporate applications via TLS securely (Gitlab, Artifactory,…).
However, and I think this is actually how it’s supposed to be, every started Pod got that secret not mounted and is therefore not able to connect validated to the other applications.
What I hope to know, is there a good/best practice to make our Rancher created custom clusters able to connect to these outside applications through https?
- Should we configure the docker daemons somehow during install on the nodes?
- Is there a more abstract K8s way to handle this case and serving custom root CAs?
- Should we fall back all to http traffic instead of https?