Got an issue when installing rancher HA on kubernetes with self-signed CA

[root@alma3 cert]# k create ns cattle-system
namespace/cattle-system created

[root@alma3 ~]# helm install rancher rancher-latest/rancher --namespace cattle-system --set hostname=alma3.techavidity.in --set bootstrapPassword=admin --set ingress.tls.source=secret --set privateCA=true

NAME: rancher
LAST DEPLOYED: Mon Apr 3 17:11:41 2023
NAMESPACE: cattle-system
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES: Rancher Server has been installed

kubectl get secret --namespace cattle-system bootstrap-secret -o go-template=‘{{.data.bootstrapPassword|base64decode}}{{ “\n”}}’

   admin

[root@alma3 ~]# echo https://alma3.techavidity.in/dashboard/?setup=$(kubectl get secret --namespace cattle-system bootstrap-secret -o go-template=‘{{.data.bootstrapPassword|base64decode}}’)
https://alma3.techavidity.in/dashboard/?setup=admin

[root@alma3 ~]# cd cert/
[root@alma3 cert]# ls
ca.crt ca.key ns rancher.csr tmp.json ca.csr ca.srl rancher.crt rancher.key

[root@alma3 cert]# kubectl -n cattle-system create secret tls tls-rancher-ingress --cert rancher.crt
–key rancher.key
secret/tls-rancher-ingress created

[root@alma3 cert]# cat ca.crt >cacerts.pem
[root@alma3 cert]# kubectl -n cattle-system create secret generic tls-ca --from-file=cacerts.pem=./cacerts.pem
secret/tls-ca created

[root@alma3 cert]# kubectl -n cattle-system get deploy rancher
NAME READY UP-TO-DATE AVAILABLE AGE
rancher 3/3 3 1 29m

After this can able to view the rancher UI…
But can’t able to login the rancher using user name and password admin … rancher UI giving error…

Got the below issue :
[root@alma3 cert]# k logs rancher-69b49b48c4-5c4db -n cattle-system
2023/04/03 13:31:22 [ERROR] failed to start cluster controllers c-m-fh2d7bgv: context canceled 2023/04/03 13:33:18 [INFO] Stopping cluster agent for c-m-4hzmprvd
2023/04/03 13:33:18 [ERROR] failed to start cluster controllers c-m-4hzmprvd: context canceled
2023/04/03 13:33:31 [INFO] Stopping cluster agent for c-m-fh2d7bgv
2023/04/03 13:33:31 [ERROR] failed to start cluster controllers c-m-fh2d7bgv: context canceled

Events:
Type Reason Age From Message ---- ------ ---- ---- -------
Normal Scheduled 7m33s default-scheduler Successfully assigned cattle-system/rancher-69b49b48c4-5c4db to alma1
Warning FailedMount 79s (x11 over 7m31s) kubelet mountVolume.SetUp failed for volume “tls-ca-volume” : secret “tls-ca” not found
Warning FailedMount 53s (x3 over 5m28s) kubelet Unable to attach or mount volumes: unmounted volumes=[tls-ca-volume], unattached volumes=[tls-ca-volume kube-api-access-jjt68]: timed out waiting for the condition

Hi team, Any help is much appreciated …I have forgotten to say I’m new to rancher …

Hi! :wave:

If you already have a cluster, you can follow this guide here, starting from " Install Rancher with Helm"

let me know if this helps :slight_smile:

Edit: changed link to v2.7

Thanks!

I’m thinking you did this a little out of order. You want to create the secrets first, then run the install. Since the certs were updated after the helm install rancher, do a helm upgrade without the bootstrapPassword flag and I believe that will solve the problem? Otherwise use the Rancher Certs Upgrade docs.