I am running into a problem when trying to use a freshly initialized helm on a k8s cluster that was created using Rancher. Rancher is run as a single node on docker inside of our network and is not publicly accessible. As a reference point, here is how rancher is started:
docker run -d --volumes-from rancher-data --restart=unless-stopped -p 80:80 -p 443:443 -v /etc/ssl/certs/our_certificate_chained.pem:/etc/rancher/ssl/cert.pem -v /etc/ssl/private/our_certificate_private_key.key:/etc/rancher/ssl/key.pem rancher/rancher:latest --no-cacerts
The certificate is a wildcard certificate we use all over the company from a GoDaddy. I have no idea if this is relevant as I’m not sure if this is the certificate in question for the error we are getting. Helm, the service account and tiller have been initialized per the information here:
https://rancher.com/docs/rancher/v2.x/en/installation/ha/helm-init/
Here is where I run into a problem. If I try to do a helm install, I get an error such as the below:
Error: Get https://rancher.ourdomain.com/k8s/clusters/c-ps8sw/api/v1/namespaces/kube-system/pods?labelSelector=app%3Dhelm%2Cname%3Dtiller: x509: certificate signed by unknown authority
This is the command I’m running to get this:
helm install --name prometheus stable/prometheus --tiller-namespace kube-system --kubeconfig config --namespace mytestnamespace --set rbac.create=false
The referenced kubeconfig file is one setup using information from the tiller service account that I created. I am unsure what I may be missing in order to get helm to work using this service account that I created. If anyone has any ideas, or needs more information from me to aid me in a resolution, that would be helpful.
Thanks.