I am currently taking my first steps with Rancher. I have a VmWare vCenter server and I’d like to rely on the vSphere storage for providing persistent volumes. My cluster nodes are deployed manually: when provisioning the cluster in Rancher I select “From my own existing nodes” with a “Custom Cloud provider”. I manually provide the “cloud_provider” configuration to the cluster options in YAML. The cluster node is installed without problem that way.
After that, I configure a storage class using the “VMWare vSphere Volume” provisioner via the Rancher web. So far, so good.
Then, I try to add a volume to my cluster but it does not work. The status of the PVC stays to a “Pending” state: an x509 certificate problem actually prevents PV to be created.
$ admin@node01:~$ docker logs -f kube-controller-manager
I1109 11:01:13.436871 1 event.go:221] Event(v1.ObjectReference{Kind:"PersistentVolumeClaim", Namespace:"default", Name:"my-vsphere-volume", UID:"b88f14f8-e40e-11e8-a513-005056a3f168", APIVersion:"v1", ResourceVersion:"2441", FieldPath:""}): type: 'Warning' reason: 'ProvisioningFailed' Failed to provision volume with StorageClass "sphere-storage": Post https://192.168.86.38.xip.io:443/sdk: x509: certificate signed by unknown authority
In fact, my vCenter uses a self signed certificate that Rancher does not trust. I can workaround the problem adding manually the vCenter ca-certificate into the /etc/ssl/certs/ca-certificates.crt file into the “kube-controller-manager” container but this is not the way to go.
I found the doc at https://rancher.com/docs/rancher/v2.x/en/admin-settings/custom-ca-root-certificate/ but I don’t understand how to do the same for “kube-controller-manager”.
I go round in circles from days with that! Is there something stupid (or not) I missed? Any help/pointer would be greatly welcome.
PS: I’m not yet so familiar with docker nor rancher, please be indulgent! 
Thanks in anticipation.
Best,
Olivier