Rancher 2.2.7 Fresh 3 node HA installation completed. All is good with rancher admin cluster. Self Signed Cert imported into the ingress and i see the certificate in the browser.
Cluster initialized with the following :
./helm template …/…/rancher-2.2.7.tgz --output-dir ./v2 --name rancher --namespace cattle-system --set hostname=rancher.xxx.xxx.com --set rancherImage=myrepo.xxx.xxx.com/rancher/rancher --set ingress.tls.source=secret
When i went to import an already running cluster i see the below error in the cattle agent logs in that cluster
time=“2019-08-14T22:05:16Z” level=info msg=“Connecting to proxy” url=“wss://rancher.xxx.xxx.com/v3/connect/register”
time=“2019-08-14T22:05:16Z” level=error msg=“Failed to connect to proxy” error=“x509: certificate signed by unknown authority”
My thought process was then to import the rest of the chain into the Rancher cacerts directive, so i recreated the deployment yaml with --set additionalTrustedCAs=true, added the secret to the cattle-system namespace, and then deleted and redeployed the rancher deployment. I see the file with intermediate and root cert is there in the pod.
When the pods came back up i still see v3/settings/cacerts is empty … is this the cause of my issue? if so how do i get around this.