Everything seems to be Ok (no errors and warnings in the cluster), but I can’t access the Rancher UI using browser (getting error ‘unexpectedly closed the connection’ in Chrome).
When trying to access using kubectl port-forward i see the redirection (302) happening from 80 to 8443
Rancher pod logs are filled with:
[ERROR] Failed to find system chart fleet will try again in 5 seconds: configmaps "rancher-charts-24bzp" not found
There is probably something I’m missing, but not sure what it is…
TLS is required, you can’t just port forward to 80 and use it.
The balancer/TLS termination device in front of it needs to set x-forwarded-host and -proto headers.
Otherwise the http port is only used for redirecting to https (and it doesn’t know what port tls is actually exposed on, so it redirects to the port the request came in on + 363 (443-80 = 363). So you’re running on :8000?)
What is the best way to run Rancher in the cluster managed by GKE (or whatever) and make use of Google manages SSL cert for Rancher (Using Google-managed SSL certificates)? Or there is other recommended way?
Sorry, if this is retarded question, I just created this GKE cluster for Rancher and want to make sure it follows the best practices. Before I was running it in single container and used LetsEncrypt option to take care of SSL certs out of the box - worked pretty good. Does it make sense to use the same (LetsEncrypt) when running Rancher behind GKE LB/Ingress?
