Hi,
I’m fairly new to rancher. I’ve decided to test drive a 3 server setup high availability cluster using a certificate signed by a well known certification authority. I edited the 3-node-certificate-recognizedca.yml, filling the nodes definitions, fqdn and pem/key of my signed cert then launching latest rke release.
That local cluster setup easily and I can see on my browser that it is using my own cert. Good.
Now I’m trying to setup another kubernetes cluster another set of virtual machines (using “non” as cloud provider). Problem is I the new cluster never get setup I always see the very same errors in the logs of the rancher-agent container :
level=error msg=“Failed to connect to proxy” error="x509: certificate signed by unknown authority"
I initially ignored the generated cacert in the settings menu. I now have removed it but trying again to set up a new remote cluster still does lead to the same error. Should I somehow restart the whole rancher cluster for that setting to be erased completely ?
One strange thing I found out, while the browser shows me a correct certificate running the following command to check the certificate return some obscure O=Acme Co/CN=Kubernetes Ingress Controller Fake certificate chain:
openssl s_client -showcerts -connect rancher.hopitalvs.ch:443
I am a bit lost.