Hey So I asked this question some time ago, but I kinda want to know if its possible.
So current problem.
We have a rancher cluster on our servers 3 nodes for rancher 3 nodes for a production cluster
We don’t want our rancher cluster to be accessible to the outside world but the managed production cluster to be exposed. We also need signed certs for production. Looking into rancher lets encrypt it says that the load balancer has to be exposed so I run into this problem.
Let’s say Loadbalancer is on 10.1.1.42. It points to 10.1.1.43-45 for the rancher cluster.
And let’s say that inside the router we route the dns name of rancher.test.com to 10.1.1.42
And outside the router, we have a public dns of app.production.com to 10.1.1.42
So I understand that it is okay to have the app.production.com to 10.1.1.42 because it can be accessed from outside. but what about the rancher server on rancher.test.com? How can I make it just use self-signed certs? Is this even possible? Or Am I just crazy cause I would like to know!
Thanks in advance!