Hi, I’m in the process of installing Rancher using the following values file:
ingress:
tls:
source: rancher
enabled: false
service:
type: NodePort
Once Rancher is up and running, I’m attempting to integrate the Harvester cluster.
The process involves navigating to Rancher’s UI → ‘virtualization management’ → ‘import existing’ → create → copy the generated URL.
Next, in the Harvester UI, I navigate to ‘advanced’ → ‘settings’ → ‘cluster-registration-url’ and paste the generated URL.
Following this, Harvester initiates the cattle-cluster-agent
, but encounters an issue verifying the certificate. It tries to download ‘cacerts’ from https://rancher-url/v3/settings/cacerts
.
Upon investigation, it appears that when Rancher is installed with tls.source=rancher
, it creates:
tls-rancher-internal-ca
for signingtls-rancher-internal
tls-rancher
for signingserving-cert
Querying https://rancher-url/v3/settings/cacerts
retrieves the certificate for tls-rancher
.
However, when connecting to the cluster connection URL generated by Rancher, it serves tls-rancher-internal
. Since tls-rancher
and tls-rancher-internal
are not related in any way, it’s leading to the failure of ‘cattle-cluster-agents.’
I’m uncertain whether I’ve missed a step during Rancher installation resulting in invalid configurations or if this issue is a bug.