Hi, I’m in the process of installing Rancher using the following values file:
ingress:
tls:
source: rancher
enabled: false
service:
type: NodePort
Once Rancher is up and running, I’m attempting to integrate the Harvester cluster.
The process involves navigating to Rancher’s UI → ‘virtualization management’ → ‘import existing’ → create → copy the generated URL.
Next, in the Harvester UI, I navigate to ‘advanced’ → ‘settings’ → ‘cluster-registration-url’ and paste the generated URL.
Following this, Harvester initiates the cattle-cluster-agent, but encounters an issue verifying the certificate. It tries to download ‘cacerts’ from https://rancher-url/v3/settings/cacerts.
Upon investigation, it appears that when Rancher is installed with tls.source=rancher, it creates:
tls-rancher-internal-cafor signingtls-rancher-internaltls-rancherfor signingserving-cert
Querying https://rancher-url/v3/settings/cacerts retrieves the certificate for tls-rancher.
However, when connecting to the cluster connection URL generated by Rancher, it serves tls-rancher-internal. Since tls-rancher and tls-rancher-internal are not related in any way, it’s leading to the failure of ‘cattle-cluster-agents.’
I’m uncertain whether I’ve missed a step during Rancher installation resulting in invalid configurations or if this issue is a bug.