Rancher HA behind f5 with self signed cert


I am attempting to set up HA rancher in my environment. I have 3 server nodes running and have run into an issue where the rancher-compose-executor container is constantly restarting itself. in the logs i am seeing an issue with the cert when trying to connect to my load balancer endpoint. this makes sense becuase it is terminating ssl with a self signed cert. my question is how do i get the HA setup to trust this cert. I am able to access the UI just fine and everything is showing Active other than the compose-executor.

my setup:

F5 VIP rancher.mycompany.com with self signed cert listening on port 443.

3 rancher server nodes in F5 pool set up to take traffic on 443.

when i generated the ha script i chose for rancher to generate cert. should i have used the same cert that the F5 is using here?

Is there a way to add a cert to all containers that rancher spins up for HA so that it is trusted?

also related to certs, my ldap is using that same self signed cert for secure ldap. in non HA mode i just added -v path/to/cert:/ca.crt to the server run command, what is the equivalent in HA?

@warroyo does your rancher-ha.sh script have the certificates injected in it? I believe there was a bug where the cert’s were omitted.