Rancher Versions: v1.2.2 v1.3 v1.3.1
Docker Version: 0.12.6
OS and where are the hosts located? (cloud, bare metal, etc): ubuntu16.04
Setup Details: (single node rancher vs. HA rancher, internal DB vs. external DB) single node rancher
Environment Type: (Cattle/Kubernetes/Swarm/Mesos) Kubernetes
Steps to Reproduce:
Rancher server started behind nginx container and nginx has SSL enabled. I use private CA. When I add the first host to rancher, I put ca.crt to /var/lib/rancher/etc/ssl then start rancher-agent. Rancher related containers can be successfully created, but when to create “kubernetes-controller-manager-1”, “kubernetes-kubectld-1” and “kubernetes-kubelet-1” , they were all failed to start:
1/17/2017 7:10:32 PMtime=“2017-01-17T11:10:32Z” level=fatal msg="Failed to listen to events: Get https://rancher.demo.com/v1: x509: certificate signed by unknown authority"
1/17/2017 7:10:40 PMtime=“2017-01-17T11:10:40Z” level=info msg="Starting kubectld on :8091"
1/17/2017 7:10:40 PMtime=“2017-01-17T11:10:40Z” level=info msg="Listening for health checks on 0.0.0.0:10240/healthcheck"
1/17/2017 7:10:40 PMtime=“2017-01-17T11:10:40Z” level=fatal msg="Failed to listen to events: Get https://rancher.demo.com/v1: x509: certificate signed by unknown authority"
1/17/2017 7:10:55 PMtime=“2017-01-17T11:10:55Z” level=info msg="Starting kubectld on :8091"
1/17/2017 7:10:55 PMtime=“2017-01-17T11:10:55Z” level=info msg="Listening for health checks on 0.0.0.0:10240/healthcheck"
1/17/2017 7:10:55 PMtime=“2017-01-17T11:10:55Z” level=fatal msg=“Failed to listen to events: Get https://rancher.demo.com/v1: x509: certificate signed by unknown authority”
So I’m wondering ca.crt will not be added to kubenetes containers? (my ca.crt was combined with root and intermediate ca certificates)
Thanks for the help.