Hello, I was following this guide to uipdate the private CA certs for rancher
However the https://<Rancher_SERVER>/v3/settings/cacerts is still showing the old CA
Our first revision already used private CA (privateCA=true), but the client created new certs and signed them with new CA hence we need to update them.
Step 1 is to update crt and key (tls-rancher-ingress) secret. The supplied command for update worked fine, checked with kubectl -n cattle system get secret tls-rancher-ingress
Step 2 is to update CA (tls-ca) secret. The supplied command for update worked fine, checked with kubectl -n cattle system get secret tls-ca
Step 3 Helm shows status “Deployed” with description “Upgrade Complete”
helm upgrade rancher rancher-stable/rancher \
--namespace cattle-system \
--version 2.6.1 \
--set hostname=***** \
--set ingress.tls.source=secret \
--set privateCA=true
However when I check https://<Rancher_SERVER>/v3/settings/cacerts or https://<Rancher_SERVER>/cacerts they still contain the old CA chain. Nothing errored, rancher containers haven’t restarted after helm upgrade, the cluster is still accesible.
Any idea what am I missing?