How can I install a self-signed CA certificate for the rancher-agent and rancher-server?
Rancher Server: v0.39.0, Cattle: v0.95.0
Rancher Agent: v0.8.2
I configured the Rancher Server with an nginx proxy terminating SSL. For the server certificate I use a self-signed CA certificate (ca.crt). The https web UI access works fine because I could install on the browser client machine my self-signed ca.crt.
How would I do this for rancher server and agent? Unfortunately my hosts run CentOS 7 and not Ubuntu. Since the certificate management is different between the two, I cannot just mount /etc/ssl/certs and /usr/share/ca-certificates into the agent or server container.
The server container also seems to need the certificate because the server tries to create the event router by connecting through the nginx proxy: time=“2015-09-25T21:36:43Z” level=error msg=“Unable to create event router” error=“Get https://XXXXXX:8765/v1: x509: certificate signed by unknown authority”
The only path I could come up with is to extract the /etc/ssl/certs and /usr/share/ca-certificates contents from the agent/server-container to the host, add my ca.crt with update-ca-certifcates and mount the modified directories at container start. Is there perhaps a less tedious and more elegent way to do this?