Workflow:
Deploy SLES 3 nodes hosted VMWare , SSH keyless login. Ignite Supervisor cluster
Choose Cilium
Issue:
All workload clusters deployed fail with invalid cert error. Cilium deployment uses different certificate selft signed then the cluster.
Question:
- Is their option within workload cluster definition where I can pull the current self signed cert from Cilium and pass it to be used
Or… - Is their option within workload cluster definition where I can tell the workload clusters Ex: --insecure-skip-tls-verify’
vi /environments/dvops/rke-dr-sc/hosts.yml
<snip>
- cilium
manifest_config_file_path: "/home/ansible/git/gitlab/cdw/rancher_deploy/environments/dvops/rke-dr-sc/manifests"
vi /home/ansible/git/gitlab/cdw/rancher_deploy/environments/dvops/rke-dr-sc/manifests/cilium.yml
---
apiVersion: helm.cattle.io/v1
kind: HelmChartConfig
metadata:
name: rke2-cilium
namespace: kube-system
spec:
version: 1.16.101
valuesContent: |-
---
apiVersion: "cilium.io/v2alpha1"
kind: CiliumL2AnnouncementPolicy
metadata:
name: policy1
spec:
# serviceSelector:
# matchLabels:
# k8s-app: kube-apiserver
interfaces:
- ^eth[0-9]+
externalIPs: true
loadBalancerIPs: true
---
apiVersion: "cilium.io/v2alpha1"
kind: CiliumLoadBalancerIPPool
metadata:
name: "rancher-pool"
spec:
blocks:
- cidr: "10.89.130.242/32"
Deploy:
git submodule add https://github.com/rancherfederal/rke2-ansible.git
ansible-playbook site.yml -i ../environments/dvops/rke-dr-sc/hosts.yml --extra-vars "ansible_sudo_pass=Passw#rd"