Hi,
I have Rancher HA setup in AWS with external LB using ALB. I can access it via UI, as well as using kube_config_rancher-cluster.yml credentials generated during the rke setup. Unfortunately I am getting following error:
$ kubectl get pods --all-namespaces
Unable to connect to the server: x509: certificate signed by unknown authority
when I am trying to use credentials generated in Rancher UI.
This is my setup:
rancher-cluster.yaml:
nodes:
- address: 172.25.4.59
internal_address: 172.25.4.59
user: $USER
ssh_key_path: ~/.ssh/id_rsa
role: [controlplane,worker,etcd]
- address: 172.25.5.161
internal_address: 172.25.5.161
user: $USER
ssh_key_path: ~/.ssh/id_rsa
role: [controlplane,worker,etcd]
- address: 172.25.6.153
internal_address: 172.25.6.153
user: $USER
ssh_key_path: ~/.ssh/id_rsa
role: [controlplane,worker,etcd]services:
etcd:
snapshot: true
creation: 6h
retention: 24hingress:
provider: nginx
options:
` use-forwarded-headers: “true”``
rke up --config ./rancher-cluster.yml --ssh-agent-auth
kubectl create clusterrolebinding tiller --clusterrole=cluster-admin --serviceaccount=kube-system:tiller
helm init --service-account tiller
kubectl -n kube-system rollout status deploy/tiller-deploy
helm repo add rancher-stable https://releases.rancher.com/server-charts/stable
helm repo update
kubectl apply -f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.9/deploy/manifests/00-crds.yaml
kubectl create namespace cert-manager
kubectl label namespace cert-manager certmanager.k8s.io/disable-validation=true
helm repo add jetstack https://charts.jetstack.io
helm repo update
helm install --name cert-manager --namespace cert-manager --version v0.9.1 jetstack/cert-manager
helm install rancher-stable/rancher --name rancher --namespace cattle-system --set hostname=domain.net --version v2.2.9 --set tls=external
I have read this: https://github.com/rancher/rancher/issues/15860 as well as https://github.com/rancher/rancher/issues/17155 but none of those advises worked.