I installed a HA rancher by following the official documentation.
I choose to use my own self signed certificate which I generate as follow :
# openssl req -newkey rsa:2048 -nodes -keyout tls.key -x509 -days 365 -out tls.crt
then I continue the installation and add tls secret as shown here : https://rancher.com/docs/rancher/v2.x/en/installation/options/tls-secrets/
I wrote this script to automate the process :
#!/bin/bash helm repo add rancher-stable https://releases.rancher.com/server-charts/stable if [ -f kube_config_cluster.yml ]; then kubectl \ --kubeconfig kube_config_cluster.yml \ create namespace cattle-system kubectl --kubeconfig kube_config_cluster.yml \ -n cattle-system create secret tls tls-rancher-ingress \ --cert=certs/tls.crt \ --key=certs/tls.key helm --kubeconfig kube_config_cluster.yml install rancher rancher-stable/rancher --namespace cattle-system --set hostname=domain.foo --set ingress.tls.source=secret fi
But It appears that the imported cluster does not bring cattle-cluster-agent and cattle-node-agent pods up. I get this error :
level=fatal msg="Certificate chain is not complete, please check if all needed intermediate certificates are included in the server certificate (in the correct order) and if the cacerts setting in Rancher either contains the correct CA certificate (in the case of using self signed certificates) or is empty (in the case of using a certificate signed by a recognized CA). Certificate information is displayed above. error: Get https://domain.foo: x509: certificate signed by unknown authority"
I would like to identify and correct what I’ve done wrong. For the moment I’m unable to bring the local imported cluster up.