Hi,
I installed a HA rancher by following the official documentation.
I choose to use my own self signed certificate which I generate as follow :
# openssl req -newkey rsa:2048 -nodes -keyout tls.key -x509 -days 365 -out tls.crt
then I continue the installation and add tls secret as shown here : https://rancher.com/docs/rancher/v2.x/en/installation/options/tls-secrets/
I wrote this script to automate the process :
#!/bin/bash
helm repo add rancher-stable https://releases.rancher.com/server-charts/stable
if [ -f kube_config_cluster.yml ]; then
kubectl \
--kubeconfig kube_config_cluster.yml \
create namespace cattle-system
kubectl --kubeconfig kube_config_cluster.yml \
-n cattle-system create secret tls tls-rancher-ingress \
--cert=certs/tls.crt \
--key=certs/tls.key
helm --kubeconfig kube_config_cluster.yml install rancher rancher-stable/rancher --namespace cattle-system --set hostname=domain.foo --set ingress.tls.source=secret
fi
But It appears that the imported cluster does not bring cattle-cluster-agent and cattle-node-agent pods up. I get this error :
level=fatal msg="Certificate chain is not complete,
please check if all needed intermediate certificates
are included in the server certificate (in the correct order)
and if the cacerts setting in Rancher either contains the correct CA
certificate (in the case of using self signed certificates)
or is empty (in the case of using a certificate signed by a recognized CA).
Certificate information is displayed above. error: Get
https://domain.foo: x509: certificate signed by unknown authority"
I would like to identify and correct what I’ve done wrong. For the moment I’m unable to bring the local imported cluster up.