Using a custom cert for Rancher HA (corporate CA) - best practice?


#1

What is the officially supported way to use a corp certificate (signed by a corporate CA - not public) for Rancher HA? I have followed the steps in the docs for a custom certificate (using 2.1.7). The HA cluster and rancher server comes up without issue using our certificate. I didn’t have to change anything

When creating a custom cluster after the rancher-server cluster is up, and adding nodes, it appears that some volume mounting is required when running rancher-agent on the nodes. Following forum posts, I used -v /etc/ssl/certs:/etc/ssl/certs on Ubuntu VM’s (in which the hosts have the corporate cert chain trusted) in order for them to join a cluster. This seems to work.

Is that the preferred method?

Am I missing any other steps that might cause issues later? I see some forum posts where folks were also mounting certs for rancher-server image. I didn’t have any issue there, did I miss something?

Should these steps be added to the docs?