Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Rancher Client does not read self signed certs #6122
OS and where are the hosts located? (cloud, bare metal, etc):
Setup Details: (single node rancher vs. HA rancher, internal DB vs. external DB)
Environment Type: (Cattle/Kubernetes/Swarm/Mesos)
I am seeing an issue when using a self signed cert and trying to provision a kubernetes environment. When starting the Kubernetes services the ingress_controller is failing with
i have configured the agent's
is there a way for it to be trusted?
@warroyo thanks for reporting this issue.
Unfortunately, this issue is the symptom of a bigger issue. Our rancher api client library
To fix, we'd need to develop a generic routine for inject the self-signed certs into the containers and then to configure them as part of the OS store.
@cjellick, do we need to configure it as a part of the OS store? Doesn't that make it less secure?
We could just read the certs from go-rancher using this - https://gist.github.com/michaljemala/d6f4e01c4834bf47a9c4#file-tls-client-go-L37
Doesn't kubernetes work in a similar way?
referenced this issue
Dec 28, 2016
Tested with rancher-server version - v1.3.0-rc2 using self signed certs.
rancher-server is started with the following command -
It is hosted behind nginx server that acts as a reverse proxy.
On the host , certs have to be copied to /var/lib/rancher/etc/ssl/ca.crt before running the host registration url which will already include
Able to add hosts successfully to "cattle" environment.
Able to add services with health check enabled and they get to "healthy" state.