Skip to content

Instantly share code, notes, and snippets.

@imwower

imwower/README.md

Forked from superseb/README.md
Created September 11, 2018 10:15
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save imwower/8a33093de33e1481e4cc3c9a04e77f1a to your computer and use it in GitHub Desktop.
Save imwower/8a33093de33e1481e4cc3c9a04e77f1a to your computer and use it in GitHub Desktop.
Download ZIP
Generate self signed certificates for Rancher 2.0
Raw
README.md

Generate self signed certificates for Rancher 2.0

Generate certificates

docker run -v $PWD/certs:/certs \
  -e SSL_SUBJECT=test.example.com \
  -e SSL_DNS=test.example.com,test2.example.com \
  -e SSL_IP=10.0.0.1 \
  -e K8S_SAVE_CA_CRT=true \
  -e K8S_NAME=cattle-keys-ingress \
  -e K8S_NAMESPACE=cattle-system \
  paulczar/omgwtfssl

Single install

docker run -d --restart=unless-stopped \
  -p 80:80 -p 443:443 \
  -v $PWD/certs/cert.pem:/etc/rancher/ssl/cert.pem \
  -v $PWD/certs/key.pem:/etc/rancher/ssl/key.pem \
  -v $PWD/certs/ca.pem:/etc/rancher/ssl/cacerts.pem \
  rancher/rancher:latest

HA install

Use the value of ca.crt for cacerts.pem, and copy the values from tls.crt and tls.key to the same keys in the rancher-cluster.yml

cat certs/secret.yaml
apiVersion: v1
kind: Secret
metadata:
  name: cattle-keys-ingress
  namespace: cattle-system
type: kubernetes.io/tls
data:
  ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNvRENDQVlnQ0NRRHJ0QUE2US9SaDJ6QU5CZ2txaGtpRzl3MEJBUXNGQURBU01SQXdEZ1lEVlFRRERBZDAKWlhOMExXTmhNQjRYRFRFNE1EWXlNakV4TVRJd09Wb1hEVEU0TURneU1URXhNVEl3T1Zvd0VqRVFNQTRHQTFVRQpBd3dIZEdWemRDMWpZVENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFNc0JHS0dtCndJUXc0LzNJNGdTcDAwa0dhM1EvYS9hdEZib2lLdjJKZDhndmd2UklVNUNnRk9tVFpXQU51ZHBkWWdZRUxSTnEKTnZ2N1NzZy9kM3gvS21qWERtZGNzcmxzRmlxMlRuamJKeGNabXlucDBvUThZZVBjam5LUWNIZE9BbjZycTdGSQozZ2JXV0p3OGlDRGNoS21ENHYzemdub2FnQUorai95RTRYSXRoNU9WdTRrY09LalU5cjArU0Z6cndmbWQrbkN1Ck9yYTg1TWtTYzlZbHc5aElOeXEwc2J6SC81RE9EUVhNcHZqa3UvUjZNUFowSEU5V3hWbGNEYVpIckduWWlmQnYKanpucm91c1hWd1ROOUVNNHBMOTIvRlgwK282K2t1ZXNIS2lvMm8xNTlHWjhBL0lGWDFDNVpYczhtV0pkSGlobwpub3VoaGozcm9FNmNwbzBDQXdFQUFUQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFnK0s3TGEyVE85ejgyT2VtCi9ibi9OdUR5dXVFYkhzbStxQzlvMjFMdlR2M1pHQnlPcXBTNHY1czhxTGZRTUpPZVM5WjE4clRXY2UvV2tZYnEKOTh3cXZRZ0J6dkZuMEpFOEwxc21rRmtDczM2Y0tJc2dtTFFiNmtIeWo0K2E2aWVOTWdtTFNJMWdpMlFsdURjVgo0ZGg5d1JwUy9xOWprWVhkK2ZGRFdvTjNwcUtVU2tXd0s5QUFhL3Y2VUl1TzhwcTZnUDhFZitHUGtzbzFKd3k2CjdXNlZpbGM5SEw2WElzbzc0M05JTWdHei9LZi9RUlZGVXBqZnRwYWowcnoxVGhVZUZ1MHVhay8wTjlZcFJWaU8KTkdWSmNyazBaVE1zdjRERkFQRmpGNncrZHZIS2VkTmhHaGVXS3JnMElraGdXK1VTd00xWmhMYktsbFZDMHZPagozcFB2enc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
  tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcFFJQkFBS0NBUUVBdE4wY0Jha2FXZ3ZsQndib2hmWU1EbU1EemsySVc0OEQxQ3lZakl5WHVCajQ5SEU5CndMU3MvMStYZ0Z5MzhmNzc4elJTNmtqc0tLK0h1WmdnMVFOUElYZ1o0eUordjNITk5zNlo2T1ZCNUpabDViNnUKT1h4ejAxSTFCRTMrNS91T2l4cHVWZ0lkc0ZTeVpBbi9OM2lNNHFIVnVZZkVsakw2V3p6QXlFK3pQUHg2ZGg1MQpOWUVoaVRlZHdRenFpS21XTEp0TTFXQlNvN1A3RlFkOVlCVk5RUFBCZU5UUmxqeDhNcFNhRGEvYUMxZUlaVlFVCi9SRGI5elJyL2ZyeFB2WlkzcFFyQXFDYk5WTVd2Zk5QVlg5OFVYTjRwVTF2NDhOMGxLM1cvelhlSjdnbFNjK3EKd251QzJsL2Jxdys0cU93OVpMUEZldSttZWVsRHBFdFBxZkZhNHdJREFRQUJBb0lCQVFDUmZLT0Q4aWxlY2Q4RApyZ3p4WmFFQkdha0FGT0l4TkhQU0F5V2JPYVQ1MUN5L0JUQzFpU0Q0TS83OHBKamJNMCtjcldSZFRkZWFTc2lWCkJNaTBVUHNnWXluL3ljbkhXbFhIVnAzNytCN3ZNQVE3c1EwWTlRRis1Y3Y3OEhteVJtcTlmcjl1dERrSmxMZ0QKUFA5dHNhMHl5UmZSTEdONHB2MDQwMEFJWWdRK2MwZUU4TnRwTmVpQzFKbkhsSmY4MGt4aVlZSTJEb2x5TjJCUApKaW4zMEg2Z2ZjNTh4QTUzazJUWjNwaUkrRGRRbzdMVitwdjZNcGJ1RU0vdCtKMkx6OWVnbUxod2dxbzFSMm9oCndxZnNuUkhHSWM1NnBraDkrMTQ2NkJtUDlQQjNBUmNuQ281N3VEdFhyNVkxRGFmWTJkMEtpdGlvTjlSZzlFa3EKTGlzWWxEM2hBb0dCQU9TbmRmeEs0aWdONVhQUnZ3VlNUb2d2eGJTcktvQW1mVHg2SHBQaVV6RlBHQmZWQ1kwNQp6b1NPRkFPOW1Rd1hNV3Y0KzlZaEJRcngwcUtwMlFCNTl3dDRyWE1CMVJmUHZ1ck15MkVYTU4zdmMreHp5djJwCjBUREFiN2NrRVZiWFZmYnNsSm1OQjlkODlzT3k3N0thZlIyTFpDVmRhTkZrTW5jUmxCY2gvTnNwQW9HQkFNcCsKZTdlczZmWndNZndjeUxUVWFJSjYvQmNRanB5NnIralptVXdGSnRjbVJadFB6NjRXbDBMTVM1WW1YTW5GKzRregpKTGF1MVhQaEZ0dWtTeEJOYjJiTmVvVitsSUtyTFZ6YkhaSEV6Zk9YTEh0NkM1Q3NIellZU3gzc1RTdmxERTV1CnlDV1ZWZUNiVkg2d3hYUlRGd2xmaXJlcjdxSEROUG8vSXhPaG9KTXJBb0dBUkdvYXNrOVJsYng2c0FuTkJ2R1cKajhjRGQ4aFRJaDdpRCt0V0pOZHVIdTNVZnFUK2c2UU5ON292SU9OazNLby8zbGVVT29DTXVyYWFXSk5MVzRvaQpzZXI4c3RHVWlkaGQvbkVpVlQyVUlJT2FBdUN1bHZGdHB4R2RHNFlPTGhhbUlRaXVlYmNwNW43OGNwZWlncVVZCjFITTFscng1TlZXdWg5UFpwSVpGMnVrQ2dZRUF4OHBnR3V1NnMvSWkvMU1QSEl2dXliNjZkNjlZWm44MERSU1YKVWhKTExrQ09zUnpnRmk0bjlEcEo0YzNjQXlFYWUxWkF4UlpmZU1QL241ck1qVHM1elQ2enduOFAzSlUwWHNlNgp0eFpzOWdpVVZRZ24zUWhXaXpNUSttY3FCVU1yRHoveXJsSlh0eExMSFcwZ2hSTnVTVXRCUE5PZzBXNGZHVUd1ClJESldrcDBDZ1lFQW96OHhTeEpLcW1mcEZvMXpYUERhQ291OGNzUUl6YXBobTd2endSNVRqa2Z0TURBeE5SR2MKa2wzczQzOVVlMEsrL3N6RzFSS2VpR2t6d3laQXM3cHV2RFlrZEFkYWFRRTZOUFQzZkRnZFE4OVhxaHdhU2hMMQpLcDVibnE5ZlF0RS9QT1l4dTJoS2F5bVJpMWxrcUg1NDYxdS8yVzUvM0NqbjJEU0dTUmdqK0NZPQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
  tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURMRENDQWhTZ0F3SUJBZ0lKQUpRV2w0SFVvNmhBTUEwR0NTcUdTSWIzRFFFQkN3VUFNQkl4RURBT0JnTlYKQkFNTUIzUmxjM1F0WTJFd0hoY05NVGd3TmpJeU1URXlNekE1V2hjTk1UZ3dPREl4TVRFeU16QTVXakFiTVJrdwpGd1lEVlFRRERCQjBaWE4wTG1WNFlXMXdiR1V1WTI5dE1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBCk1JSUJDZ0tDQVFFQXROMGNCYWthV2d2bEJ3Ym9oZllNRG1NRHprMklXNDhEMUN5WWpJeVh1Qmo0OUhFOXdMU3MKLzErWGdGeTM4Zjc3OHpSUzZranNLSytIdVpnZzFRTlBJWGdaNHlKK3YzSE5OczZaNk9WQjVKWmw1YjZ1T1h4egowMUkxQkUzKzUvdU9peHB1VmdJZHNGU3laQW4vTjNpTTRxSFZ1WWZFbGpMNld6ekF5RSt6UFB4NmRoNTFOWUVoCmlUZWR3UXpxaUttV0xKdE0xV0JTbzdQN0ZRZDlZQlZOUVBQQmVOVFJsang4TXBTYURhL2FDMWVJWlZRVS9SRGIKOXpSci9mcnhQdlpZM3BRckFxQ2JOVk1XdmZOUFZYOThVWE40cFUxdjQ4TjBsSzNXL3pYZUo3Z2xTYytxd251QwoybC9icXcrNHFPdzlaTFBGZXUrbWVlbERwRXRQcWZGYTR3SURBUUFCbzN3d2VqQUpCZ05WSFJNRUFqQUFNQXNHCkExVWREd1FFQXdJRjREQWRCZ05WSFNVRUZqQVVCZ2dyQmdFRkJRY0RBZ1lJS3dZQkJRVUhBd0V3UVFZRFZSMFIKQkRvd09JSVJkR1Z6ZERJdVpYaGhiWEJzWlM1amIyMkNFWFJsYzNRekxtVjRZVzF3YkdVdVkyOXRnaEIwWlhOMApMbVY0WVcxd2JHVXVZMjl0TUEwR0NTcUdTSWIzRFFFQkN3VUFBNElCQVFDK3lyMnk0NFNDUTJxbDc2aTdhR0hUCkJCTnlaR0ZWNVZNN2FVZks4MlZuT3B1K1I1RUlzanhqSGhuTDNQQmNKYklpeVhJeHA3dXZVTld3bGJXMmNhWkMKYzFCYzIvOEhPMTgwWW5qVVE3RVpmUS8vQloxYXd1Tkt4aW9RSzQrU3QzekdsUHVzaEdWMTRjdzBJTkZ6SGlqOQpQRnYxZVZCbExpYWQvNU1OUVZTVWdvclJ6eWlYSDhBZ0tTZzh0NnEyV1FVZ0lUWG1BMzI2Qkg2YUVjMmZmNWpHCkNwVHhnenVRWUZ1ek1ZWk9OakFlMHZSOUVuM3hTRlZMUWVmcnB0SlA2U3lON2MrMXEzWFBPb01mZW9ZaDVtYmgKQWRpcjlEc0ZCampMNC9TSXJ0a20reSsvcFdoTkViSGlQZjJHbEE5dFhzMTd6MS9WVFJoZzF0eU43RkNVeEpMbQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment