Skip to content

Instantly share code, notes, and snippets.

@imwower
Forked from superseb/README.md
Created September 11, 2018 10:15
Show Gist options
  • Save imwower/8a33093de33e1481e4cc3c9a04e77f1a to your computer and use it in GitHub Desktop.
Save imwower/8a33093de33e1481e4cc3c9a04e77f1a to your computer and use it in GitHub Desktop.
Generate self signed certificates for Rancher 2.0

Generate self signed certificates for Rancher 2.0

Generate certificates

docker run -v $PWD/certs:/certs \
  -e SSL_SUBJECT=test.example.com \
  -e SSL_DNS=test.example.com,test2.example.com \
  -e SSL_IP=10.0.0.1 \
  -e K8S_SAVE_CA_CRT=true \
  -e K8S_NAME=cattle-keys-ingress \
  -e K8S_NAMESPACE=cattle-system \
  paulczar/omgwtfssl

Single install

docker run -d --restart=unless-stopped \
  -p 80:80 -p 443:443 \
  -v $PWD/certs/cert.pem:/etc/rancher/ssl/cert.pem \
  -v $PWD/certs/key.pem:/etc/rancher/ssl/key.pem \
  -v $PWD/certs/ca.pem:/etc/rancher/ssl/cacerts.pem \
  rancher/rancher:latest

HA install

Use the value of ca.crt for cacerts.pem, and copy the values from tls.crt and tls.key to the same keys in the rancher-cluster.yml

cat certs/secret.yaml
apiVersion: v1
kind: Secret
metadata:
  name: cattle-keys-ingress
  namespace: cattle-system
type: kubernetes.io/tls
data:
  ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNvRENDQVlnQ0NRRHJ0QUE2US9SaDJ6QU5CZ2txaGtpRzl3MEJBUXNGQURBU01SQXdEZ1lEVlFRRERBZDAKWlhOMExXTmhNQjRYRFRFNE1EWXlNakV4TVRJd09Wb1hEVEU0TURneU1URXhNVEl3T1Zvd0VqRVFNQTRHQTFVRQpBd3dIZEdWemRDMWpZVENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFNc0JHS0dtCndJUXc0LzNJNGdTcDAwa0dhM1EvYS9hdEZib2lLdjJKZDhndmd2UklVNUNnRk9tVFpXQU51ZHBkWWdZRUxSTnEKTnZ2N1NzZy9kM3gvS21qWERtZGNzcmxzRmlxMlRuamJKeGNabXlucDBvUThZZVBjam5LUWNIZE9BbjZycTdGSQozZ2JXV0p3OGlDRGNoS21ENHYzemdub2FnQUorai95RTRYSXRoNU9WdTRrY09LalU5cjArU0Z6cndmbWQrbkN1Ck9yYTg1TWtTYzlZbHc5aElOeXEwc2J6SC81RE9EUVhNcHZqa3UvUjZNUFowSEU5V3hWbGNEYVpIckduWWlmQnYKanpucm91c1hWd1ROOUVNNHBMOTIvRlgwK282K2t1ZXNIS2lvMm8xNTlHWjhBL0lGWDFDNVpYczhtV0pkSGlobwpub3VoaGozcm9FNmNwbzBDQXdFQUFUQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFnK0s3TGEyVE85ejgyT2VtCi9ibi9OdUR5dXVFYkhzbStxQzlvMjFMdlR2M1pHQnlPcXBTNHY1czhxTGZRTUpPZVM5WjE4clRXY2UvV2tZYnEKOTh3cXZRZ0J6dkZuMEpFOEwxc21rRmtDczM2Y0tJc2dtTFFiNmtIeWo0K2E2aWVOTWdtTFNJMWdpMlFsdURjVgo0ZGg5d1JwUy9xOWprWVhkK2ZGRFdvTjNwcUtVU2tXd0s5QUFhL3Y2VUl1TzhwcTZnUDhFZitHUGtzbzFKd3k2CjdXNlZpbGM5SEw2WElzbzc0M05JTWdHei9LZi9RUlZGVXBqZnRwYWowcnoxVGhVZUZ1MHVhay8wTjlZcFJWaU8KTkdWSmNyazBaVE1zdjRERkFQRmpGNncrZHZIS2VkTmhHaGVXS3JnMElraGdXK1VTd00xWmhMYktsbFZDMHZPagozcFB2enc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
  tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcFFJQkFBS0NBUUVBdE4wY0Jha2FXZ3ZsQndib2hmWU1EbU1EemsySVc0OEQxQ3lZakl5WHVCajQ5SEU5CndMU3MvMStYZ0Z5MzhmNzc4elJTNmtqc0tLK0h1WmdnMVFOUElYZ1o0eUordjNITk5zNlo2T1ZCNUpabDViNnUKT1h4ejAxSTFCRTMrNS91T2l4cHVWZ0lkc0ZTeVpBbi9OM2lNNHFIVnVZZkVsakw2V3p6QXlFK3pQUHg2ZGg1MQpOWUVoaVRlZHdRenFpS21XTEp0TTFXQlNvN1A3RlFkOVlCVk5RUFBCZU5UUmxqeDhNcFNhRGEvYUMxZUlaVlFVCi9SRGI5elJyL2ZyeFB2WlkzcFFyQXFDYk5WTVd2Zk5QVlg5OFVYTjRwVTF2NDhOMGxLM1cvelhlSjdnbFNjK3EKd251QzJsL2Jxdys0cU93OVpMUEZldSttZWVsRHBFdFBxZkZhNHdJREFRQUJBb0lCQVFDUmZLT0Q4aWxlY2Q4RApyZ3p4WmFFQkdha0FGT0l4TkhQU0F5V2JPYVQ1MUN5L0JUQzFpU0Q0TS83OHBKamJNMCtjcldSZFRkZWFTc2lWCkJNaTBVUHNnWXluL3ljbkhXbFhIVnAzNytCN3ZNQVE3c1EwWTlRRis1Y3Y3OEhteVJtcTlmcjl1dERrSmxMZ0QKUFA5dHNhMHl5UmZSTEdONHB2MDQwMEFJWWdRK2MwZUU4TnRwTmVpQzFKbkhsSmY4MGt4aVlZSTJEb2x5TjJCUApKaW4zMEg2Z2ZjNTh4QTUzazJUWjNwaUkrRGRRbzdMVitwdjZNcGJ1RU0vdCtKMkx6OWVnbUxod2dxbzFSMm9oCndxZnNuUkhHSWM1NnBraDkrMTQ2NkJtUDlQQjNBUmNuQ281N3VEdFhyNVkxRGFmWTJkMEtpdGlvTjlSZzlFa3EKTGlzWWxEM2hBb0dCQU9TbmRmeEs0aWdONVhQUnZ3VlNUb2d2eGJTcktvQW1mVHg2SHBQaVV6RlBHQmZWQ1kwNQp6b1NPRkFPOW1Rd1hNV3Y0KzlZaEJRcngwcUtwMlFCNTl3dDRyWE1CMVJmUHZ1ck15MkVYTU4zdmMreHp5djJwCjBUREFiN2NrRVZiWFZmYnNsSm1OQjlkODlzT3k3N0thZlIyTFpDVmRhTkZrTW5jUmxCY2gvTnNwQW9HQkFNcCsKZTdlczZmWndNZndjeUxUVWFJSjYvQmNRanB5NnIralptVXdGSnRjbVJadFB6NjRXbDBMTVM1WW1YTW5GKzRregpKTGF1MVhQaEZ0dWtTeEJOYjJiTmVvVitsSUtyTFZ6YkhaSEV6Zk9YTEh0NkM1Q3NIellZU3gzc1RTdmxERTV1CnlDV1ZWZUNiVkg2d3hYUlRGd2xmaXJlcjdxSEROUG8vSXhPaG9KTXJBb0dBUkdvYXNrOVJsYng2c0FuTkJ2R1cKajhjRGQ4aFRJaDdpRCt0V0pOZHVIdTNVZnFUK2c2UU5ON292SU9OazNLby8zbGVVT29DTXVyYWFXSk5MVzRvaQpzZXI4c3RHVWlkaGQvbkVpVlQyVUlJT2FBdUN1bHZGdHB4R2RHNFlPTGhhbUlRaXVlYmNwNW43OGNwZWlncVVZCjFITTFscng1TlZXdWg5UFpwSVpGMnVrQ2dZRUF4OHBnR3V1NnMvSWkvMU1QSEl2dXliNjZkNjlZWm44MERSU1YKVWhKTExrQ09zUnpnRmk0bjlEcEo0YzNjQXlFYWUxWkF4UlpmZU1QL241ck1qVHM1elQ2enduOFAzSlUwWHNlNgp0eFpzOWdpVVZRZ24zUWhXaXpNUSttY3FCVU1yRHoveXJsSlh0eExMSFcwZ2hSTnVTVXRCUE5PZzBXNGZHVUd1ClJESldrcDBDZ1lFQW96OHhTeEpLcW1mcEZvMXpYUERhQ291OGNzUUl6YXBobTd2endSNVRqa2Z0TURBeE5SR2MKa2wzczQzOVVlMEsrL3N6RzFSS2VpR2t6d3laQXM3cHV2RFlrZEFkYWFRRTZOUFQzZkRnZFE4OVhxaHdhU2hMMQpLcDVibnE5ZlF0RS9QT1l4dTJoS2F5bVJpMWxrcUg1NDYxdS8yVzUvM0NqbjJEU0dTUmdqK0NZPQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
  tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURMRENDQWhTZ0F3SUJBZ0lKQUpRV2w0SFVvNmhBTUEwR0NTcUdTSWIzRFFFQkN3VUFNQkl4RURBT0JnTlYKQkFNTUIzUmxjM1F0WTJFd0hoY05NVGd3TmpJeU1URXlNekE1V2hjTk1UZ3dPREl4TVRFeU16QTVXakFiTVJrdwpGd1lEVlFRRERCQjBaWE4wTG1WNFlXMXdiR1V1WTI5dE1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBCk1JSUJDZ0tDQVFFQXROMGNCYWthV2d2bEJ3Ym9oZllNRG1NRHprMklXNDhEMUN5WWpJeVh1Qmo0OUhFOXdMU3MKLzErWGdGeTM4Zjc3OHpSUzZranNLSytIdVpnZzFRTlBJWGdaNHlKK3YzSE5OczZaNk9WQjVKWmw1YjZ1T1h4egowMUkxQkUzKzUvdU9peHB1VmdJZHNGU3laQW4vTjNpTTRxSFZ1WWZFbGpMNld6ekF5RSt6UFB4NmRoNTFOWUVoCmlUZWR3UXpxaUttV0xKdE0xV0JTbzdQN0ZRZDlZQlZOUVBQQmVOVFJsang4TXBTYURhL2FDMWVJWlZRVS9SRGIKOXpSci9mcnhQdlpZM3BRckFxQ2JOVk1XdmZOUFZYOThVWE40cFUxdjQ4TjBsSzNXL3pYZUo3Z2xTYytxd251QwoybC9icXcrNHFPdzlaTFBGZXUrbWVlbERwRXRQcWZGYTR3SURBUUFCbzN3d2VqQUpCZ05WSFJNRUFqQUFNQXNHCkExVWREd1FFQXdJRjREQWRCZ05WSFNVRUZqQVVCZ2dyQmdFRkJRY0RBZ1lJS3dZQkJRVUhBd0V3UVFZRFZSMFIKQkRvd09JSVJkR1Z6ZERJdVpYaGhiWEJzWlM1amIyMkNFWFJsYzNRekxtVjRZVzF3YkdVdVkyOXRnaEIwWlhOMApMbVY0WVcxd2JHVXVZMjl0TUEwR0NTcUdTSWIzRFFFQkN3VUFBNElCQVFDK3lyMnk0NFNDUTJxbDc2aTdhR0hUCkJCTnlaR0ZWNVZNN2FVZks4MlZuT3B1K1I1RUlzanhqSGhuTDNQQmNKYklpeVhJeHA3dXZVTld3bGJXMmNhWkMKYzFCYzIvOEhPMTgwWW5qVVE3RVpmUS8vQloxYXd1Tkt4aW9RSzQrU3QzekdsUHVzaEdWMTRjdzBJTkZ6SGlqOQpQRnYxZVZCbExpYWQvNU1OUVZTVWdvclJ6eWlYSDhBZ0tTZzh0NnEyV1FVZ0lUWG1BMzI2Qkg2YUVjMmZmNWpHCkNwVHhnenVRWUZ1ek1ZWk9OakFlMHZSOUVuM3hTRlZMUWVmcnB0SlA2U3lON2MrMXEzWFBPb01mZW9ZaDVtYmgKQWRpcjlEc0ZCampMNC9TSXJ0a20reSsvcFdoTkViSGlQZjJHbEE5dFhzMTd6MS9WVFJoZzF0eU43RkNVeEpMbQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment