Generate self signed certificates for Rancher 2.x

README.md

Generate self signed certificates for Rancher 2.x

Generate certificates

docker run -v $PWD/certs:/certs \
  -e SSL_SUBJECT=test.example.com \
  -e SSL_DNS=test.example.com,test2.example.com \
  -e SSL_IP=10.0.0.1 \
  superseb/omgwtfssl

Single install

docker run -d --restart=unless-stopped \
  -p 80:80 -p 443:443 \
  -v $PWD/certs/cert.pem:/etc/rancher/ssl/cert.pem \
  -v $PWD/certs/key.pem:/etc/rancher/ssl/key.pem \
  -v $PWD/certs/ca.pem:/etc/rancher/ssl/cacerts.pem \
  rancher/rancher:latest

HA install

Use the created certificate files to create the secrets in Kubernetes.

kubectl -n cattle-system create secret tls tls-rancher-ingress --cert=$PWD/certs/cert.pem --key=$PWD/certs/key.pem

Hi Sebastian,
I'm trying to generate certs for an HA setup:
docker run -v $PWD/certs:/certs
-e SSL_SUBJECT=rancher.my.org
-e SSL_DNS=rancher.my.org
-e SSL_IP=10.0.0.1
-e K8S_SAVE_CA_CRT=true
-e K8S_NAME=cattle-keys-ingress
-e K8S_NAMESPACE=cattle-system
paulczar/omgwtfssl
(from https://rancher.com/docs/rancher/v2.x/en/installation/ha/helm-rancher/tls-secrets/)
kubectl -n cattle-system create secret tls tls-rancher-ingress
--cert=tls.crt
--key=tls.key

and get:
error: failed to load key pair tls: failed to find any PEM data in certificate input

I haven't changed my rancher-cluster.yml file and is like this:
nodes:

• address: 10.150.162.241
  user: admin
  role: [controlplane,worker,etcd]
• address: 10.150.162.242
  user: admin
  role: [controlplane,worker,etcd]
• address: 10.150.162.243
  user: admin
  role: [controlplane,worker,etcd]

services:
etcd:
snapshot: true
creation: 6h
retention: 24h

Any clue to fix this cert issue ?
Thank you