Skip to content

Instantly share code, notes, and snippets.

@superseb
Last active Jan 11, 2022
Embed
What would you like to do?
Generate self signed certificates for Rancher 2.x

Generate self signed certificates for Rancher 2.x

Generate certificates

docker run -v $PWD/certs:/certs \
  -e SSL_SUBJECT=test.example.com \
  -e SSL_DNS=test.example.com,test2.example.com \
  -e SSL_IP=10.0.0.1 \
  superseb/omgwtfssl

Single install

docker run -d --restart=unless-stopped \
  -p 80:80 -p 443:443 \
  -v $PWD/certs/cert.pem:/etc/rancher/ssl/cert.pem \
  -v $PWD/certs/key.pem:/etc/rancher/ssl/key.pem \
  -v $PWD/certs/ca.pem:/etc/rancher/ssl/cacerts.pem \
  rancher/rancher:latest

HA install

Use the created certificate files to create the secrets in Kubernetes.

kubectl -n cattle-system create secret tls tls-rancher-ingress --cert=$PWD/certs/cert.pem --key=$PWD/certs/key.pem
@c33f
Copy link

c33f commented Feb 7, 2019

Hi Sebastian,
I'm trying to generate certs for an HA setup:
docker run -v $PWD/certs:/certs
-e SSL_SUBJECT=rancher.my.org
-e SSL_DNS=rancher.my.org
-e SSL_IP=10.0.0.1
-e K8S_SAVE_CA_CRT=true
-e K8S_NAME=cattle-keys-ingress
-e K8S_NAMESPACE=cattle-system
paulczar/omgwtfssl
(from https://rancher.com/docs/rancher/v2.x/en/installation/ha/helm-rancher/tls-secrets/)
kubectl -n cattle-system create secret tls tls-rancher-ingress
--cert=tls.crt
--key=tls.key

and get:
error: failed to load key pair tls: failed to find any PEM data in certificate input

I haven't changed my rancher-cluster.yml file and is like this:
nodes:

  • address: 10.150.162.241
    user: admin
    role: [controlplane,worker,etcd]
  • address: 10.150.162.242
    user: admin
    role: [controlplane,worker,etcd]
  • address: 10.150.162.243
    user: admin
    role: [controlplane,worker,etcd]

services:
etcd:
snapshot: true
creation: 6h
retention: 24h

Any clue to fix this cert issue ?
Thank you

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment