Got an issue when installing rancher HA on kubernetes with self-signed CA

1

[root@alma3 cert]# k create ns cattle-system
namespace/cattle-system created

[root@alma3 ~]# helm install rancher rancher-latest/rancher --namespace cattle-system --set hostname=alma3.techavidity.in --set bootstrapPassword=admin --set ingress.tls.source=secret --set privateCA=true

NAME: rancher
LAST DEPLOYED: Mon Apr 3 17:11:41 2023
NAMESPACE: cattle-system
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES: Rancher Server has been installed

kubectl get secret --namespace cattle-system bootstrap-secret -o go-template=‘{{.data.bootstrapPassword|base64decode}}{{ “\n”}}’

   admin

[root@alma3 ~]# echo https://alma3.techavidity.in/dashboard/?setup=$(kubectl get secret --namespace cattle-system bootstrap-secret -o go-template=‘{{.data.bootstrapPassword|base64decode}}’)
https://alma3.techavidity.in/dashboard/?setup=admin

[root@alma3 ~]# cd cert/
[root@alma3 cert]# ls
ca.crt ca.key ns rancher.csr tmp.json ca.csr ca.srl rancher.crt rancher.key

[root@alma3 cert]# kubectl -n cattle-system create secret tls tls-rancher-ingress --cert rancher.crt
–key rancher.key
secret/tls-rancher-ingress created

[root@alma3 cert]# cat ca.crt >cacerts.pem
[root@alma3 cert]# kubectl -n cattle-system create secret generic tls-ca --from-file=cacerts.pem=./cacerts.pem
secret/tls-ca created

[root@alma3 cert]# kubectl -n cattle-system get deploy rancher
NAME READY UP-TO-DATE AVAILABLE AGE
rancher 3/3 3 1 29m

After this can able to view the rancher UI..
But can’t able to login the rancher using user name and password admin .. rancher UI giving error..

Got the below issue :
[root@alma3 cert]# k logs rancher-69b49b48c4-5c4db -n cattle-system
2023/04/03 13:31:22 [ERROR] failed to start cluster controllers c-m-fh2d7bgv: context canceled 2023/04/03 13:33:18 [INFO] Stopping cluster agent for c-m-4hzmprvd
2023/04/03 13:33:18 [ERROR] failed to start cluster controllers c-m-4hzmprvd: context canceled
2023/04/03 13:33:31 [INFO] Stopping cluster agent for c-m-fh2d7bgv
2023/04/03 13:33:31 [ERROR] failed to start cluster controllers c-m-fh2d7bgv: context canceled

Events:
Type Reason Age From Message ---- ------ ---- ---- -------
Normal Scheduled 7m33s default-scheduler Successfully assigned cattle-system/rancher-69b49b48c4-5c4db to alma1
Warning FailedMount 79s (x11 over 7m31s) kubelet mountVolume.SetUp failed for volume “tls-ca-volume” : secret “tls-ca” not found
Warning FailedMount 53s (x3 over 5m28s) kubelet Unable to attach or mount volumes: unmounted volumes=[tls-ca-volume], unattached volumes=[tls-ca-volume kube-api-access-jjt68]: timed out waiting for the condition

Hi team, Any help is much appreciated ..I have forgotten to say I’m new to rancher ..

2

Hi! :wave:

If you already have a cluster, you can follow this guide here, starting from " Install Rancher with Helm"

let me know if this helps :slight_smile:

Edit: changed link to v2.7

Thanks!

3

I’m thinking you did this a little out of order. You want to create the secrets first, then run the install. Since the certs were updated after the helm install rancher, do a helm upgrade without the bootstrapPassword flag and I believe that will solve the problem? Otherwise use the Rancher Certs Upgrade docs.