Rancher Server 设置
- Rancher 版本:2.6.9
- 安装选项 (Helm Chart):
- 如果是 Helm Chart 安装,需要提供 Local 集群的类型(RKE1, RKE2, k3s, EKS, 等)和版本:
- 在线或离线部署:
下游集群信息
- Kubernetes 版本:
- Cluster Type (Local):
主机操作系统:centos7
问题描述:kubeadm安装的1.24版本k8s,使用helm安装高可用rancher v2.6.9版本,进入UI界面 导入已有集群,创建agent pod时证书报错
重现步骤:
./cert.sh --ssl-domain=oke-nginxi.haohan.ml --ssl-trusted-ip=141.148.183.86 -ssl-trusted-domain=oke-nginxi.haohan.ml --ssl-size=2048 --ssl-date=36500
kubectl create ns cattle-system
helm install rancher rancher-stable/rancher --namespace cattle-system --set hostname=oke-nginx.haohan.ml --set bootstrapPassword=enabot@rancher --set ingress.tls.source=secret --set privateCA=true
kubectl -n cattle-system create secret tls tls-rancher-ingress --cert=tls.crt --key=tls.key
kubectl -n cattle-system create secret generic tls-ca --from-file=cacerts.pem=./cacerts.pem
结果:
预期结果:
截图:
其他上下文信息:
日志
time="2022-11-28T12:08:47Z" level=error msg="Issuer of last certificate found in chain (CN=Kubernetes Ingress Controller Fake Certificate,O=Acme Co) does not match with CA certificate Issuer (CN=cattle-ca,C=CN). Please check if the configured server certificate contains all needed intermediate certificates and make sure they are in the correct order (server certificate first, intermediates after)"
time="2022-11-28T12:08:47Z" level=fatal msg="Get \"https://oke-nginx.haohan.ml\": x509: certificate is valid for ingress.local, not oke-nginx.haohan.ml"