Rancher Server 设置
-
Rancher 版本:latest
-
安装选项 (Docker install):
-
在线部署:
下游集群信息
- Kubernetes 版本: v1.21.4
- Cluster Type (Local/Downstream):
- 如果 Downstream,是什么类型的集群?(自定义/导入或为托管 等): 自定义
用户信息
- 登录用户的角色是什么? (管理员/集群所有者/集群成员/项目所有者/项目成员/自定义):管理员
- 如果自定义,自定义权限集:
问题描述:
在rancher server 自定义导入k8s集群时,按照提示执行curl --insecure -sfL https://upload-1.glass-dev.mviok.lenovo.dev/v3/import/kgmhrx2qfnzdwmkqxdbjr84sqvhnd2hbnlbs8z2tk8hd4kvm4brtzx_c-m-pqrsj92c.yaml | kubectl apply -f -(自签证书选项) cattle-cluster-agent pod 无法启动
pod 日志报错:(无法识别自签证书,如何能解决这个问题)
time=“2022-05-31T09:57:35Z” level=error msg=“Issuer of last certificate found in chain (CN=lenovoSHA2SUBCA1,0.9.2342.19200300.100.1.25=#13066c656e6f766f,0.9.2342.19200300.100.1.25=#1303636f6d) does not match with CA certificate Issuer (CN=dynamiclistener-ca,O=dynamiclistener-org). Please check if the configured server certificate contains all needed intermediate certificates and make sure they are in the correct order (server certificate first, intermediates after)”
time=“2022-05-31T09:57:35Z” level=fatal msg=“Certificate chain is not complete, please check if all needed intermediate certificates are included in the server certificate (in the correct order) and if the cacerts setting in Rancher either contains the correct CA certificate (in the case of using self signed certificates) or is empty (in the case of using a certificate signed by a recognized CA). Certificate information is displayed above. error: Get “https://upload-1.glass-dev.mviok.lenovo.dev”: x509: certificate signed by unknown authority”