环境信息:
RKE2 版本: 1.23.17
集群配置:
3sever
问题描述:
官网文档 4. 安装 Rancher | Rancher
根据对文档的理解,离线安装似乎只需要用我已有的证书来安装rancher,但是我怎么查看我的证书在哪?是在哪个目录下的.crt 和 .key文件?
以下图中所说的‘’使用你自己的证书来创建 Kubernetes 密文‘’,是找到.crt 和 .key文件,然后使用‘命令’kubectl create secret tls xx --cert xxx --key xxxx -n cattle-system‘’ 来生成对应的secret吗?
生成secret之后,下面命令中 标红的 secret 需要变更为上面创建的secret名字吗?
目前我安装的rancher,暴露nodeport后,注册下游k8s节点报错如下:
time=“2022-06-28T08:00:28Z” level=error msg=“Issuer of last certificate found in chain (CN=xmh-k8s-ca,OU=systemGroup,O=k8s,L=HD,ST=BJ,C=CN) does not match with CA certificate Issuer (CN=dynamiclistener-ca,O=dynamiclistener-org). Please check if the configured server certificate contains all needed intermediate certificates and make sure they are in the correct order (server certificate first, intermediates after)”
time=“2022-06-28T08:00:28Z” level=fatal msg=“Certificate chain is not complete, please check if all needed intermediate certificates are included in the server certificate (in the correct order) and if the cacerts setting in Rancher either contains the correct CA certificate (in the case of using self signed certificates) or is empty (in the case of using a certificate signed by a recognized CA). Certificate information is displayed above. error: Get “https://rch.72.xmh”: x509: certificate signed by unknown authority”
