https://rancher.com/ logo
Title
a

agreeable-pharmacist-24247

04/26/2023, 2:27 PM
Want to install rancher with out ssl/tls enabled for internal POC ! We should be good with out encryption so can anyone point us to the steps or args to be passed
a

agreeable-pharmacist-24247

04/26/2023, 2:41 PM
Don’t want to choose any and plain http is what am interested as while adding an existing cluster to rancher is causing cert issue
As it’s not able to find cert or I don’t see an option to pass cert
f

full-painter-23916

04/26/2023, 4:39 PM
It is technically possible to configure the server to listen for plain http by (ab)using config meant for putting it behind a TLS-terminating device. But the UI will not work without TLS, full-stop. It is 2023, not 1999. The auth cookie is marked
secure
and won't be sent by the browser so you can't ever login. Websockets in some browsers also require valid certs (not just some cert you click ignore on) The link you got above is explicitly all the options to auto-generate or provide your own cert.
a

agreeable-pharmacist-24247

04/26/2023, 4:41 PM
Yes we were able to generate and successfully installed and able to access ui with out issue s
But when tried to add an existing cluster via the command we generate via the arancher UI That was not able to authenticate against management due to cert
Now I do not see even the cert to be passed as an arg to the generated command
I meant the option to provide cert used by management to be passed to the seed cluster while joining
f

full-painter-23916

04/26/2023, 4:45 PM
Normally the cert is just from a valid ca recognized by the agent. If you're generating your own then that needs to be configured in the server (this is "option b") and there is a mechanism where the agent downloads the cert and ensures its signature matches what was expected so you don't have to explicitly give it.