This message was deleted.
# general
a
This message was deleted.
a
Don’t want to choose any and plain http is what am interested as while adding an existing cluster to rancher is causing cert issue
As it’s not able to find cert or I don’t see an option to pass cert
f
It is technically possible to configure the server to listen for plain http by (ab)using config meant for putting it behind a TLS-terminating device. But the UI will not work without TLS, full-stop. It is 2023, not 1999. The auth cookie is marked
secure
and won't be sent by the browser so you can't ever login. Websockets in some browsers also require valid certs (not just some cert you click ignore on) The link you got above is explicitly all the options to auto-generate or provide your own cert.
a
Yes we were able to generate and successfully installed and able to access ui with out issue s
But when tried to add an existing cluster via the command we generate via the arancher UI That was not able to authenticate against management due to cert
Now I do not see even the cert to be passed as an arg to the generated command
I meant the option to provide cert used by management to be passed to the seed cluster while joining
f
Normally the cert is just from a valid ca recognized by the agent. If you're generating your own then that needs to be configured in the server (this is "option b") and there is a mechanism where the agent downloads the cert and ensures its signature matches what was expected so you don't have to explicitly give it.