https://rancher.com/ logo
#general
Title
# general
b

bright-fireman-42144

05/21/2023, 9:02 PM
Dealing with the way rancher manager acts as a auth proxy to get the argo suite of products working and ran into this: https://gist.github.com/janeczku/b16154194f7f03f772645303af8e9f80 Can anyone tell me where/how I can find the cadata for this:
Copy code
apiVersion: v1
kind: Secret
metadata:
  name: mycluster-secret
  labels:
    <http://argocd.argoproj.io/secret-type|argocd.argoproj.io/secret-type>: cluster
type: Opaque
stringData:
  name: <http://mycluster.com|mycluster.com>
  server: <https://mycluster.com>
  config: |
    {
      "bearerToken": "<authentication token>",
      "tlsClientConfig": {
        "insecure": false,
        "caData": "<base64 encoded certificate>"
      }
    }
I'm wondering if it is the tls-rancher secret in the cattle-system ns?
from the page I referenced, and answering my own question but dropping the info here in case anyone else searches. "The caData is the certificate-authority-data from the endpoint cluster ~/.kube/config which you can get from the Rancher console. Copy and paste the quoted key value. It is under the cluster section of the ~/.kube/config. Don't use the user: token: value."
c

calm-evening-97142

07/23/2023, 8:09 PM
Hi Dave ! I am facing a similar issue. What is > endpoint cluster here? Is it the downstream cluster?
f

full-battery-30275

07/24/2023, 12:18 PM
Hi, I also have argocd on k8s cluster which is not Rancher and I want to connect it to Rancher cluster. I used secret the same way, but now i can see the cluster in the Argo UI but i can't add application to it. Getting error: "certificate is signed by unknown authority"
c

calm-evening-97142

07/24/2023, 3:11 PM
Did you use LetsEncrypt for the certs to managed Rancher?
b

bright-fireman-42144

07/24/2023, 3:18 PM
As I am still learning kubernetes itself and everything I am doing is in a home lab and couldn't even follow along with the SUSE@Home repo due to SUSE weird client portal to even get/register SUSE products and packages I have chosen to stick with vanilla k8s for now but I am watching the evolution of rancher and harvester closely... I think the combination is on track to be a vmware distruptor. Just not for my personal learning purposes at the moment.
c

calm-evening-97142

07/24/2023, 3:54 PM
I am doing is in a home lab
Sounds interesting; what are you hosting everything on?
b

bright-fireman-42144

07/24/2023, 7:18 PM
3 intel NUC like servers. One is an actual SkullCanyon the other two are msecore industrial fanless units. Currently ubuntu as I a more familiar with it and it's easier than navigating the SUSE scc for media and images. And vanilla kubernetes right now (less things for my purposes to navigate regarding dependencies/different ways of doing things. Still planning on running longhorn and will come back to rancher/harvester when it is more cohesive. I truly think this is where it's at... just not for me right now.
f

full-battery-30275

07/26/2023, 4:53 AM
Any suggestions to solving my problem. ArgoCD can identify the cluster but cannot add application to it. Something with "certificate signed by unknown authority". The certificate for the Rancher cluster was generated by Rancher itself.
c

calm-evening-97142

07/26/2023, 6:11 AM
Oh k. Can you try setting
insecure
to true. This is the secret required to connect Rancher cluster to ArgoCD
Copy code
apiVersion: v1
kind: Secret
metadata:
  name: mycluster-secret
  labels:
    <http://argocd.argoproj.io/secret-type|argocd.argoproj.io/secret-type>: cluster
type: Opaque
stringData:
  name: <http://mycluster.com|mycluster.com>
  server: <https://mycluster.com>
  config: |
    {
      "bearerToken": "<authentication token>",
      "tlsClientConfig": {
        "insecure": false,
        "caData": "<base64 encoded certificate>"
      }
    }
f

full-battery-30275

07/26/2023, 1:16 PM
insecure true didn't help.
b

bright-fireman-42144

07/26/2023, 1:21 PM
insecure for argocd is usually around the ingress as argocd itself uses self signed certs and depending on your ingress/gateway it might handle the TLS for you. Sorry, not sure what your exact issue is.
4 Views