https://rancher.com/ logo
Join Slack
Powered by
This message was deleted.
# general
a
This message was deleted.
b
I'm wondering if it is the tls-rancher secret in the cattle-system ns?
from the page I referenced, and answering my own question but dropping the info here in case anyone else searches. "The caData is the certificate-authority-data from the endpoint cluster ~/.kube/config which you can get from the Rancher console. Copy and paste the quoted key value. It is under the cluster section of the ~/.kube/config. Don't use the user: token: value."
c
Hi Dave ! I am facing a similar issue. What is > endpoint cluster here? Is it the downstream cluster?
f
Hi, I also have argocd on k8s cluster which is not Rancher and I want to connect it to Rancher cluster. I used secret the same way, but now i can see the cluster in the Argo UI but i can't add application to it. Getting error: "certificate is signed by unknown authority"
c
Did you use LetsEncrypt for the certs to managed Rancher?
b
As I am still learning kubernetes itself and everything I am doing is in a home lab and couldn't even follow along with the SUSE@Home repo due to SUSE weird client portal to even get/register SUSE products and packages I have chosen to stick with vanilla k8s for now but I am watching the evolution of rancher and harvester closely... I think the combination is on track to be a vmware distruptor. Just not for my personal learning purposes at the moment.
c
I am doing is in a home lab
Sounds interesting; what are you hosting everything on?
b
3 intel NUC like servers. One is an actual SkullCanyon the other two are msecore industrial fanless units. Currently ubuntu as I a more familiar with it and it's easier than navigating the SUSE scc for media and images. And vanilla kubernetes right now (less things for my purposes to navigate regarding dependencies/different ways of doing things. Still planning on running longhorn and will come back to rancher/harvester when it is more cohesive. I truly think this is where it's at... just not for me right now.
f
Any suggestions to solving my problem. ArgoCD can identify the cluster but cannot add application to it. Something with "certificate signed by unknown authority". The certificate for the Rancher cluster was generated by Rancher itself.
c
Oh k. Can you try setting 
insecure
to true. This is the secret required to connect Rancher cluster to ArgoCD
Copy code
apiVersion: v1
kind: Secret
metadata:
  name: mycluster-secret
  labels:
    <http://argocd.argoproj.io/secret-type|argocd.argoproj.io/secret-type>: cluster
type: Opaque
stringData:
  name: <http://mycluster.com|mycluster.com>
  server: <https://mycluster.com>
  config: |
    {
      "bearerToken": "<authentication token>",
      "tlsClientConfig": {
        "insecure": false,
        "caData": "<base64 encoded certificate>"
      }
    }
f
insecure true didn't help.
b
insecure for argocd is usually around the ingress as argocd itself uses self signed certs and depending on your ingress/gateway it might handle the TLS for you. Sorry, not sure what your exact issue is.
9 Views
Open in Slack
PreviousNext
Powered by