This message was deleted Rancher Users #harvester

Join Slack

This message was deleted.

# harvester

adamant-kite-43734

01/30/2025, 12:39 PM

This message was deleted.

sparse-ghost-91718

01/30/2025, 9:17 PM

I am interested is doing same thing. Hope ther eis process to to use fqdn for mgmt IP and integrate with LE to get certs generated/renewed.

sticky-summer-13450

01/31/2025, 4:36 PM

When I have created a Harvester cluster which I expected to use a LetsEncrypt cert on the management web interface URL, I installed Harvester, grabbed

/etc/rancher/rke2/rke2.yaml

from the node, edited the server URL in that file so that the file worked in for

kubectl --kubeconfig harvester-rke2.yaml

, grabbed the already created cert and pushed it into the appropriate CRD. This script is horrible, but shows you the CRD and the format of the expected data.

Copy code

#!/bin/bash
set -e

publicCertificate=$(awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' ${CERTBOT_HOME}/etc/live/${DOMAIN}/fullchain.pem)
privateKey=$(awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' ${CERTBOT_HOME}/etc/live/${DOMAIN}/privkey.pem)

cat << EOF | kubectl apply -f - --kubeconfig harvester-rke2.yaml
apiVersion: harvesterhci.io/v1beta1
kind: Setting
metadata:
  name: ssl-certificates
value: >-
  {
    "publicCertificate":"${publicCertificate}",
    "privateKey":"${privateKey}"
  }
EOF

I used that script for a while, but now I use

kubectl kustomize

piped into

envsubst

piped into

kubectl apply

because that seems less hacky.

2 Views

Open in Slack

Previous Next