https://rancher.com/ logo
Join Slack
Powered by
This message was deleted.
# general
a
This message was deleted.
c
no. those are in case you put a LB or DNS alias in front of the kubernetes api itself. They are not used by the Ingress in any way and do not have to be present for the Rancher Ingress to function.
a
ok thanks
just to be clear, for the other nodes to join, they will discover themselves when i start the rke2-server on them?
i only have experience with rke1
c
you point them at the first server, or the dns alias / external LB. They coordinate with the existing server to join the cluster.
a
gotcha
w
I’m exploring this myself reading up on it….this is only for the kubernetes api? so if we are doing metalLB. *.k8.example.com —-> metalLB (IP) —> ingress-nginx—> app tls-san It’s not needed If I do HA and use like kube-vip so k8.example.com —> Kube-vip (ip) —> 3x HA Master nodes hosting kubernetes API. would need to add tls-san: k8.example.com Is that correct?
c
well also for the rke2 supervisor api that is used during cluster join. But it is completely isolated from the ingress, if that is what you are asking about.
w
Yeah, my example was simplified
but yup, that’s what i mean
c
it is literally just additional hostnames/IPs that the rke2 server certs will be valid for. Has nothing to do with whatever you will later do with ingress.
👍 1
a
so i got the cluster bootstrapped and i installed rancher with helm
but for some reason it's refusing to use the supplied cert
Copy code
helm install rancher rancher-stable/rancher --version 2.10.1 --namespace cattle-system --set hostname=<http://rancher.example.com|rancher.example.com> --set bootstrapPassword=test123 --set ingress.tls.source=tls-rancher
i'm specifying the version because i'm trying to backup and restore from an existing rancher install
oh i think i see the problem
the ingress.tls.source is supposed to specify 
secret
not the secret name
is there a way to clean up a previous install besides 
helm uninstall
?
6 Views
Open in Slack
PreviousNext
Powered by