ello everybody,
We have deployed
Rancher server on Kubernetes using certificates signed by our
private intermediate CA, its certificate in turn being signed by our
private root CA.
Before deploying Rancher server, we had created the certificate secret resource for the ingress as well as the CA certificate secret resource as instructed by this guide:
https://docs.ranchermanager.rancher.io/v2.5/getting-started/installation-and-upgrade/resources/update-rancher-certificate
The ingress secret contains the certificate corresponding to the ingress FQDN, and the intermediate CA certificate, plus the ingress private key.
The
https://<FQDN>/v3/settings/_cacerts_
Rancher server was deployed using the following command:
helm install rancher rancher-stable/rancher --namespace cattle-system \
--set hostname=<FQDN> \
--set replicas=3 \
--set ingress.tls.source=secret \
--set privateCA=true
However, when
importing an existing generic Kubernetes cluster,