07/08/2022, 1:23 PM
Hello, I initially installed Rancher with the "rancher" option for the certificates using helm, I was hoping to change to Lets Encrypt once our security team put the requisite firewall rules in place which they have done. Unfortunately it seems its not as simple as changing the option to "ingress.tls.source=letsEncrypt" in my helm command, that has left me in a state where the cattle-cluster-agent is in a CrashLoopBackoff because it no longer trusts the self signed cert that was not replaced by a Lets Encrypt one. I found instructions for how to do the opposite here in the docs and I assume the process would be similar but I can't seem to find how to fix it now. I would hope I am not the only one who tried this and someone can point me in the right direction?
I also attempted to do a helm rollback, but unfortunatly that also fails with: "Error: no Secret with the name "bootstrap-secret" found" although this secret does exist in the cattle-system namespace
To further complicate things, I have a chart that I deployed via Rancher and after the upgrade to Rancher I updated the chart for this app, if I rollback or restore my Rancher backup is this going to screw up this app? I just want to make sure that since I think the backup would have the metadata for the installed chart thinking it was version X while now it is running Y, upgrading this app was how I eventually discovered that the rancher-cluster-agent was crashing
To "fix" it, I rolled back to the previous version of Rancher, then redeployed the chart again changing back to the Rancher issued certs, followed by recalculating the CA Checksum. I didn't achieve my goal of switching to Lets Encrypt ­čś× , but I guess at least I don't have crashing pods anymore.