creamy-accountant-88363
12/12/2022, 7:46 PMtls-rancher-internal-ca
secret and the /cacerts
endpoint? I have noticed when using Rancher with a private CA, this secret has a "dynamiclistener" Rancher-generated secret, instead of the user provided TLS CA + Key. This can cause an issue if you're using RKE2, since the RKE2 provisioning jobs will check the /cacerts
endpoint, get the invalid CA, and fail. Manually updating the tls-rancher-internal-ca
secret will fix this issue if you're using private CA as a workaround.
Any thoughts? Thanks. FYI I am using Rancher 2.6.8, with the Rancher helm chart.