Channels
academy
amazon
arm
azure
cabpr
chinese
ci-cd
danish
deutsch
developer
elemental
epinio
espanol
events
extensions
fleet
français
gcp
general
harvester
harvester-dev
hobbyfarm
hypper
japanese
k3d
k3os
k3s
k3s-contributor
kim
kubernetes
kubewarden
lima
logging
longhorn-dev
longhorn-storage
masterclass
mesos
mexico
nederlands
neuvector-security
office-hours
one-point-x
onlinemeetup
onlinetraining
opni
os
ozt
phillydotnet
portugues
rancher-desktop
rancher-extensions
rancher-setup
rancher-wrangler
random
rfed_ara
rio
rke
rke2
russian
s3gw
service-mesh
storage
submariner
supermicro-sixsq
swarm
terraform-controller
terraform-provider-rancher2
terraform-provider-rke
theranchcast
training-0110
training-0124
training-0131
training-0207
training-0214
training-1220
ukranian
v16-v21-migration
vsphere
windows
Title
a
abundant-hair-58573
01/18/2023, 3:42 PMHi, We're running an RKE1 cluster in Rancher 2.6.5 in an air-gapped environment. I need to configure aws as the cloud provider but it turns out we don't have our CA in the kubelet, kube-controller-manager, etc... pods. The CA bundle is on the node itself in /etc/ssl/certs. How do I configure rancher to mount that directory into all of the pods? I found this but I don't think it's quite applicable to our setup
p
purple-translator-99032
01/19/2023, 1:16 PMMaybe this helps you https://rancher.com/docs/rke/latest/en/config-options/services/services-extras/
I specified extra args for my kube_controller:
kube_controller:
extra_args:
cluster-signing-cert-file: /etc/kubernetes/ssl/kube-ca.pem
cluster-signing-key-file: /etc/kubernetes/ssl/kube-ca-key.pem
a
abundant-hair-58573
01/19/2023, 2:47 PMAwesome thank you. I ended up using extra_binds to mount /etc/ssl/certs into the containers.
extra_binds:
- '/etc/ssl/certs:/etc/ssl/certs`