https://rancher.com/ logo
Title
a

abundant-hair-58573

01/18/2023, 3:42 PM
Hi, We're running an RKE1 cluster in Rancher 2.6.5 in an air-gapped environment. I need to configure aws as the cloud provider but it turns out we don't have our CA in the kubelet, kube-controller-manager, etc... pods. The CA bundle is on the node itself in /etc/ssl/certs. How do I configure rancher to mount that directory into all of the pods? I found this but I don't think it's quite applicable to our setup
p

purple-translator-99032

01/19/2023, 1:16 PM
Maybe this helps you https://rancher.com/docs/rke/latest/en/config-options/services/services-extras/ I specified extra args for my kube_controller: kube_controller: extra_args: cluster-signing-cert-file: /etc/kubernetes/ssl/kube-ca.pem cluster-signing-key-file: /etc/kubernetes/ssl/kube-ca-key.pem
a

abundant-hair-58573

01/19/2023, 2:47 PM
Awesome thank you. I ended up using extra_binds to mount /etc/ssl/certs into the containers.
extra_binds:
  - '/etc/ssl/certs:/etc/ssl/certs`