Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] Rancher Serves Fake Cert, Even After Following Rancher Docs To Update Private CA and Cert #45448

Closed
umpaduncdude opened this issue May 12, 2024 · 1 comment
Closed

[BUG] Rancher Serves Fake Cert, Even After Following Rancher Docs To Update Private CA and Cert #45448

umpaduncdude opened this issue May 12, 2024 · 1 comment
Labels
kind/bug Issues that are defects reported by users or that we know have reached a real release

Comments

@umpaduncdude
Copy link

umpaduncdude commented May 12, 2024
edited

Rancher Server Setup

Information about the Cluster

  • Kubernetes version: v1.27.12+rke2r1
  • Cluster Type (Local/Downstream): Local
    • If downstream, what type of cluster? (Custom/Imported or specify provider for Hosted/Infrastructure Provider):

User Information

  • What is the role of the user logged in? (Admin/Cluster Owner/Cluster Member/Project Owner/Project Member/Custom)
    • If custom, define the set of permissions: Admin

Describe the bug
We initially installed Rancher 90 days ago with Rancher's self signed certs. We started getting reports that kubectl commands with Rancher generated kubeconfigs were getting x509 errors. They expired, and we tried following the steps outlined in the docs to update the certs and the CA:
https://ranchermanager.docs.rancher.com/getting-started/installation-and-upgrade/resources/update-rancher-certificate
However, Rancher serves a fake cert even after following steps to update the CA and cert outlined above:
We thought step 3b would work but it just doesn't work. We still get "Kubernetes Ingress Controller Fake Certificate"

To Reproduce
Follow the steps outlined in https://ranchermanager.docs.rancher.com/getting-started/installation-and-upgrade/resources/update-rancher-certificate.
Once you complete step 3b, it didn't work. We even changed every secret manually inside of Rancher that we possibly could and it still didn't work.

Result
Fake Cert: "Kubernetes Ingress Controller Fake Certificate." Downstream clusters report x509 errors ("cert is for ingress.local not rancher.blah.blah").

Expected Result
The real cert installed in tls-rancher-ingress is served.

Screenshots
Fake cert:
image
Downstream cluster:
image (3)
Cert Secrets:
image
@umpaduncdude umpaduncdude added the kind/bug Issues that are defects reported by users or that we know have reached a real release label May 12, 2024
@umpaduncdude umpaduncdude changed the title Rancher Serves Fake Cert, Even After Following Rancher Docs To Update Private CA and Cert [BUG] Rancher Serves Fake Cert, Even After Following Rancher Docs To Update Private CA and Cert May 12, 2024
@umpaduncdude
Copy link
Author

Issue was with ingress config, not rancher

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Issues that are defects reported by users or that we know have reached a real release
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@umpaduncdude