Enable CSR signing on an RKE cluster so certificates are issued
This document (000020971) is provided subject to the disclaimer at the end of this document.
Situation
kubectl get csr NAME AGE REQUESTOR CONDITION my-csr 18m admin ApprovedBut you actually expect to see the following:
kubectl get csr NAME AGE REQUESTOR CONDITION my-csr 18m admin Approved,Issued
Resolution
kube-controller-manager:
--cluster-signing-cert-file
and --cluster-signing-key-file
In order to do this from the Rancher UI:
- Go to Cluster Management
- Select the 3-dot menu next to the desired cluster and click Edit Config
- Click the Edit as YAML button
- Under the rancher_kubernetes_engine_config.services section, replace
kube-controller: {}
withkube-controller: extra_args: cluster-signing-cert-file: /etc/kubernetes/ssl/kube-ca.pem cluster-signing-key-file: /etc/kubernetes/ssl/kube-ca-key.pem
- Click the Save button at the bottom of the screen
- Once the cluster finishes reconciling, you should be able to go through the steps again and have the certificate issued
Disclaimer
This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:000020971
- Creation Date: 13-Feb-2023
- Modified Date:17-Feb-2023
-
- SUSE Rancher
For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com