Skip to content

Instantly share code, notes, and snippets.

@clemenko

clemenko/deploy_rancher_with_certs.md

Last active September 16, 2025 04:45
Show Gist options
  • Save clemenko/251a90a28e6a8bbc8be9427480babb3a to your computer and use it in GitHub Desktop.
Save clemenko/251a90a28e6a8bbc8be9427480babb3a to your computer and use it in GitHub Desktop.
Download ZIP
Raw
deploy_rancher_with_certs.md

setting up Rancher with certs - example

Docs : https://ranchermanager.docs.rancher.com/getting-started/installation-and-upgrade/resources/add-tls-secrets

install rke2

curl -sfL https://get.rke2.io |  sh -

set up env

echo "export KUBECONFIG=/etc/rancher/rke2/rke2.yaml PATH=$PATH:/usr/local/bin/:/var/lib/rancher/rke2/bin/" >> ~/.bashrc
source ~/.bashrc

install helm

curl -s https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash

add repos

helm repo add rancher-latest https://releases.rancher.com/server-charts/latest --force-update 
helm repo add jetstack https://charts.jetstack.io --force-update

install cert-manager

helm upgrade -i cert-manager jetstack/cert-manager -n cert-manager --create-namespace --set crds.enabled=true

add secrets

kubectl create ns cattle-system

kubectl -n cattle-system create secret tls tls-rancher-ingress --cert=/root/star.rfed.io.cert --key=/root/star.rfed.io.key

kubectl -n cattle-system create secret generic tls-ca --from-file=/root/cacerts.pem

install rancher with tls certs

helm upgrade -i rancher rancher-latest/rancher -n cattle-system --create-namespace --set hostname=rancher.rfed.io --set bootstrapPassword=bootStrapAllTheThings --set replicas=1 --set ingress.tls.source=secret --set ingress.tls.secretName=tls-rancher-ingress --set privateCA=true
@clemenko
Copy link
Author

oh cool. Did you blank out he server name in the command curl -fL https:///system-agent-install.sh | sudo sh -s - --server https:// --label 'cattle.io/os=linux' --token --ca-checksum --etcd --controlplane or was it kike that from the system?

@clemenko
Copy link
Author

Also what kind of cluster are you adding? I am running "Import Existing" and it gives me the following curl. Notice the full url.

Screenshot 2025-09-15 at 1 15 01 PM

Similar with create.

Screenshot 2025-09-15 at 1 16 51 PM

@ShubhamDesai17
Copy link

I have create custom cluster using rancher UI
and try to run registration command on each of the node by defining the role as controlplane, etcd or worker
my command is as shown in 2nd screenshot

@clemenko
Copy link
Author

Can you confirm that A. command has a server address in it like "rancher.rfed.io" in mine. And B. That the nodes have 443/6443 access to the Rancher server?

@ShubhamDesai17
Copy link

yes, command has server address and also have 443/6443 access
I troubleshoot little and think this is problem related to token validation or authontication

@clemenko
Copy link
Author

Is there a script output from the node itself?

@ShubhamDesai17
Copy link

i saw rancher script to register a new node (system-agent-install.sh)
I stuck at connecting to https:///v3/connect/register

when manually try to curl this url, I get 401 Authontication error

@clemenko
Copy link
Author

Are you able to join the Rancher Users Slack https://slack.rancher.io/ ? That would be a better place to post logs and other conversations.

@ShubhamDesai17
Copy link

sure, Thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment