It may be the case that you have installed Rancher in a cluster via helm with something like
helm install rancher rancher-latest/rancher \
--namespace=cattle-system \
--set hostname=rancher.storfund.net \
--set replicas=1 \
--set bootstrapPassword=PASSWORD_HERE \
--set auditLog.level=1 \
--version 2.8.3
If you try to configure the OpenLDAP authentication (and maybe other directories) you will be greeted with the not at all helpful message Network Request Failed
` where in the logs you will see that your OpenLDAP server was never contacted. What gives?
Well, the above helm command installs Rancher with a self-signed certificate. And you have to open the developer tools in the browser to see that a wss://
call failed because of the certificate. The solution of course is to use a certificate that your browser considers valid. First we ask helm to give us the configuration values with helm -n cattle-system get values rancher -o yaml > values.yaml
and then we augment values.yaml
with:
ingress:
tls:
source: secret
privateCA: true
It does not have to be a “really” private CA. I did the above with a certificate issued by Let’s Encrypt. The above can be upgraded now with helm -n cattle-system upgrade rancher rancher-latest/rancher -f values.yaml --version 2.8.3
And now we are ready to add our own working certificate with
kubectl -n cattle-system delete secret tls-rancher-ingress
kubectl -n cattle-system create secret tls --key ./key.pem --cert ./cert.pem
Of course, if you are using cert-manager there are other ways to do stuff. See also: