Reputation: 55
Rancher TLS Certificate Authority
Quick question, in Rancher is it possible to use lets-encrypt to sign the k8s TLS certs (etcd, kub-api, etc). I have a compliance requirement to sign my k8s environment with a valid trusted CA chain?
Upvotes: 3
Views: 755
Answers (1)
Reputation: 13878
Yes, it is actually one of the recommended options for the source of the certificate used for TLS termination at the Rancher server:
Let’s Encrypt: The Let’s Encrypt option also uses cert-manager. However, in this case, cert-manager is combined with a special Issuer for Let’s Encrypt that performs all actions (including request and validation) necessary for getting a Let’s Encrypt issued cert.
In the links below you will find a walkthrough showing how to:
This option uses cert-manager to automatically request and renew Let’s Encrypt certificates. This is a free service that provides you with a valid certificate as Let’s Encrypt is a trusted CA.
Please let me know if that helped.
Upvotes: 1
Related Questions
- How can I resolve “server gave HTTP response to HTTPS client”
- SSL/TLS certificates management in Kubernetes
- rancher rke up errors on etcd host health checks remote error: tls: bad certificate
- How to solve via Rancher a Kubernetes Ingress Controller Fake Certificate error
- Rancher Server v2.x expired certificates
- Rancher - valid for ingress.local
- Kubernetes tls certificate issier not issuing
- Rotate Kubernetes Certificates with Rancher 2.1.7
- Create Issuer for cert-manager for Rancher 2.x launched with docker-compose
- Kubernetes Client Certificate (RKE managed)