How to create/get etcd certificates with ssh from rancher created kubernetes cluster
I have three questions basically.
- How to create an HA rancher cluster with custom CA.
- How to create kubernetes cluster using the same rancher and custom CA.
- How to get etcd certificated from etc machines to monitor it on Prometheus kubertnetes over SSL.
I tried multiple forums and rancher documentation. I also tried generating certificates from rke.
I have two different problems
- How to use custom certificates
- How to get certificates from ectd to run this
rancher kubectl -n monitoring create secret generic etcd-certs --from-file=/tmp/etcdcerts/kube-etcd.pem --from-file=/tmp/etcdcerts/kube-etcd-key.pem --from-file=/tmp/etcdcerts/kube-ca.pem
Right now I am doing scp on ectd machines to get those certificates after rancher agent runs. I want to create certificates and create a cluster with them.
Similar Questions
1 Answer
You can bring in your own certificates when installing Rancher. See here for more info: https://rancher.com/docs/rancher/v2.x/en/installation/ha/helm-rancher/
When you create a Cluster in Rancher, the certificates are automatically managed for you.
Starting Rancher v2.2.x, Prometheus is integrated into Rancher. You just have to enable it in Settings. After the installation, you can access the etcd metrics by clicking the Grafana icon in the UI on the cluster page.
