rancher-cron icon indicating copy to clipboard operation
rancher-cron copied to clipboard

Published 20 hours ago verified publisher icon SocialEngine

Support Self-Signed SSL

Open djcenox opened this issue 8 years ago • 4 comments

If you use self-signed SSL to use rancher throught SSL, you get certification authority error when rancher-cron try to reach metadata. It should add ca.crt from /var/lib/rancher/etc/ssl/ca.crt same used by rancher agent itself.

djcenox avatar Nov 04 '16 11:11 djcenox

Do you mean this? I would imagine you still need to add cert yourself via a volume.

smazurov avatar Nov 05 '16 02:11 smazurov

Yes, you have to add the CA on that path. I guess the agent would load that path automatically and run update-ca-certs to add ca inside OS boundle. Anyway the cron isn't aware of that. I guess you could add an entrypoint to update certificates before running CMD.

djcenox avatar Nov 07 '16 08:11 djcenox

I think this is the line that add CA.crt to agent here. Running as --privileged can get that crt easily.

djcenox avatar Nov 07 '16 13:11 djcenox

Ok. To summarize, we should pass an env var, that if present, loads those options into the client init.

Then, add to readme instructions on how to create a volume and set that env var in case of self-signed cert.

I don't currently have time to work on this, but PRs are welcome. It should be a relatively straightforward change.

smazurov avatar Nov 08 '16 01:11 smazurov