I'm using rke version 1.0.4 and I'm successfully deploying rancher-managed kubernetes clusters on custom nodes in AWS. I was not using the cloud_provider: aws. Now, I am trying to deploy the clusters with cloud_provider: aws enabled so that I can make use of EBS volumes for persistent volumes.
The EC2 instances are deployed separately using Terraform. When using those custom nodes to deploy a cluster with rke with a cloud_provider set to aws, kubelet fails due to a certificate error. In our environment, a MITM proxy intercepts all internet traffic and therefore a specific CA must be used to validate the certificate to ec2.us-east-1.amazonaws.com. The rancher-provider kubelet image does not trust that certificate. Is there an option to add a custom ca-bundle?
Note that the IAM roles are fine. It all works if I build a manual cluster (non-rancher) using the official RPMs. I believe kubelet looks into /etc/pki by default for a ca-bundle and therefore finds the one that includes my MITM proxy cert.
results: error in docker logs kubelet:
I0609 20:43:31.841214 8058 aws.go:1180] Zone not specified in configuration file; querying AWS metadata service
F0609 20:43:33.365708 8058 server.go:273] failed to run Kubelet: could not init cloud provider "aws": error finding instance i-4324dfsdfdfd432a: "error listing AWS instances: \"RequestError: send request failed\\ncaused by: Post https://ec2.us-east-1.amazonaws.com/: x509: certificate signed by unknown authority\""
Anyone came around this issue in the past?
Thanks,
