From 5d3149aaef5949f9f9ce93a8a89498711c933cba Mon Sep 17 00:00:00 2001 From: Mark Bishop Date: Thu, 8 Nov 2018 13:50:41 -0700 Subject: [PATCH] adding back 5 min note --- .../rancher/v2.x/en/faq/technical/_index.md | 18 ++++++++++++++++++ .../en/installation/ha/helm-init/_index.md | 10 ---------- 2 files changed, 18 insertions(+), 10 deletions(-) diff --git a/content/rancher/v2.x/en/faq/technical/_index.md b/content/rancher/v2.x/en/faq/technical/_index.md index e82d4ac0ce2..2264a8c55f4 100644 --- a/content/rancher/v2.x/en/faq/technical/_index.md +++ b/content/rancher/v2.x/en/faq/technical/_index.md @@ -124,6 +124,24 @@ When the node is removed from the cluster, and the node is cleaned, you can read You can add additional arguments/binds/environment variables via the [Config File]({{< baseurl >}}/rancher/v2.x/en/cluster-provisioning/rke-clusters/options/#config-file) option in Cluster Options. For more information, see the [Extra Args, Extra Binds, and Extra Environment Variables]({{< baseurl >}}/rke/v0.1.x/en/config-options/services/services-extras/) in the RKE documentation or browse the [Example Cluster.ymls]({{< baseurl >}}/rke/v0.1.x/en/example-yamls/). +### How do I check `Common Name` and `Subject Alternative Names` in my server certificate? + +Although technically an entry in `Subject Alternative Names` is required, having the hostname in both `Common Name` and as entry in `Subject Alternative Names` gives you maximum compatibility with older browser/applications. + +Check `Common Name`: + +``` +openssl x509 -noout -subject -in cert.pem +subject= /CN=rancher.my.org +``` + +Check `Subject Alternative Names`: + +``` +openssl x509 -noout -in cert.pem -text | grep DNS + DNS:rancher.my.org +``` + ### Why does it take 5+ minutes for a pod to be rescheduled when a node has failed? This is due to a combination of the following default Kubernetes settings: diff --git a/content/rancher/v2.x/en/installation/ha/helm-init/_index.md b/content/rancher/v2.x/en/installation/ha/helm-init/_index.md index ea51f9ddaea..c0877ab8203 100644 --- a/content/rancher/v2.x/en/installation/ha/helm-init/_index.md +++ b/content/rancher/v2.x/en/installation/ha/helm-init/_index.md @@ -25,22 +25,12 @@ kubectl create clusterrolebinding tiller \ helm init --service-account tiller -<<<<<<< HEAD # Users in China: You will need to specify a specific tiller-image in order to initialize tiller. # The list of tiller image tags are available here: https://dev.aliyun.com/detail.html?spm=5176.1972343.2.18.ErFNgC&repoId=62085. # When initializing tiller, you'll need to pass in --tiller-image helm init --service-account tiller | --tiller-image registry.cn-hangzhou.aliyuncs.com/google_containers/tiller: -======= -# For chinese users -# The latest version of tiller images queries addresses: -# https://dev.aliyun.com/detail.html?spm=5176.1972343.2.18.ErFNgC&repoId=62085 - -helm init --service-account tiller \ - --tiller-image registry.cn-hangzhou.aliyuncs.com/google_containers/tiller: - ->>>>>>> Specify tiller image for chinese users ``` > **Note:** This`tiller`install has full cluster access, which should be acceptable if the cluster is dedicated to Rancher server. Check out the [helm docs](https://docs.helm.sh/using_helm/#role-based-access-control) for restricting `tiller` access to suit your security requirements.