Skip to content

Add docs for tls-additional #1981

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Add docs for tls-additional #1981

wants to merge 1 commit into from

Conversation

@jakefhyde
Copy link
Contributor

@jakefhyde jakefhyde commented Aug 28, 2025

Fixes #1858

Reminders

  • See the README for more details on how to work with the Rancher docs.

  • Verify if changes pertain to other versions of Rancher. If they do, finalize the edits on one version of the page, then apply the edits to the other versions.

  • If the pull request is dependent on an upcoming release, remember to add a "MERGE ON RELEASE" label and set the proper milestone.

Description

documenting how to configure tls-additional, and what it is used for.

Comments

Would love some feedback on this.

SURE-9870

@jakefhyde jakefhyde requested review from a team and snasovich August 28, 2025 18:38
@moio
Copy link
Contributor

moio commented Oct 23, 2025

@snasovich does this need anything to unblock?

@snasovich
Copy link

snasovich commented Oct 24, 2025

@moio , not that I know of - this just slipped through the cracks.
LGTM at a glance, just need Docs team approval (@btat - please help with that) and we can merge it I think.

@btat btat added the port/community-product Triggers a GitHub action to file a community sync issue for rancher-product-docs. label Oct 24, 2025
LucasSaintarbor
LucasSaintarbor requested changes Oct 24, 2025
View reviewed changes
Copy link
Contributor

@LucasSaintarbor LucasSaintarbor left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jakefhyde Sorry for the late review. Requesting some small changes. May rebase your branch and add these changes to the version docs they apply to i.e. versioned_docs/version-2.12/getting-started/installation-and-upgrade/resources/add-tls-secrets.md, versioned_docs/version-2.11/getting-started/installation-and-upgrade/resources/add-tls-secrets.md, versioned_docs/version-2.10/getting-started/installation-and-upgrade/resources/add-tls-secrets.md, versioned_docs/version-2.9/getting-started/installation-and-upgrade/resources/add-tls-secrets.md. Thanks!

docs/getting-started/installation-and-upgrade/resources/add-tls-secrets.md

## Adding Additional CA Certificates

If you are using a node driver which makes API requests using a different CA than the one configured for Rancher, additional root certificates and certificate chains can be added.
Copy link
Contributor

@LucasSaintarbor LucasSaintarbor Oct 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
If you are using a node driver which makes API requests using a different CA than the one configured for Rancher, additional root certificates and certificate chains can be added.
If you are using a node driver that makes API requests with a different CA than the one configured for Rancher, you can add additional root certificates and certificate chains.

docs/getting-started/installation-and-upgrade/resources/add-tls-secrets.md
Create a unique file ending in `.pem` for each certificate that is required, and use kubectl to create the
`tls-additional` secret in the `cattle-system` namespace.

```
Copy link
Contributor

@LucasSaintarbor LucasSaintarbor Oct 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
```
```console

docs/getting-started/installation-and-upgrade/resources/add-tls-secrets.md
--from-file=cacerts1.pem=cacerts1.pem --from-file=cacerts2.pem=cacerts2.pem
```

These CA root certificates and certificate chains will be mounted into the node driver pod during provisioning.
Copy link
Contributor

@LucasSaintarbor LucasSaintarbor Oct 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
These CA root certificates and certificate chains will be mounted into the node driver pod during provisioning.
Rancher mounts these CA root certificates and certificate chains into the node driver pod during provisioning.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@LucasSaintarbor LucasSaintarbor LucasSaintarbor requested changes

@snasovich snasovich snasovich approved these changes

@btat btat Awaiting requested review from btat btat is a code owner

@pmkovar pmkovar Awaiting requested review from pmkovar pmkovar is a code owner

@sunilarjun sunilarjun Awaiting requested review from sunilarjun sunilarjun is a code owner

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

port/community-product Triggers a GitHub action to file a community sync issue for rancher-product-docs.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Documenting tls-additional

5 participants

@jakefhyde @moio @snasovich @LucasSaintarbor @btat