Enable CSR signing on an RKE cluster so certificates are issued

This document (000020971) is provided subject to the disclaimer at the end of this document.


When creating a private key, a CertificateSigningRequest, and approving the CSR. You may notice in the output that the CSR is Approved but not Issued. For example, you may see the following:
kubectl get csr
my-csr                18m   admin       Approved
But you actually expect to see the following:
kubectl get csr
my-csr                18m   admin       Approved,Issued



In an RKE cluster, you will need to provide the following flags for the kube-controller-manager: --cluster-signing-cert-file and --cluster-signing-key-file

In order to do this from the Rancher UI:
  1. Go to Cluster Management
  2. Select the 3-dot menu next to the desired cluster and click Edit Config
  3. Click the Edit as YAML button
  4. Under the rancher_kubernetes_engine_config.services section, replace
    kube-controller: {}
        cluster-signing-cert-file: /etc/kubernetes/ssl/kube-ca.pem
        cluster-signing-key-file: /etc/kubernetes/ssl/kube-ca-key.pem

  5. Click the Save button at the bottom of the screen
  6. Once the cluster finishes reconciling, you should be able to go through the steps again and have the certificate issued
If this is on a cluster managed using rke up, you will have to put these values in the cluster.yml file and run rke up


This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:000020971
  • Creation Date: 13-Feb-2023
  • Modified Date:17-Feb-2023
    • SUSE Rancher

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

Join Our Community

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.

SUSE Customer Support Quick Reference Guide SUSE Technical Support Handbook Update Advisories
Support FAQ

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.

Go to Customer Center