Hi everyone, is it known if Rancher 2.12.4 will be prime-only?

Hello

Hello, I have a custom RKE2 cluster that I created in Rancher UI, and the nodes use private ip. I want to access the cluster using kubectl, but I don’t want the Kubernetes API to go through my main Rancher domain, I want it to use the TLS SAN instead. I’ve already added TLS Alternate Names in Rancher UI using the domain and public IP of the jump server , which is on the same private network as the RKE2 nodes. However, when I copy the kubeconfig from Rancher, the Kubernetes API is still pointed to my main Rancher domain. Is there anything I might be missing, or could someone help me with this?

I upgraded 3 instances of rancher to rancher 2.13.0 yesterday. each instance has about 5 clusters. In one of the instances one downstream cluster got stuck on control-plane upgrading where api-server complained about ipv6 address not matching cidr ipv4 address. I then checked the control planes /etc/rancher/rke2/config.yaml.d/50-rancher.yaml and did see that they had an ipv6 address in node-external-ip and not the ipv4 address of the node. I made a /etc/rancher/rke2/config.yaml.d/99-rancher.yaml where I did override this on the two control plan nodes, rebooted them, and it started working again, and cluster got green again. Now when I check for node-external-ip I see that some but not all etcd nodes in that same cluster also has ipv6 address and not ipv4. This despite that cluster was provisioned with ipv4 only in networking part in Rancher UI. Anyone have any idea why that happened and how to properly fix it? This is an onprem install using vmware provisioning of nodes

Hello, in-line with ingress-nginx depreciation, does Rancher running on EKS support directly exposing it via an NLB or an ALB? If not, to what would you suggest to replace ingress-nginx with?

Hello! Just wanted to know if anyone got a working RKE2 HA Setup with RKE2 shipped Traefik working with Rancher? For me it seems to not work at all. With Ingress-NGINX everything works fine. Any idea or place where I can look for more Info? Is Rancher even working with Traefik out of the box?

Hi All, I am new to Rancher, I have a rancher setup and its running on AKS cluster. I have a local cluster added to rancher and rest all works fine, I am able to do deployments, check my workloads remotely. But the problem is I am seeing these error logs in in Rancher pod in Azure error syncing 'kube-system': handler project-scoped-secret-namespace-handler: error getting project for namespace kube-system: projects.management.cattle.io "p-hckqf" not found, requeuing error syncing 'default': handler project-scoped-secret-namespace-handler: error getting project for namespace default: projects.management.cattle.io "p-9tdhb" not found, requeuing [WARNING] Namespace kube-public references project p-hckqf in namespace c-nr6mq which does not exist Note: the project IDs mention in the above logs belongs to my local cluster's default and kube-system ns. can someone please help me understand, what is wrong here? Thanks in advance. DSK.

Hi, We are deploying our clusters with argocd so I wanted to use Skip creator owner RBAC step if noCreatorRBAC annotation is present by JonCrowther · Pull Request #47259 · rancher/rancher but it looks like the annotation is immutable so I can't add it. How can I tell rancher that my cluster is managed by a serviceAccount ? Is removing the cluster owner and project owner for default/system projects enough for clusters provisionned before rancher v2.10 ?

Hi, would anyone have a clue about my issue with rotating GKE credentials 🙂 https://github.com/rancher/rancher/issues/52555

This message was deleted.

Has anyone created Nutanix cluster from Rancher UI? https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/launch-kubernetes-with[…]provider/nutanix/provision-kubernetes-clusters-in-aos this doc is there but references RKE1 configuration

Hello ! Quick question please on the RKE2 documentation i did read that now linux and windows containers are full supported But can we run windows containers on linux nodes or do we still need windows nodes for windows containers ?

Hello, few days ago we enabled metrics for rke2 nginx ingress. This caused Prometheus to significantly increase memory consumption (24 GB+). It turned out that there is a ServiceMonitor CRD for "rke2-ingress-nginx-controller" and another one for "rancher-monitoring-ingress-controller," which causes all metrics to be scraped twice. Is this expected behavior? Which ServiceMonitor is preferred? How can I disable one of them?

What is the recommended way to reconfigure calico in my RKE2 cluster managed in Rancher? Unlike other helm charts there is a dedicated "Add-on: calico" tab in the cluster config menu. What is the story behind this? Can I ignore it, kick out the rke2-calico helm chart config (2b found in cluster --> More Resources --> HelmChartConfigs), and put in the helm chart config to enable EBPF, for example?

Hello everyone, I'm new here, and started using Rancher just recently. I'd appreciate your help with an issue I've trying to fix for days already: I've setup a gitlab repository with a self-signed certificate, and as expected, I was getting a "SSL certificate problem: self-signed certificate in certificate chain . Will retry after 16m38s" message when trying to register a chart repository from it on my rancher setup (Rancher running on a Docker container). However, adding the ROOT CA of gitlab's server certificate as described here: https://ranchermanager.docs.rancher.com/reference-guides/single-node-rancher-in-docker/advanced-options (using the SSL_CERT_DIR) doesn't fix the problem. I worked directly on shell within rancher's container, but the command update-ca-certificates doesn't provide any feedback, and when trying to do a git clone or 'curl' to the gitlab server I'm still getting the certificate issue. I also tested the same ROOT CA by registering it on a Windows host and I can open the gitlab server there with no issues. Most of the documentation is about using a certificate for rancher's clients to trust it, but I haven't figured out how to enable rancher to trust self-signed gitlab servers. So a few questions: • Any advice on how to diagnose whats going on? • Is there a way to register a root CA on the rancher's image at OS level (not only for rancher)? On the ubuntu host this container is running on the 'update-ca-certificates' command work as expected, and I can access the gitlab server with no problems from there. Thanks again in advance for any advice!

And happy Monday everyone 🙂

Hi everyone. I am trying to restore a rancher on a new cluster using the migration guide. I am stuck at the point where the restore looping with the following error:

ERRO[2025/12/08 13:32:29] Error restoring resource fleet-local of type <http://management.cattle.io/v3|management.cattle.io/v3>, Resource=fleetworkspaces: restoreResource: err creating resource admission webhook "<http://rancher.cattle.io.fleetworkspaces.management.cattle.io|rancher.cattle.io.fleetworkspaces.management.cattle.io>" denied the request: namespace 'fleet-local' already exists
ERRO[2025/12/08 13:32:29] Error restoring cluster-scoped resources [error restoring fleet-local of type <http://management.cattle.io/v3|management.cattle.io/v3>, Resource=fleetworkspaces: restoreResource: err creating resource admission webhook "<http://rancher.cattle.io.fleetworkspaces.management.cattle.io|rancher.cattle.io.fleetworkspaces.management.cattle.io>" denied the request: namespace 'fleet-local' already exists]
ERRO[2025/12/08 13:32:29] error syncing 'pre-migration': handler restore: error restoring cluster-scoped resources, check logs for exact error, requeuing

I have tried to remove the fleet-local namespace by removing the validationwebhookconfig. Apparently, in the restore, the objects are recreated and then it loops with the error above. Is this the correct channel to ask this type of question? if no, please help me find the correct one, if yes, any pointers? 😉

Howdy, fellow Ranchers! 👩‍🌾🧑‍🌾 We're incredibly thrilled to invite y'all to the December Rancher Rodeo tomorrow — our free online workshop focused on all things Kubernetes management with SUSE Rancher rancher employee 🤔What will you learn? 🔹 Kubernetes cluster deployment 🔹 Trusted app delivery with SUSE App Collection 🔹 Troubleshooting with SUSE Observability 🔹 Airgapped installation & Fleet Sign up today to secure your spot 👉 https://more.suse.com/FY26Q1EMEA-EN-SUSE_Rodeo_Dec.html

On rancher-local cluster RKE2 1.32.9 rancher 2.12.4 do I need to define local registry in the UI? or is rancher supposed to use registry listed in

/etc/rancher/rke2/registries.yaml

? it is definitely not using the registries.yaml for rancher images. For RKE2 - it is...

Hey everyone. I've setup k3s with two nodes, one is main and single is agent, with internal network of wireguard. So far so good, pods scheduled on both, almost everything works. But I can't query logs from the second node (k3s-agent), which is very strange. This is from the main node:

$ sudo kubectl exec -it -n default test-pod -- sh
error: Internal error occurred: error sending request: Post "<https://10.0.0.3:10250/exec/default/test-pod/test-pod?command=sh&input=1&output=1&tty=1>": proxy error from 127.0.0.1:6443 while dialing 10.0.0.3:10250, code 502: 502 Bad Gateway
$ sudo curl --cacert /var/lib/rancher/k3s/server/tls/server-ca.crt   --cert /var/lib/rancher/k3s/server/tls/client-kube-apiserver.crt   --key /var/lib/rancher/k3s/server/tls/client-kube-apiserver.key   <https://10.0.0.3:10250/healthz>
ok

$ kubectl describe pod test-pod | grep node
Node:             k3s-node/10.0.0.3

Error from logs

"Unhandled Error" err="apiserver received an error that is not an metav1.Status: &url.Error{Op:\"Get\", URL:\"<https://10.0.0.3:10250/containerLogs/default/test-pod/test-pod>\", Err:(*errors.errorString)(0xc02cb1ef40)}: Get \"<https://10.0.0.3:10250/containerLogs/default/test-pod/test-pod>\": proxy error from 127.0.0.1:6443 while dialing 10.0.0.3:10250, code 502: 502 Bad Gateway"

So network connection seems to be working fine. Both nodes are pingable from each other Any suggestions what can be an issue? I'm out of ideas right now

Hello. Just started with Harvester. Tried installing the latest 1.7-rc5 only to discover that for whatever reason it couldn't establish a network connection in the installer, and attempting to configure networking failed. Went back to 1.6.1 and this install worked successfully for the first node. I note that on the default Harvester screen, that "Status: Setting up Harvester", and it has been like that for hours overnight. Pointing a browser at the Management URL isn't bringing up anything (despite the console screen displaying the management URL) and the IP address is not pingable. Note that this is only a one node cluster at the moment. I have another one that I want to join into the cluster but I think I've hit an early roadblock.

This message was deleted.

Hello everyone. I have migrated my rancher 2.13 from a standalone k3s cluster to a harvester provisioned cluster. I was able to start rancher and have switched DNS. The new cluster now shows up as two distinct entries in the cluster overview within Rancher. The machinedeployment of the new cluster shows up as scaling up with 0 of 3 replicas. The detailed cause of this is:

- lastTransitionTime: "2025-12-09T20:46:31Z"
      message: |-
        * Machines rancher-k3s-pool-rancher-6c2c4-6vn9h, rancher-k3s-pool-rancher-6c2c4-7dt9t, rancher-k3s-pool-rancher-6c2c4-9fpzh:
          * NodeHealthy: ConnectionDown
      observedGeneration: 1
      reason: ReadyUnknown
      status: Unknown
      type: MachinesReady

The machine objects themselves are showing ready.

❯ kubectl get machines
NAME                                   CLUSTER   NODENAME                               PROVIDERID                                         PHASE     AGE   VERSION
rancher-k3s-pool-rancher-6c2c4-6vn9h   rancher   rancher-k3s-pool-rancher-6c2c4-6vn9h   <k3s://rancher-k3s-pool-rancher-6c2c4-6vn9h>         Running   34h
rancher-k3s-pool-rancher-6c2c4-7dt9t   rancher   rancher-k3s-pool-rancher-6c2c4-7dt9t   <k3s://rancher-k3s-pool-rancher-6c2c4-7dt9t>         Running   34h
rancher-k3s-pool-rancher-6c2c4-9fpzh   rancher   rancher-k3s-pool-rancher-6c2c4-9fpzh   <k3s://rancher-k3s-pool-rancher-6c2c4-9fpzh>         Running   34h

The machineset shows 0 ready with the reason:

- lastTransitionTime: "2025-12-09T20:46:34Z"
      message: |-
        * Machines rancher-k3s-pool-rancher-6c2c4-6vn9h, rancher-k3s-pool-rancher-6c2c4-7dt9t, rancher-k3s-pool-rancher-6c2c4-9fpzh:
          * NodeHealthy: ConnectionDown
      observedGeneration: 1
      reason: ReadyUnknown
      status: Unknown
      type: MachinesReady

I need help in the next steps on how to approach this problem. Ultimate goal is having everything up again.

Hey everyone! I’m a full-stack engineer with 5+ years of experience, mainly working with Python frameworks and AI/LLM integrations. I help startups and individual founders turn early ideas into real products—from quick MVPs to full market-ready SaaS platforms. I’ve worked with tools like LangChain, LangGraph, RAG systems, OCR/PDF processing, and a wide mix of frontend and backend frameworks. I also handle cloud setups on AWS, containerized deployments, and integrations with services like Stripe, Twilio, WhatsApp, Slack, and Zoom. Looking forward to working together and staying connected! Thank you.

Probably not the right place to ask this but I'm having a hard time finding a Helm Chart repo to install the vsphere-csi driver. All the ones I'm coming across look suspicious and I cannot figure out how to add the Rancher one here https://github.com/rancher/vsphere-charts. Any tips would be helpful.

For the Rancher/vsphere-charts I tried... https://github.com/rancher/vsphere-charts https://github.com/rancher/vsphere-charts/tree/main/charts/ https://github.com/rancher/vsphere-charts/tree/main/charts/rancher-vsphere-csi I'm getting

is not a valid chart repository or cannot be reached: failed to fetch <https://github.com/rancher/vsphere-charts/tree/main/charts/rancher-vsphere-csi/index.yaml> : 404 Not Found

. I checked and sure enough there is no

index.yaml

in that repo, so how do I install it?

It seems the latest version of Rancher Desktop (v1.21) is causing issues with certs. Any insights on how to resolve or make sure proper certs are installed in lima vm would be appreciated.

After updating to the latest rancher, Longhorn is no longer in the repositories. Was it moved to another area?

Hello Team, Good evening i am trying to install rke2 1.34.2 on my kube clusters that previously had 1.31.4. The issue i am facing is i am able to add any new nodes to the new cluster. IT does not show me any errors just says unable to join and is in activating state. can anyone help me understand