Hello team - we are using rancher

v1.6.30

and am looking at configuring a few

sysctl

params for our docker containers, what is the best way to do this in the legacy rancher? any clues/ideas?

Hello, I m using AWS EKS with Classic Load Balancer, Got this kind of issue for web-socket. I really appreciate any help on this.

websocket: close 1006 (abnormal closure): unexpected EOF

That Websocket error is from rancher containers.

When we need to use these annotation ? I have some issues with web-sockets. When i check proxy server logs, i got "*Error* getting SSL certificate "default/*-tls": local SSL certificate default/*-tls was not found. Using default certificate" and it keeps updating ingress to classic load balancer and got disconnected every 1mins after upgrading rancher version.

annotations:
    <http://field.cattle.io/projectId|field.cattle.io/projectId>: ""

Updating local copy of SSL certificate to classic load balancer every 1 mins. How to troubleshoot these issues ? Nginx-ingress logs: 8 controller.go:177] Configuration changes detected, backend reload required. 8 backend_ssl.go:189] Updating local copy of SSL certificate "cattle-system/tls-rancher-ingress" with missing intermediate CA certs I0830 05:07:32.859819 8 controller.go:195] Backend successfully reloaded.A Any ideas for SSL Uploading every 1 mins ? Many thanks

Using EKS to deploy cluster. I want to increase the max pods. I've ensured that the CNI plugin is enabled but I can't get the launch template to correctly updated to add

--max-pods=110

to the kubelet-extra-args. Anyone know how to make that work? I've tried adding it as user data but it seems to be ignored

Rancher version: 2.6.8
Installation method: Helm
Helm repo: <https://releases.rancher.com/server-charts/stable>

After installing rancher, I tried to bootstrap it, using rancher terraform provider and next tf configuration:

resource "rancher2_bootstrap" "admin" {
  provider         = rancher2.bootstrap
  initial_password = "Password1"
  password         = local.rancher_bootstrap_password
  telemetry        = false
}

For some reason after few minutes, creating of this process fails with the following error log:

│ **Error:** **[ERROR] Updating token: Bad response statusCode [403]. Status [403 Forbidden]. Body: [baseType=error, code=Forbidden, message=<http://settings.management.cattle.io|settings.management.cattle.io> "k8s-version" is forbidden: User "user-bfkj6" cannot get resource "settings" in API group "<http://management.cattle.io|management.cattle.io>" at the cluster scope] from [<https://rancher-internal.foo.bar.com/v3/settings/k8s-version]**>

│

│ with rancher2_bootstrap.admin,

│ on <http://main.tf|main.tf> line 48, in resource "rancher2_bootstrap" "admin":

│ 48: resource "rancher2_bootstrap" "admin" {

That user has GlobalBindingRole to admin role, so it should has access to Setting CRD. Also there are a lot of such error messages in rancher pod:

2022/09/09 09:07:41 [ERROR] Failed to connect to peer <wss://10.0.3.184/v3/connect> [local ID=10.0.1.59]: websocket: bad handshake

I’ve also tried to bootstrap rancher via UI, but after entering bootstrap password the only thing I see is the white screen. Any ideas? (edited)

I have Rancher 2.6.1 running on EKS version 1.20. (Both Server and Production Cluster) I want to upgrade both of these. All nodes in the server cluster are running Amazon Linux, and the downstream cluster nodes are using Ubuntu. For the rancher server cluster I launched it with EKS (eksctl) and did not use a custom AMI. The production cluster I created a launch template with a custom AMI and created the cluster with Rancher console. I am looking for advice on the best way to upgrade. I think I can do the following: • Upgrade Rancher to 2.6.8 (can I go directly or do need to do it in steps?) • Upgrade server cluster to 1.21 and then to 1.22 Using AWS Console Upgrade Downstream Cluster would be a multi stage process. • I have to create a new AMI using the correct base AMI + my customizations.. • Upgrade the cluster using the AWS console to 1.21 • Re-launch all nodes with the matching AMI • Upgrade the Cluster using the AWS console to 1.22 • Re-launch all nodes using the matching AMI Do I have it right?

I have a downstream cluster that I created using rancher console. I recently deleted a node group, but I did it from the AWS Console. Don’t know if it matters, but I also added a node group to that cluster using eksctl instead of rancher. Now that cluster is showing this error: _*InvalidParameterException: You cannot specify an AMI Type other than CUSTOM, when specifying an image id in your launch template. { RespMetadata: { StatusCode: 400, RequestID: “c5a5bfb7-70ae-476f-8548-94858b1aa765” }, ClusterName: “pano-prod”, Message_: “You cannot specify an AMI Type other than CUSTOM, when specifying an image id in your launch template.“, NodegroupName: “pool-pvt” }*_

Hi, I want to install rancher on AWS EKS cluster but with istio setup(ingress/egress). I see installation instructions wants nginx-ingress, which I dont want to use for my use case. Any reference document of setup please

Hi I'm new, I installed rancher on my aws eks cluster, when I tried accessing my ingress load balancer url, its returning 504 gateway timeout, pls can anyone help out. thanks

Has anyone successfully imported EKS Clusters v1.23.0 into Rancher 2.6. I have multiple EKS Clusters running in my AWS Account, which I'm trying to import to Rancher 2.6 (running on another EKS and VPC) but I'm getting

Waiting for API to be available

error. I have completed all networking between both clusters, not sure what's happening. Any guidance would be greatly appreciated.

Hi. I’m trying to create downstream EKS cluster using Rancher terraform provider. For some reason EKS nodes created by Rancher have only default EKS security group even though we provided list of additional security groups. These SGs are present in EKS configuration, but nodes still don’t have them. The strangest thing is that during creating EKS cluster, you can see in node group config that they will use auto-generated SG by Rancher, but after cluster became to Active state, config has been changed and there are now list of security groups we specified. We do not have custom launch template, nodes launched from LT created by Rancher as well. And that LT for some reason contains only the default EKS node group and no instance type specified. I thought it may be issue in 2.6.4 version, but after upgrading to 2.6.9 issue still here

Hi, am deploying Rancher with

ingress.tls.source=secret

and this Secret am creating with openssl pub/pvt keys. Now I want to deploy same from Terraform and planning to either populate pre-created keys in Secret Manager or ACM, which will be fetched during terraform deploy. Any terraform tips pls

Is there any any known way to migrate a downstream cluster from Current Rancher deployment to a new rancher Deployment? I currently have two AWS accounts and have a separate rancher in each one. I would like to create a new rancher in a “central” account, setup VPC peering and have One Rancher to Rule all my clusters.

Hello. What are the IAM permissions that rancher needs in order to import EKS cluster. I am asking only about import. No plans currently to use for creating clusters. So this https://ranchermanager.docs.rancher.com/reference-guides/amazon-eks-permissions/minimum-eks-permissions documentation is about both, but is there such for importing only ?

Hi there! I have an EKS cluster in Rancher that shows 1.22 as the latest available k8s version. What could be the reason I cannot upgrade it to a newer k8s version?

👋 Hello, team!

At my company we are considering using Rancher to deploy our clusters in EKS

I am struggling with one last requirement, upgrade nodegroups one at the time. Is this possible with Rancher?

To add on that I am using Terraform provider, not the UI

Hello, We had an issue today after replacing a managed node group, rancher decided to delete the new node group, and a few more we added manually. Looking at the permissions we've given rancher now I see a lot of uneccesary things, like in our case "eks:DeleteNodegroup" We're not using rancher to provision the clusters, they're created elsewhere and then imported. Do we really need all the permissions listed here? https://ranchermanager.docs.rancher.com/v2.5/reference-guides/amazon-eks-permissions/minimum-eks-permissions

Hello, if i'm right, it is currently impossible to upgrade an EKS cluster from kube 1.22 to kube 1.23: https://github.com/rancher/rancher/issues/40323

I have rancher running in EKS. Rancher 2.6.9, EKS 1.23. I have two downstream clusters both also EKS 1.23. Yesterday one of my downstream clusters became unreachable. Trying to click on it just times out. I have workloads deployed and they are running just fine. The last thing I remember doing was scaling down a nodegroup. Where do I begin to troubleshoot this? @fast-piano-59234 You have given me valuable advice in the past. Perhaps you can assist?

Is there a way to get rancher to provision a kubernetes 1.2.4 cluster on eks?

Hi. Please I need some help on this. Would anyone be kind enough to point me in the right direction. https://rancher-users.slack.com/archives/C3ASABBD1/p1676636834886089

@chilly-toddler-80124 has left the channel

Does anyone have a opinion if you manage an AWS EKS cluster via terraform why you would would pick Generic vs EKS to import the cluster into Rancher? We are building up new EKS clusters via our own terraform and found out that in order to import them via the EKS method into Rancher requires them to have at least one managed node group. We are exploring that if we import via the Generic method might be a better way to go for us, because it allows us to runs our EKS clusters with only self managed node groups. And since we aren't using Rancher to manage our EKS cluster, we don't need that functionality.

What are the supported configurations for the Cluster Autoscaler with Rancher provisioned EKS clusters? If I already have a Rancher provisioned EKS cluster (provisioned with Terraform), and am following the docs here , am I good to go? The Rancher docs only discuss setting up the cluster autoscaler using a Custom RKE cluster: https://ranchermanager.docs.rancher.com/v2.5/pages-for-subheaders/install-cluster-autoscaler

Hello, we are getting error on the GUI when trying to take snapshots. Tried checking if it was space issue but everything seems to be fine. The snapshots are save at /opt/rke/etcd-snapshots/. Could some one point me in the right direction please ?

Hello, we're having trouble importing an eks cluster. Rancher v2.6.9, eks v1.23. Security credentials/permissions are good since we've already imported other clusters from the same account, using the same user. That user is added to aws-auth configmap as system:masters. status is forever pending. complete status from the yaml below. any ideas on what might be wrong?