Thanks. I did look at the help. but missed some points

So, if want to do path based routing, pathType has to be Prefix?

Did create an ingress based on path. But getting 404 Path not found from my ngnix conatiner Pod. Someone was saying about annotations when using path based routing on traefik. Any idea?

Hi all. We are running Rancher 2.6.9 and been upgrading our kubernetes clusters to 1.24.x the first cluster we did the upgrade we saw everything being restarted. Most likely due to the docker CRI change. But we saw in the logs the following:

[ERROR] Failed to set up SSH tunneling for host [10.0.10.107]: Can't retrieve Docker Info: error during connect: Get "<http://%2Fvar%2Frun%2Fdocker.sock/v1.24/info>": can not build dialer to [c-p9cqp:m-2bd0a9380d15]
[ERROR] Removing host [10.0.10.107] from node lists

This is very confusing because the server itself was fine. Is there a bug in rancher 2.6.9 or something else that would be causing this?

Hi colleagues, I have issue with my rke-provider (rke1) I try to update my cluster configuration and add new worker as I do it before (via Terraform) but I get this error: Also, in configuration I use: ingress { provider = "none" default_backend = false } and can't find any information on google, maybe someone can help me to solve this issue?

Error: 
│ ============= RKE outputs ==============
│ time="2023-04-23T15:53:55+03:00" level=info msg="[rke_provider] rke cluster changed arguments: map[ingress:true nodes:true services:true]"
│ time="2023-04-23T15:53:55+03:00" level=debug msg="[rke_provider] ingress values old: [map[default_backend:true dns_policy: extra_args:map[] http_port:80 https_port:443 network_mode:hostPort node_selector:map[] options:map[] provider:none]] new: [map[default_backend:false dns_policy: extra_args:map[] http_port:0 https_port:0 network_mode: node_selector:map[] options:map[] provider:none]]"

Hi team,

Rancher desktop is not coming up.. it is stuck with

Waiting for Kubernetes API

for long time

i tried force quitting and opening again but still stuck with waiting for nodes

@worried-family-40446 which version you are using?

Heya 👋 I'm trying to figure out the correct chart & name to deploy rancher-monitoring (and later some other charts) using Fleet but i'm stuck, hoping for some input. The following throws error

no chart name found

defaultNamespace: cattle-monitoring-system
helm:
  chart: rancher-charts/rancher-monitoring
  repo: <https://charts.rancher.io>
  releaseName: rancher-monitoring
  version: 102.0.0+up40.1.2
  namespace: cattle-monitoring-system
  values:
    replicaCount: 1

However if i try an example i found it works fine:

defaultNamespace: rocketchat
helm:
  chart: rocketchat
  repo: <https://rocketchat.github.io/helm-charts>
  releaseName: "rocketchat"
  version: "5.1.2"
  namespace: rocketchat
  values:
    mongodb:
      auth:
        rootPassword: "rootpassword"
        username: "fakeuser"
        password: "fakepassword"

What is the correct chart and repo to use for monitoring..?

Hi all, how do one connect to the k3s single node cluster created on AWS/GCP public cloud VM using VMs public in kubeconfig? (want access it from lense or want to add it argoCD running on different network) Whenever I replace the server from 127.0.0.1 to public IP of VM, it just does not work. (port 6443 is allowed for VM)

Hi All - Is there any solution in available out of the box to clean up Azure AD users in Rancher? I have Azure AD users still listed in Rancher but whose accounts no longer exist. Those accounts cannot be used to login, but their API tokens will still work.

Hi, I'm trying to get a fresh Rancher install running on a local cluster, following this Rancher Academy course. Having successfully installed the Rancher Helm chart, I got to the login webpage and tried using my bootstrap password to log in, but without success (

401

), although this command returned precisely the password I was using in my login attempts:

kubectl get secret --namespace cattle-system bootstrap-secret -o go-template='{{.data.bootstrapPassword|base64decode}}{{"\n"}}'

The login page also claims that

if you pre-set your own bootstrap password, enter it here. Otherwise a random one has been generated for you.

so I tried reinstalling the chart without specifying a password, to see if that would make any difference. Yet now:

$ kubectl get secret --namespace cattle-system bootstrap-secret -o go-template='{{.data.bootstrapPassword|base64decode}}{{ "\n" }}'
Error from server (NotFound): secrets "bootstrap-secret" not found

It looks like no random password generation actually happened. Any ideas about what I'm doing wrong? Happy to create a Github issue if you feel it's relevant. Thanks!

curl -sfL <https://get.k3s.io> | INSTALL_K3S_EXEC="server --disable traefik --tls-san $external_ip" INSTALL_K3S_VERSION=v1.25.8+k3s1 sh -

--tls-san $external_ip" will do the trick. it allows the cluster to be accessed from the external ip of VM

Hi all, we need to monitor rancher it self on Datadog, like status of rancher components, health status of rancher deployment,etc. In general any kind of Metric that Rancher might expose and Datadog agent can process and send to Datadog console, regarding Rancher health status. Thanks!

Hey all, I'm running Rancher 2.6.7 and am trying to upgrade a Rancher provisioned RKE1 bare metal cluster from

1.22.17-rancher1-2

to

1.23.16-rancher2-1

and it's wrecking my nodes, preventing pretty much anything from running on them, including the cluster agent. Since the cluster agent is unable to start, the upgrade is unable to progress and I can't even tell it to roll back or make any other changes. It looks like whatever is responsible for mounting

/etc/hosts

is not doing it correctly, and it's being mounted as a directory instead of a file, causing the error below for any pod that tries to start. I'm not exactly sure how to proceed or work around the issue. I've been trying to figure this out for several days now. If anyone has any ideas it would be greatly appreciated.

E0422 08:11:06.957002 4127378 pod_workers.go:965] "Error syncing pod, skipping" err="failed to \"StartContainer\" for \"cluster-register\" with RunContainerError: \"failed to start container \\\"afd3874c6173e119096d353ed5fea741ce20050d7a2dd5db2c3d8ca5865f9ef1\\\": Error response from daemon: OCI runtime create failed: container_linux.go:370: starting container process caused: process_linux.go:459: container init caused: rootfs_linux.go:59: mounting \\\"/opt/rke/var/lib/kubelet/pods/03663f0d-4ec2-4655-8eae-c39584074230/etc-hosts\\\" to rootfs at \\\"/var/lib/docker/overlay2/5a8743f9f37feac08f36725cca7ccd6ac39926940244ff924cddf0d41bec73a7/merged/etc/hosts\\\" caused: not a directory: unknown: Are you trying to mount a directory onto a file (or vice-versa)? Check if the specified host path exists and is the expected type\"" pod="cattle-system/cattle-cluster-agent-dc659f6fc-482gg" podUID=03663f0d-4ec2-4655-8eae-c39584074230

Question about permissions (or Verbs) in Rancher... Is following same as what's shown here https://github.com/rancher/dashboard/issues/7315: Or should I explicitly define create/delete/get/list etc...? Thanks!

Hi! May I ask what racnher 2.7.3 without any release notes changes?

Hi all, is there a way in the latest version of Rancher to use regular OTP for 2FA?

Another question: once installed the monitoring chart through Rancher, how do I access e.g. Grafana? In the old UI there were direct links using the Rancher proxy

hello all! 🙂 i have an rke2 arhitecture with NGINX inc ingress installed with DaemonSet. For learning purpose i have deployed the Cafe Example and worked well. After, i tried to do Sticky Sessions and it’s not working, no error message, just working without maintaining a session. i defined the annotations for the ingress rule and verified if there is any cookie in the browser. Did anyone hve this struggle or do you have any ideas to make it work?

Hello, I 'm using Chart: Monitoring (100.2.0+up40.1.2) to monitor my RKE2 cluster, but it always OOMKilled in a few days, I already increase prometheus memory to 8G, it still OOM, I did some search it looks can change --storage.tsdb.min-block-duration and --storage.tsdb.max-block-duration to slove it , but I'm not sure how to modify it, do you know how to change it ?

After upgrading from 2.5.17 to 2.6.11 on my Rancher HA cluster, all of my downstream clusters are reporting "Cluster not reporting" agent disconnected. I've logged into the downstream clusters, viewed cluster and cattle agent logs. They show no errors and sit in "starting plan monitoring" state. I've reset the agents, attempted to rejoin the local rancher ha cluster. I do not see any errors in any logs. The local cluster is reachable. Any direction would be appreciated

Why does the helm chart for v2.7.3 require PSP when Kubernetes v1.25 is included in the support matrix?

Error: INSTALLATION FAILED: execution error at (rancher/templates/validate-psp-install.yaml:4:5): The target cluster does not have the PodSecurityPolicy API resource. Please disable PSPs in this chart before proceeding.

@jolly-processor-88759 thanks for the advice on upgrading to 2.6.8, that got some things moving. Unfortunately now I'm running into another issue where nodes aren't provisioning because of a duplicate mount error for kubelet from an extra bind that was accidentally left in the cluster yaml while trying to get things moving before upgrading Rancher:

level=error msg="Remotedialer proxy error" error="Error response from daemon: Duplicate mount point: /opt/rke/var/lib/kubelet"

. I've removed the offending extra bind from the cluster yaml, but no matter what I do the plan the agent receives doesn't seem to change (still includes the new/unwanted bind:

level=info msg="For process kubelet, Binds has changed from

) and the error persists, preventing any progress. How can I force Rancher to send the new plan without this bind to the agents?

is anyone at the rsa conference this year?

Hi All! I'm running into an issue with servicelb. The pods are not coming up and when I look at the logs, I'm getting the following error:

2023-04-25T19:12:18.599777283-07:00 + grep -Eq :
2023-04-25T19:12:18.601544851-07:00 + iptables -t filter -I FORWARD -s 0.0.0.0/0 -p TCP --dport 8686 -j ACCEPT
iptables v1.8.8 (legacy): can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
2023-04-25T19:12:18.614809084-07:00 Perhaps iptables or your kernel needs to be upgraded.

Has anyone else ran into this? I recently upgraded Rancher to 2.7.3 and k3s to v1.25.7 +k3s1

Any reason why I shouldn't deploy i.e. rancher monitoring 100.2.0+up40.1.2 (and CRD) on commandline with helm, using the same values as if I deployed it from the UI?

good day, i have problems with kubelet, it could be the same issue with expired certificates: https://rancher-users.slack.com/files/U04NAQ1VAAY/F054ECKN4FQ/untitled

I don't get it - how the heck do I override the Rancher supplied alertmanager config? I'm deploying my own AlertmanagerConfig but it gets appended to the Rancher config, meaning that the null receiver is there and is active.