I installed

seq

(visualized logs) via helm chart. Before deploying the chart though i deployed PVC and PV manually using kubectl CLI. The POD is not coming up. How can i resolve this?

Screenshot 2023-05-19 at 3.46.11 PM.png

I am using NFS storage by the way

Anybody else have issues with AD LDAP authentication in Rancher 2.5? It works, until you log out - then it fails - and you have to set it all up again, etc.

Hi, I get this error when rancher-desktop launch kubernetes and after several minutes I'm unable to use the cluster:

2023-05-20T07:25:22.373Z: Error starting lima: Error: self signed certificate in certificate chain
    at TLSSocket.onConnectSecure (node:_tls_wrap:1532:34)
    at TLSSocket.emit (node:events:527:28)
    at TLSSocket._finishInit (node:_tls_wrap:946:8)
    at ssl.onhandshakedone (node:_tls_wrap:727:12) {
  code: 'SELF_SIGNED_CERT_IN_CHAIN'
}

I tried factory reset / kubernetes reset with no luck. I assume it is an issue with something on my host but no idea how to solve it. Any suggestion?

Hi, I've been using the k8s operator for a few months now, however recently got to know about the canonical juju charmed operators (aka juju charms), so I would really appreciate it if anyone would help me understand whether the k8s operator and juju charms are similar? If not, in which aspect are they different.

Anyone noticed that you cannot remove Members when editing a Cluster in Cluster Management ? Currently using v2.7.3

can anyone help me with guidance to setup rancher k3s in our production environment?

Is it possible to create an https ingress on a different port? Like 8443?

Dealing with the way rancher manager acts as a auth proxy to get the argo suite of products working and ran into this: https://gist.github.com/janeczku/b16154194f7f03f772645303af8e9f80 Can anyone tell me where/how I can find the cadata for this:

apiVersion: v1
kind: Secret
metadata:
  name: mycluster-secret
  labels:
    <http://argocd.argoproj.io/secret-type|argocd.argoproj.io/secret-type>: cluster
type: Opaque
stringData:
  name: <http://mycluster.com|mycluster.com>
  server: <https://mycluster.com>
  config: |
    {
      "bearerToken": "<authentication token>",
      "tlsClientConfig": {
        "insecure": false,
        "caData": "<base64 encoded certificate>"
      }
    }

Hi Is there anyone delpoyed k3s on HPC?

Hi, I am experiencing a issue that is my Control Plane node is consuming almost 100% CPU (kube-apiserver). I am using rancher v2.6.9 and I have 3 control plane nodes, two is running on around 300% kube-apiserver CPU. any suggestion? or anyone got similar issues?

Screenshot 2023-05-22 at 10.55.38.png

anyone has solution for centralized logging solution -- rancher and Elastic search ??

After installing RKE2 (

rke2 version v1.25.9+rke2r1 (842d05e64bcbf78552f1db0b32700b8faea403a0)

there are unnecessary open ports exposed outside of the node, specifically these:

983002/kube-apiserv

on

0.0.0.0:6443

1000/systemd-resolv

on

0.0.0.0:5355

982742/kubelet

on

0.0.0.0:10250

985099/calico-node

on

0.0.0.0:9091

After disabling IPV6, they are still listening on 0.0.0.0. Can't seem to find a configuration option to lock down these services to the internal network only. Any ideas?

when i try to join a rke2 worker to the cluster using the registration command in rancher, it seems to install everything, but fail on this error in syslog level=error msg="failed to get CA certs: Get \"https://127.0.0.1:6444/cacerts\": EOF" now, if i edit /etc/rancher/rke2/config.yaml.d/50-rancher.yaml and replace the ipv6 address of one server there, with the loadbalancer's address for the supervisor service, and reboot the node, it joins and seems happy. but the original ip address of one server is restored to that file. is this single server ip in /etc/rancher/rke2/config.yaml.d/50-rancher.yaml expected ? is it possible to inform rancher of the loadbalancer ip somewhere ? https://docs.rke2.io/install/ha/ do describe the need for a fixed registration address, but not where you would put that in the rancher gui when creating the cluster. I do not think it is the authorized endpoint address?

Whats going on with mirrored monitoring charts? https://github.com/rancher/charts/tree/release-v2.7 According to the docs 101 is for Rancher 2.7 and 102 would be for 2.8 i guess. But now the old

101.0.0+up40.1.2

is no longer available and has been replaced by

102.0.0+up40.1.2

which would be for Rancher 2.8 which doesn't even exist?

Hi Team How do I enable Project Network Isolation for RKE2(imported existing cluster) in Rancher.

Hi Everyone! I have some questions regarding the rancher monitoring helm chart. I've set this up with the thanos sidecar running and grafana as an interface. Is it possible to set up the thanos querier/store within the same helm chart? If not, what would be the best practice of setting up the thanos querier to work with the rancher monitoring setup.

I'm running a local cluster with k3d and I am having a hard time understanding how my Docker pull rate from an unauthenticated account is being using. I am signed in to Docker Desktop and I have registries with auth setup in my k3d-config.

kind: Simple
apiVersion: <http://k3d.io/v1alpha4|k3d.io/v1alpha4>
metadata:
  name: k3s-default
servers: 1
agents: 3
image: rancher/k3s:v1.24.8-k3s1
...
registries:
  create:
    name: registry.localhost
    hostPort: "8000"
  config: |
    mirrors:
      <http://docker.io|docker.io>:
        endpoint:
        - "<http://host.k3d.internal:6000>"
    configs:
      <http://docker.io|docker.io>:
        auth:
          username: <USER>
          password: <PASSWORD>

I am trying to find a way to register/import a K3S cluster into rancher without using the UI. I tried using rancher CLI without any luck. Anyone having some hints on how to achieve this?

Hello All , I am struggling from last 15 days to add the other k8s cluster to my rancher node .Basically i have installed rancher 2.7 using helm charts and cert-manager with self signed certificate in rancher . But when i am trying to add the new cluster inside the rancher it says certificate chain is not completed .Can anyone please help me to set it up .

👋 Hi everyone!

I had some issues with gpu support for k3s. I installed all nvidia drivers and nvidia-container-runtime and add the /var/lib/rancher/k3s/agent/etc/containerd/config.toml.tmpl but still it seems to not work

Interesting thing is that it works if you install the containerd in the system beforehand and you can run gpu jobs on the node. Any idea on what I might have been overlooking?

~Hi, we are trying to upgrade an HA cluster of k3s from 1.21.4 to 1.22.17 we are doing it in a "custom" way following your guidelines manually updating an airgapped environment. We do it as follows in a 3 master node cluster: 1. For each of the two nodes which aren't the k3s/etcd leader we:~

Hi, we are trying to upgrade an HA cluster of k3s from 1.21.4 to 1.22.17 we are doing it in a "custom" way following your guidelines manually updating an airgapped environment. We do it as follows in a 3 master node cluster: 1. For each of the two nodes which aren't the k3s/etcd leader we in sequential order: a. We replace the airgapped images package and the k3s binary b. restart the k3s service c. validate that all system components are ready 2. After the above steps finish for each of the 2 nodes. we perform the same step for the leader node. We notice that after restarting the leader node, etcd deletes the two non leader members from the etcd cluster and the only way to resolve the issue is to manually go to each of the nodes and restart the k3s service to trigger a rejoining to cluster. We would like to find a way to avoid needed to restart the 2 non leader nodes again. Could you think of a way we could achieve that?

Hi Team, I am using rancher monitor and in that grafana using 9.1.5 tag and that image contain high vulnerability and I need to upgrade a grafana with latest tag 9.3.6 Kindly help me some one how I can upgrade that in rancher monitoring

just in general what is the best order to do the inplace cluster upgrade (im looking to do 1.24.13 to 1.25.9) OS -> rke2 -> rancher or OS -> rancher -> rke2 ? also i cant seem to find the documentation anymore as to what needs to be done on the cluster before upgrading to 1.25.x is possible, anyone have it? 🙂 Thanks

Greetings, I have a few questions about Rancher/Kubernetes/upgrade. First, we have a Rancher cluster here consisting of 3 servers and an imported RKE cluster consisting of 9 machines. Those machines were installed some time ago with CentOS 7.9 as operating system running Rancher 2.6.2 and Kubernetes 1.21. Access to the Rancher web ui was configured to be done via AD credentials (local logins were also available). Now, the OS on the servers has been upgraded to Rocky Linux 8.7 and suddenly the AD logins don’t work anymore and also login with local credentials is not possible. In the logs of the nginX containers I see connection attempts but they time out. 1. Is it possible that the OS upgrade broke things for Rancher and if yes, how would one proceed in order to regain access again to the cluster? 2. How could/should one perform an upgrade of Rancher to the latest available stable version? Not sure how this has been installed here as there’s no documentation available here. 3. Which tools need to be installed on the Rancher cluster and the RKE cluster to perform the upgrade.