Hi What does red "Active" for one of the worker nodes.

image.png

hi, had wsl installed first and tried installing rancher but gave me this error tried everything from removing wsl and rancher and reinstalling but getting the same error

hmmm... little spooked, as it looks like Rancher took down my production Kubernetes cluster tonight 😨 briefly

Hi, I am new to the field of running k8s on premise. Our proof of concept was an rke2 cluster on proxmox VMs with ceph and it worked well. Today I discovered Harvester and I am interested in using Rancher and Harvester to run my k8s clusters. Would you suggest Harvester, Longhorn and Rancher for new k8s users for production use? I am a little afraid of the complexity.

We are using rancher V2.7.1. When we create Namespaces both default limitrange and resourcequota are auto generated at namespace level. We do not want this. We want to manage resourcequota and limitrange through kyverno. So How to disable the auto generated limitrange and resourcequota?

Hello everyone, our client backups their VMs and want to exclude some folders which are not necessary for the boot of Rancher. Something like images which can be pulled again, logs or cache files. Has anyone done something like this before or have info, articles, etc? I didn't find this case of "classic backups" in the documentation and search engines are no help either. Thank you in advance 🙂

Does anyone know how the merging of cloudconfigs works when using the harvester node driver? I would like to use a predefined one from harvester which is an option when i create a harvester cluster trough the ui, but if i do that, the custom_install.sh rancher install script is not added. 1. Is this possible at all? 2. Can i use or define a cloudconfig file somewhere with the cluster templates?

Has anyone here been able to import an EKS cluster from a different AWS account than where Rancher is running from? I am getting this error

Unauthorized

when trying to migrate rancher i get from the logs :

<http://Binding.management.cattle.io|Binding.management.cattle.io> "c-<CCCC>-fleet-default-owner" is invalid: metadata.finalizers: Forbidden: no new finalizers can be added if the object is being deleted, found new finalizers []string{"<http://controller.cattle.io/mgmt-auth-crtb-controller|controller.cattle.io/mgmt-auth-crtb-controller>"}

```error restoring c-<CCCC>-fleet-default-owner of type <http://management.cattle.io/v3|management.cattle.io/v3>, Resource=clusterroletemplatebindings: restoreResource: err updating resource <http://ClusterRoleTemplateBinding.management.cattle.io|ClusterRoleTemplateBinding.management.cattle.io> "c-<CCCC>-fleet-default-owner" is invalid: metadata.finalizers: Forbidden: no new finalizers can be added if the object is being deleted, found new finalizers []string{"<http://controller.cattle.io/mgmt-auth-crtb-controller|controller.cattle.io/mgmt-auth-crtb-controller>"}]

What can i do? (those clusters in productions)

Greetings, does anyone know a reliable & efficient way of converting so-called "Legacy Apps" to new apps within Rancher, after a jump to a Rancher version post 2.7? Isn't there some one-click button in Rancher, that does that automatically for all apps? Since this is such a hugely breaking change & Legacy Apps are going to be removed, anyway.

Hi everyone, I need some advice on debugging. I get the error

"lost connection to cluster: failed to find Session for client stv-cluster-api"

when trying to Sing into Grafana. Rancher 2.7.3, GKE, Grafana were installed via Monitoring stack.

HI. Does anyone know how to access the legacy "ember" UI in Rancher 2.6?

moving this message. apologies I used the wrong thread

Hi folks. I’ve got a 2.7 deployment and have been banging my head for a while trying to get ldap+shibboleth working. I can easily add myself as an authorized user but any subsequent users fail to fetch principal info. I haven’t found a heck of a lot of meat googling around for the issue. Thoughts? I get a feeling it has to do with lining up shib + ldap’s attributes but I can’t seem to use custom attrs on the shib side (like I had our idm folks expose a field named posixAccountuidNumber but using that just completely breaks shib auth (Invalid saml attributes). I’m trying to key off our employee number instead…

Hello y'all. I have upgraded my kubernetes version with an RKE1 template to kubernetes 1.24 and now none of my Persistent Volume Claims will mount with my pods. We are using azure for our PVCs and I made sure the template has the correct azure service principal to be able to connect. Does anyone have any experience with troubleshooting this? The error looks like this:

Failed Mount 
Unable to attach or mount volumes: unmounted volumes=[data-0], unattached volumes=[ready-files kube-api-access-8jhkt data-0 app-name-tmp cluster-ca broker-certs client-ca-cert kafka-metrics-and-logging]: timed out waiting for the condition

Hi folks, I am running Rancher 2.7.2 and getting "*No API version specified*" error while adding a helm repository. Anyone has faced anything like this? I am entering all required fields including the secret.

Hi all! I am trying to setup a custom node driver so that I can create a cluster using Vultr. This is their driver and it seems to add to Rancher fine, however, when I go to add a Cloud Credential it is not showing up. Am I missing something? I am using Rancher v2.7.4

Hi all, After playing around with helm chart options my ingress now sends all root paths on port 80 in a loop. Turns out the rke2-ingress-nginx-controller on 2 of the worker nodes now defines a service type "loadbalancer" on port 80 which it previously didn't and I can't change it back to "Do not create a Service". Any hints on how to debug this? I removed all applications from the cluster, checked that no other pods are running, but when I try to change the config of the ingress controller on one of the worker nodes from "load balancer" back to "Do not create a service" it ignores it. Any hints on where to look for cluster-wide ingress controller configurations or settings or figure out which app/workload used or set it? Rancher v2.7.2

Is there a programmatic approach of create Projects, namespace for it and then adding some permission on top? I have an edge-case (maybe) where our Rancher manages 35+ Edge clusters which are all deployed identically (same apps, namespaces, permissions etc) using Fleet. Whenever we provision a new cluster we want this "default config" to be automatically applied as soon as it's imported into Rancher, this all works fine except for setting up Projects since they seem to be created on the

local

Rancher cluster with randomly-generated cluster-id's using

namespace

resources? Currently we manually create each Project and apply the permissions to them using the UI which is somewhat tedious.

Hi, I have installed Rancher v2.7.4 on a K3S cluster, and I am looking for ways to perform a cluster backup. Please share your suggestions on what's the best way to perform a Rancher Backup and Restore.

hello community🤩 i have a question regarding our rancher v2.6.13 installation in our company. is there any possibility of defining a webhook, which could be triggered to start a new job out of an existing cron-job? if so, then it would be really nice to get information about how to create the webhook, configure it and how to trigger it from outside... really big thanks in advance to everyone of you😊you are all my last hope of solving this issue😅

Hi, I'm a newbie. I have a 3-node cluster running with all core services installed from helm charts. Now I would like to deploy our Node applications to the cluster using Fleet/GitOps. Can someone here point be to examples or best-practices docs that discuss that?

Hi everyone I think I put this in #general but there's also a part of #fleet and #k3s involved in it. Here is a grumpy old man, beginning to desperate on his own mind and the whole Rancher universe. Therefore please apology, for ranting first and then asking for help. But the last couple of weeks, I digged trough fleet, the helm-controller of k3s (which is also part of RKE2, what I'm using here) and some Rancher API stuff to get things working here in a GitOps way. On that way, I strumbled accross some nice features which sometimes haven't been documented at all or their documentation was incomplete (HelmController). Eventually, I had to check the go source to understand the configuration (I'm not a developer). I also stumbled upon features which have been implemented for one use case and have been forgotten for another use case of the same tool (in this case it was Fleet). I saw daunting things in both Rancher API and different CRDs. But what finally blew up my brain was the usage of private CA certificates across all the tools. All the stuff here is TLS secured, and protected by certificates of a private CA. So this is what I have collected so far: • For Rancher Manager, I need to create a

secret

containing the CA certificate as the key

cacerts.pem

• For Fleet, to check out the GitRepo over https, I needed to add the CA certificate as base64 encoded string with the key

caBundle

directly into the `GitRepo`Object • One of those Fleet

GitRepo

contains a Helm installation in that Repos

fleet.yaml

(because HelmController is lacking the feature I need here). To get that helm chart from the internal chart repo, I also need the CA. But this doesn't work with the already existing

caBundle

, I need to add the same CA a second time to my

GitRepo

, that time as a secret reference called

helmSecretName

. That secret needs the key

cacerts

so I can't use the same as for Rancher Manager which needs different key. • I also have

HelmChart

objects from the HelmController. To get the charts here, I have the poorly documented option to use the key

repoCA

which contains the CA not encoded as a literal scalar (I think that's what it is called). After I took a look at the CRD, I also discovered the

repoCAConfigMap

which I wasn't able to find in any documentation. But after reading this go function (https://github.com/k3s-io/helm-controller/blob/master/pkg/controllers/chart/chart.go#L749) I understand this need to be for real a ConfigMap. As far as I understand, I doesn't matter how the key is called, it gets mounted as /ca-files in the container. To wrap it up: I have my very same CA certificate at least for times used in different ways: in two secrets with different keys, inline as a base64 encoded string and either inline as a literal scalar or in a ConfigMap. I understand this are different tools. And maybe also different developers. But I also understand this is all Rancher (or Suse) and we also have already exiting concepts in Kubernetes as

secretKeyRef

and others. Now, finally my question: How should I manage the CA certificate. I'm open for ideas...

we are using rancher 2.7.1. we are unable to any events under "Recent Events" tab. Are there any settings to be enabled to view the recent events at namespace level ? Even with cluster admin privilege are unable to view events

hello community🤩in our company we are working with rancher v2.6.13 and i already created an API key and downloaded the certificate to make sure to be able to send a REST request by java spring to the rachner api successfully. so i would really like to know how i am able to start a new job out of an existing cron-job by a REST request by java spring to the rancher api. i already tried the following URL destination as POST request: rancherUrl + "/cluster/" + clusterName + "/namespace/" + namespace + "/cronjob/" + cronJobName + "?action=run". i'm getting a response but no job is being started. i really hope that someone can help me. you are all my last hope😊thank you very much in advance. best regards

So, I have finally managed to configure a small 3-node (local) cluster with all our services/applications running. (Working on a PoC) Everything is looking awesome, thank you. 🙂 What are people using for LoadBalancing when the cloud infrastructure is not available, and how can this best be mapped to public IP addresses?

btw. I have added ingress config for all the services, but the nodes running the nginx-ingress-controller on port 80 fail to map correctly to them (502 Bad Gateway) I was thinking of having a bare-bone nginx(s) running in front of the cluster with 3 IP addresses as load-balanced backends

Hi we are on rke2 v1.23.6... How doe we upgrade the cluster to rke2 v1.27 without loosing workloads ?