not on GKE

Hello, may i know which version is stable now ? Everyday i got

2022/08/22 15:41:55 [ERROR] Error during subscribe write tcp 192.68.101.82:80->192.68.101.253:48714: write: broken pipe

3798840e408c4ea71783381ecd2e9af30baad65974 fetch origin 59bb6cc645129c1a89fc54a720a63c0971f5ede4 error: exit status 128, detail: error: RPC failed; HTTP 502 curl 22 The requested URL returned error: 502

fatal: the remote end hung up unexpectedly

, requeuing

2022/08/22 15:26:14 [ERROR] error syncing 'rancher-partner-charts': handler helm-clusterrepo-ensure: git -C /var/lib/rancher-data/local-catalogs/v2/rancher-partner-charts/8f17acdce9bffd6e05a58a3798840e408c4ea71783381ecd2e9af30baad65974 fetch origin 59bb6cc645129c1a89fc54a720a63c0971f5ede4 error: exit status 128, detail: fatal: unable to access '<https://git.rancher.io/partner-charts/>': The requested URL returned error: 502

, requeuing

👋 Hi everyone! Happy to be part of the community!

I upgraded the OS packages on all nodes 1. Cordoned and Drained a node 2. apt update && apt upgrade 3. reboot 4. repeat on next node the last one was rke-node04-prd now this is the node with the least load I would still like to balance the workloads to it edit: all other nodes have a higher cpu usage now because elasticsearch is reindexing

Looking for help with an error I receive when trying to deploy to a cluster with Terraform. I am not a Cluster Owner in Rancher, and have seen this error previously but the only way around it has been to make the user a cluster owner, however the DoD STIG says that no more than one person can be a cluster owner, which I am not that one person. The error I receive is : “Failed to get existing workspaces: secrets is forbidden: User “u-#####” cannot list resource “secrets” in the API group “” in the namespace “default” I am only trying to run a terraform init, and nothing in my scripts goes to the default namespace. Unfortunately, my team is not in control of the cluster or Rancher. The engineers that are, have given me ownership of the project my app will eventually be in. Is there any way to get past this error without making my user a cluster owner? That’s the only thing that has worked in the past.

Aside from the RKE templates add_on field, which looks like you can set raw yaml, is there any way to default add a helm chart for new clusters? For instance for our on premise clusters we are looking at doing metalLB so people can expose services with HA without having to manually deploy a chart and configure after a cluster is created. I'm having trouble finding a way to give users the ability to spin up a cluster with this built in. I do see https://github.com/rancher/rancher/issues/27627 which would be super helpful, but was wondering if anyone had any workarounds in the meantime.

Hello! I am running Rancher 2.6.6 and I'm having trouble running

kubectl exec

using the Rancher generated Kubeconfig. The command results in a blank error message:

Error from server:

. Upon further investigation, it seems that the

exec

command is unable to post to the Rancher proxy for the API server, and it receives a

403 forbidden

response:

POST https://<rancher-url>/k8s/clusters/local/api/v1/namespaces/<namespace>/pods/<pod>/exec?command=sh&container=<container>&stdin=true&stdout=true&tty=true 403 Forbidden in 238 milliseconds

All of our requests are routed through nginx, and we've confirmed that the nginx ingress receives the same 403 error. However, turning on trace logs for the Rancher pods, it appears that the message was never processed in the pod. We've also verified that our RBAC rules are sufficient for executing an

exec

command as all

kubectl auth can-i

prompts return "yes." Please let me know if you have any ideas on troubleshooting this issue. Thank you!

Hi everyone, joined to track any announcements regarding

limactl

being flagged as malware and deleted on macOS, making using any version of Rancher Desktop impossible. Would hate to have my team revert to Docker Desktop for Mac.

Will it? It's already out. https://github.com/rancher/rancher/releases/tag/v2.6.7

Hi, any tutorial or course for rancher

Hi, is there a way to reset pod restart counter. for ex kube-scheduler? delete to the pod didn't help

Hi all, when creating an RKE cluster in Azure through Rancher with an external load balancer (user addon), what takes care of adding nodes to the load balancer backend pool? If it is Rancher itself, what component ? If it is in Kubernetes, what component ?

This is for using an external load balancer together with a user addon deployment Job if i understand it correctly. See here https://github.com/rancher/rke/issues/2759

BTW it would be nice to have more documentation in the Rancher doc for creating an external ingress load balancer.

is there a way to get colored output for krakend ?

Yes, Rancher 2.5.12 supports Kubernetes 1.20 https://www.suse.com/suse-rancher/support-matrix/all-supported-versions/rancher-v2-5-12/

I figured out that the real issue I am facing in my previous post is that not all my worker nodes are added to the load balancer backend pool and this is preventing them from having connectivity and reaching the Rancher server. Once I added the stuck worker nodes to the load balance backend pool manually, all of them got registered. I don't use labels yet so cannot be a label issue. I am wondering which component is responsible for adding nodes to the backend pool. Is it from Rancher itself or in Kubernetes?

is the SUSE Private registy a part of the SUSE Rancher support subscription offering? https://www.suse.com/c/suse-private-registry-harbor/

I tried deploying ingress nginx on gcp wit h this but the external IP still shows pending

helm upgrade --install ingress-nginx ingress-nginx/ingress-nginx \ --namespace ingress-nginx \ --set controller.service.type=LoadBalancer \ --set controller.service.loadBalancerIP=x.x.x.x \ --version 4.2.0 \ --create-namespace \ --set controller.watchIngressWithoutClass=true

any idea?

Howdy! I'm trying to install Rancher into an existing on-prem 1.21 Kubernetes cluster. I followed the getting started document and have cert-manager installed and it seems to successfully generate the certificate. But my Rancher pods go into CrashLoopBackOff only logging this:

p11-kit: couldn't create file: /var/lib/ca-certificates/java-cacerts: Permission denied
p11-kit: couldn't make directory writable: /var/lib/ca-certificates/openssl: Operation not permitted
p11-kit: couldn't make directory writable: /var/lib/ca-certificates/pem: Operation not permitted
/usr/lib/ca-certificates/update.d/99certbundle.run: line 21: /var/lib/ca-certificates/ca-bundle.pem.new: Permission denied

I feel like that might be somehow filesystem related? I can't find any fields in the Helm chart values to change the RunAs user, nor does it look like I'm using any sort of persistent storage, so IDK why the containers would be getting permission denied like that.

is there anyone using encryption-provider-config to provide a custom secrets-encryption for rke2?

Does anyone know a fix for the issue where the logs don’t display in Rancher for particular users? All i have been able to find online is deleting the user and recreating, but i am hoping there is a different solution.

Hi have setup Rancher Dashboard 2.6.2. The cluster am trying to import, executed Curl YAML generated by Rancher dashboard to import existing cluster. I see pod created in imported cluster is in CrashLoopBackOff state. Error : Error from server : Get "https://workernodip:10250/containerLogs/cattle-system/cattle-cluster-agent-5cxxxxxx/cluster-register": remote error: tls internal error

Hi everyone, i'm trying to have rancher 2.6 deploy a kubernetes cluster on openstack and use openstack as the cloud provider. So far i can get rancher to deploy the cluster and if i don't specify any cloud provider the cluster runs fine. However if i specify openstack as the cloud provider the cluster fails and i see the cloud following error for cattle-cluster-agent pod:

Events:
  Type     Reason            Age    From               Message
  ----     ------            ----   ----               -------
  Warning  FailedScheduling  13m    default-scheduler  0/1 nodes are available: 1 node(s) had untolerated taint {<http://node.cloudprovider.kubernetes.io/uninitialized|node.cloudprovider.kubernetes.io/uninitialized>: true}. preemption: 0/1 nodes are available: 1 Preemption is not helpful for scheduling.
  Warning  FailedScheduling  8m40s  default-scheduler  0/1 nodes are available: 1 node(s) had untolerated taint {<http://node.cloudprovider.kubernetes.io/uninitialized|node.cloudprovider.kubernetes.io/uninitialized>: true}. preemption: 0/1 nodes are available: 1 Preemption is not helpful for scheduling.

After the upgrade, the pod does not inherit the limit and requests of ns? what to do with this

Hi all, after install rke, my nginx package on the operating system won't work anymore, as my understand, rke use host port and iptable to fwd package, but is there any way I can keep working with my current nginx or can I create something to with the config of current nginx

Hi everyone, is there any docs could tell us the release schedule of next version? I could get the issues by filtering the milestone with version tags like below, but could NOT tell when they are going to be released. https://github.com/rancher/rancher/issues?q=is%3Aopen+is%3Aissue+milestone%3Av2.6.8