https://rancher.com/ logo
Docs
Join the conversationJoin Slack
Channels
academy
amazon
arm
azure
cabpr
chinese
ci-cd
danish
deutsch
developer
elemental
epinio
espanol
events
extensions
fleet
français
gcp
general
harvester
harvester-dev
hobbyfarm
hypper
japanese
k3d
k3os
k3s
k3s-contributor
kim
kubernetes
kubewarden
lima
logging
longhorn-dev
longhorn-storage
masterclass
mesos
mexico
nederlands
neuvector-security
office-hours
one-point-x
onlinemeetup
onlinetraining
opni
os
ozt
phillydotnet
portugues
rancher-desktop
rancher-extensions
rancher-setup
rancher-wrangler
random
rfed_ara
rio
rke
rke2
russian
s3gw
service-mesh
storage
submariner
supermicro-sixsq
swarm
terraform-controller
terraform-provider-rancher2
terraform-provider-rke
theranchcast
training-0110
training-0124
training-0131
training-0207
training-0214
training-1220
ukranian
v16-v21-migration
vsphere
windows
Powered by Linen
general
  • c

    creamy-crowd-89310

    09/20/2022, 8:39 AM
    yes
  • b

    brash-planet-10109

    09/20/2022, 8:49 AM
    @creamy-crowd-89310 Is there any specific configuration you did for this to work. If not, I will just ask our sec team. That I need my VM private IP must be accessible with 8080 port. Like http://privateIP:8080
  • c

    creamy-crowd-89310

    09/20/2022, 8:51 AM
    I did only: docker run -d --restart=unless-stopped -p 8080:8080 rancher/server:stable
  • c

    creamy-crowd-89310

    09/20/2022, 8:52 AM
    I access to VM via VPN that allows me access to the same network
  • b

    brash-planet-10109

    09/20/2022, 8:58 AM
    Thanks for sharing info I will check with n/w team internally
  • c

    creamy-crowd-89310

    09/20/2022, 9:16 AM
    if you're in the same network you shouldn't have any problems, if you're in different network try use i.e. nginx proxy server that has access to both Ubuntu VM network and your separate internal network
    👍 1
  • b

    brash-planet-10109

    09/20/2022, 9:33 AM
    @creamy-crowd-89310 I'm about to setup a Kubernetes cluster using rancher docker install. I've noted your points. Thank you
  • b

    bitter-tailor-4440

    09/20/2022, 9:57 AM
    Hi All, I m trying to install RKE kubernates for the first time, it gives the cluster deployment is completed, but the nginx pods are not coming up what should i look into to fix it ?.
  • c

    creamy-crowd-89310

    09/20/2022, 10:03 AM
    did you check logs?
  • b

    bitter-tailor-4440

    09/20/2022, 10:07 AM
    MountVolume.SetUp failed for volume "webhook-cert" : secret "ingress-nginx-admission" not found
  • b

    bitter-tailor-4440

    09/20/2022, 10:08 AM
    this what i get when i decribe the pod
  • b

    bitter-tailor-4440

    09/20/2022, 10:09 AM
    I m using latest RKE so didnt install nginx seperatly as per the doc
  • c

    creamy-crowd-89310

    09/20/2022, 10:10 AM
    hmmm I'm not sure but maybe this will point you to solution: https://github.com/kubernetes/ingress-nginx/issues/5932
  • b

    busy-easter-55684

    09/20/2022, 10:36 AM
    why not use rke2?
    b
    • 2
    • 2
  • s

    salmon-carpenter-62625

    09/20/2022, 11:20 AM
    hello, I try deploy rancher monitoring without grafana compoment and I got :(
    Error: template: rancher-monitoring/templates/rancher-monitoring/clusterrole.yaml:116:13: executing "rancher-monitoring/templates/rancher-monitoring/clusterrole.yaml" at <include "call-nested" (list . "grafana" "grafana.fullname")>: error calling include: template: rancher-monitoring/templates/_helpers.tpl:21:4: executing "call-nested" at <include $template (dict "Chart" (dict "Name" (last $subchart)) "Values" $values "Release" $dot.Release "Capabilities" $dot.Capabilities)>: error calling include: template: no template "grafana.fullname" associated with template "gotpl"
    • 1
    • 3
  • b

    better-chef-44669

    09/20/2022, 11:49 AM
    Hello all, We did the RKE upgrade from v.1.21.7 to v1.23.6 and we found some problems. The commands kubectl stopped working. For example: kubectl get nodes. and we have this message E0920 08:47:47.875452 9257 round_tripper.go:61] CancelRequest not implemented by *genericclioptions.CommandHeaderRoundTripper What's happening? What can I do to solve this problem? Thanks.
    • 1
    • 1
  • c

    crooked-cat-21365

    09/20/2022, 1:11 PM
    Setting up a local cluster via Rancher and RKE I have configured rancher-agent on the worker nodes with explicit network options
    --address eno3 --internal-address eno1
    , but apparently this doesn't affect routing. The pods on the worker node still use eno1 for outgoing traffic only, probably because thats the default route on the worker nodes. The dedicated eno3 interface connected to the external gateway is ignored. I wonder if it is possible to configure networking beyond --address and --internal-address on the rancher-agent command line? The whole docker command line to configure my worker nodes looks like this
    docker run -d \
           --privileged \
           --restart=unless-stopped \
           --net=host \
           -v /etc/kubernetes:/etc/kubernetes \
           -v /var/run:/var/run \
           rancher/rancher-agent:v2.6.8 \
           --server <https://rancher01.example.com> \
           --address eno3 \
           --internal-address eno1 \
           --token xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \
           --worker
    Do I have to "struggle" with canal to change routing manually? Every helpful hint is highly appreciated.
  • w

    wooden-planet-93714

    09/20/2022, 2:34 PM
    hello, I have a strange behavior on a 4 node rke1 cluster(
    kubernetesVersion: v1.23.10-rancher1-1
    ) All nodes are the same hardware-wise and software-wise. All were with ubuntu 20.04. I have upgraded 3 of them to 22.04. The problem is there is difference in kubelet behavior. On one node - everything looks fine. But the kubelet does not seem verbose enough (maybe it is normal for v=2 ) all the logs are of the type:
    I0920 14:08:37.253539    3147 container_manager_linux.go:511] "Discovered runtime cgroup name" cgroupName="/system.slice/docker.service"
    The other 2 nodes however had problems after the upgrade. Rancher started to spawn unlimited agent containers bricking the servers due to "too many files opened". I had to remove them from the cluster and add them again and it worked. However now there are those log lines on both nodes:
    E0920 13:42:03.850145    2845 summary_sys_containers.go:83] "Failed to get system container stats" err="failed to get cgroup stats for \"/../docker.service\": failed to get container info for \"/../docker.service\": unknown container \"/../docker.service\"" containerName="/../docker.service
    I see many more orphaned pods cleanup fails also, so I am hesitant to upgrade the last node. Can someone give me a hint as to want to look for to fix the cgroup issue? The systemd options are the same on all 3.
  • n

    nutritious-crayon-45180

    09/20/2022, 6:09 PM
    Rancher Helm installation “--set bootstrapPassword=“rancher”" isn’t working. When we login for the first time, even if we give the bootstrap password set in helm command, it says unauthorized. Did anyone faced this issue?
    l
    • 2
    • 1
  • f

    flaky-shampoo-86024

    09/20/2022, 11:56 PM
    Hi, any terraform code reference to install rancher on eks with ingress
  • b

    busy-country-65143

    09/21/2022, 6:04 AM
    Hi,friends. When deploying apps in Deployments, I add some content edited by YAML. If there are no custom fields under form editing, it seems that YAML will delete this content after saving? How should I do with this?
  • a

    agreeable-oil-87482

    09/21/2022, 7:07 AM
    Did you change the rancher url?
    m
    • 2
    • 1
  • m

    melodic-football-95460

    09/21/2022, 8:15 AM
    I am able to find released version but don't have details of End Of Life and End Of Support for RKE2 https://github.com/rancher/rke2/releases?page=2 . Can someone please help to know EoL/EoS for RKE2 releases
    w
    • 2
    • 3
  • l

    late-vr-98727

    09/21/2022, 9:12 AM
    Hey folks! I have a rk2 based cluster on rancher (v2.6.7). I wanted to enable Authorized Cluster Endpoint , so I did
    localClusterAuthEndpoint: enabled: true
    . And then it did give me kubeconfig with all the master nodes info. But when I use once of the context defined in the kubeconfig. I get the following error
    b
    a
    • 3
    • 28
  • q

    quick-lawyer-7096

    09/21/2022, 9:18 AM
    Really quick question - I have installed Rancher Monitoring into multiple clusters: this is all working fine - except I don't know which cluster is generating the alerts. also if I have dashboard open - how can I tell which cluster it is from?
  • r

    rough-flower-24438

    09/21/2022, 9:32 AM
    Hey there, I recently upgraded my RKE cluster to kubernetes version 1.24.3
  • c

    creamy-crowd-89310

    09/21/2022, 9:35 AM
    Hi @all, does anyone use CRI-o instead of docker ? I'm looking solution to deploy rancher on kubernetes with CRI-o.
  • r

    rough-flower-24438

    09/21/2022, 9:41 AM
    Hey there, I recently upgraded my RKE cluster to kubernetes version 1.24.3. In this cluster i always used the azure cloud provider to use azure disk as a storageclass and this always used to work fine but after this last upgrade it stopped working. It won't attach any existing PVC's too. I get the following error message from the kube-controller-manager 0921 09:38:54.357091 1 event.go:294] "Event occurred" object="default/z" fieldPath="" kind="PersistentVolumeClaim" apiVersion="v1" type="Normal" reason="ExternalProvisioning" message="waiting for a volume to be created, either by external provisioner \"disk.csi.azure.com\" or manually created by system administrator" The secret hasn't expired nor have the any of the other objects change or something.
  • m

    many-iron-73190

    09/21/2022, 10:03 AM
    👋 Hi everyone! I'm quite new in Harvester world, can somebody here give me a clue how can I add storage over iSCSI protocol on harvester node?
    q
    • 2
    • 2
  • c

    cuddly-jordan-17092

    09/21/2022, 11:09 AM
    Hi Team Pen test reported that weak & invalid ssl communication is in use by one k3s server. Literally, i am a very new to this k3's. Could some one point me on how to fix the below issue
    openssl s_client -connect kube1001:6443 2>&1 | grep issuer
    verify error:num=20:unable to get local issuer certificate
    issuer=/CN=k3s-server-ca@1649270763
    
    openssl s_client -connect kube1001:443 2>&1 | grep issuer
    verify error:num=20:unable to get local issuer certificate
    issuer=/CN=k3s-server-ca@1649270763
    
    openssl s_client -connect kube1001:80 2>&1 | grep issuer
    verify error:num=20:unable to get local issuer certificate
    issuer=/CN=k3s-server-ca@1649270763
Powered by Linen
Title
c

cuddly-jordan-17092

09/21/2022, 11:09 AM
Hi Team Pen test reported that weak & invalid ssl communication is in use by one k3s server. Literally, i am a very new to this k3's. Could some one point me on how to fix the below issue
openssl s_client -connect kube1001:6443 2>&1 | grep issuer
verify error:num=20:unable to get local issuer certificate
issuer=/CN=k3s-server-ca@1649270763

openssl s_client -connect kube1001:443 2>&1 | grep issuer
verify error:num=20:unable to get local issuer certificate
issuer=/CN=k3s-server-ca@1649270763

openssl s_client -connect kube1001:80 2>&1 | grep issuer
verify error:num=20:unable to get local issuer certificate
issuer=/CN=k3s-server-ca@1649270763
View count: 13