kind-activity-54306
09/28/2022, 11:27 AMkubectl
I0928 16:56:20.464234 16761 versioner.go:58] Get "<https://127.0.0.1:6443/version?timeout=5s>": dial tcp 127.0.0.1:6443: connect: connection refused
kubectl controls the Kubernetes cluster manager.
brainy-minister-91634
09/28/2022, 12:10 PMbrainy-minister-91634
09/28/2022, 12:10 PMechoing-ability-7881
09/28/2022, 12:30 PMlittle-smartphone-40189
09/28/2022, 1:18 PMmost-sunset-36476
09/28/2022, 2:08 PMmost-sunset-36476
09/28/2022, 5:07 PMwitty-jelly-95845
09/28/2022, 5:38 PMprehistoric-advantage-39331
09/28/2022, 7:30 PMstale-pillow-58355
09/28/2022, 11:12 PM[INFO] Label: <http://cattle.io/os=linux|cattle.io/os=linux>
[INFO] Role requested: etcd
[INFO] Role requested: controlplane
[INFO] Role requested: worker
[INFO] Using default agent configuration directory /etc/rancher/agent
[INFO] Using default agent var directory /var/lib/rancher/agent
[INFO] Successfully tested Rancher connection
[INFO] Downloading rancher-system-agent binary from <https://rancher.quving.com/assets/rancher-system-agent-amd64>
[INFO] Successfully downloaded the rancher-system-agent binary.
[INFO] Downloading rancher-system-agent-uninstall.sh script from <https://rancher.quving.com/assets/system-agent-uninstall.sh>
[INFO] Successfully downloaded the rancher-system-agent-uninstall.sh script.
[INFO] Generating Cattle ID
curl: (28) Operation timed out after 60000 milliseconds with 0 bytes received
[ERROR] 000 received while downloading Rancher connection information. Sleeping for 5 seconds and trying again
[INFO] Successfully downloaded Rancher connection information
[INFO] systemd: Creating service file
[INFO] Creating environment file /etc/systemd/system/rancher-system-agent.env
[INFO] Enabling rancher-system-agent.service
Created symlink /etc/systemd/system/multi-user.target.wants/rancher-system-agent.service → /etc/systemd/system/rancher-system-agent.service.
[INFO] Starting/restarting rancher-system-agent.service
In rancher the following error is described at the associated cluster.
Configuring bootstrap node(s) custom-0eb66db1c875: waiting for probes: calico, etcd, kube-apiserver, kube-controller-manager, kube-scheduler
-
The cluster is labelled with "Updating" but waiting does not solve this issue.
In the meantime I resetted the server completely a few times without any success.
Anybody else?cold-insurance-76663
09/29/2022, 7:17 AMaverage-dusk-39527
09/29/2022, 12:22 PMlemon-book-30654
09/29/2022, 1:30 PMclean-river-69704
09/29/2022, 2:50 PMancient-energy-15842
09/29/2022, 7:01 PMClusterUnavailable 503
error shortly after starting the 2.6.8 container, going back to 2.6.6 fixes this and it works as usual
Our downstream cluster is running with RKE1, Kubernetes 1.23.10 and Ubuntu 20.04
Any ideas?white-park-86714
09/30/2022, 6:23 AMbig-judge-33880
09/30/2022, 7:59 AMred-hairdresser-3269
09/30/2022, 8:49 AMbest-mouse-86578
09/30/2022, 9:22 AMclever-air-65544
09/30/2022, 4:50 PMbroad-king-3332
09/30/2022, 7:30 PMplain-petabyte-57092
10/02/2022, 2:08 AMquiet-area-89381
10/02/2022, 2:25 AMsalmon-church-19021
10/02/2022, 4:50 PMsalmon-church-19021
10/02/2022, 4:53 PMsalmon-church-19021
10/02/2022, 4:54 PMsalmon-church-19021
10/02/2022, 4:54 PMsticky-microphone-71272
10/03/2022, 5:55 AMhigh-winter-92040
10/03/2022, 8:59 AM<https://portswigger.net/daily-swig/rancher-stored-sensitive-values-in-plaintext-exposed-kubernetes-clusters-to-takeover>
With minimal access privs, one can obtain the cluster token in Rancher versions up to and including 2.5.15 and 2.6.6
An issue was discovered in Rancher versions up to and including 2.5.15 and 2.6.6 where sensitive fields, like passwords, API keys and Rancher's service account token (used to provision clusters), were stored in plaintext directly on Kubernetes objects like Clusters, for example cluster.management.cattle.io. Anyone with read access to those objects in the Kubernetes API could retrieve the plaintext version of those sensitive data.
The exposed credentials are visible in Rancher to authenticated Cluster Owners, Cluster Members, Project Owners, Project Members and User Base on the endpoints:
<https://github.com/advisories/GHSA-g7j7-h4q8-8w2f>
numerous-coat-84186
10/03/2022, 11:17 AM