it seems the certificate is got somehow messed up? The clusters seems to work well (all pods running, no errors in diagnostics)

but whenever I try to get to the pods it gives errors

SORRY I just noticed there is a special channel for desktop

update on setting up rancher single node on a OpenSUSE VM on harvester (home lab)... unable to retrieve images to deploy an RKE2 cluster on harvester. I thought it was a connectivity issue but I have ensured that both harvester's mgmt/VIP and the OpenSUSE/rancher are in the same VLAN and there is indeed some sort of connectivity between the two but I cannot see .img's pre-staged on harvester and am also getting a "clusters.management.cattle.io "v1" not found" error in Rancher. Any ideas of where to begin troubleshooting?

When looking at the gitrepo it would appear as though the targetCustomization isn't working properly. The web UI view suggests there are resources created for the wrong environments via the clusterSelector. I've checked the master cluster for these additional resources that shouldn't be there and I can confirm they weren't created. I can also confirm that from a helm perspective all seems to be working properly. When retrieving the values file from the helm bundle i get back only the values meant for the TEST environment.

Hi everybody! Is Harvester v1.1.0 expected to be released tomorrow or will there be a delay? No rush or anything! I'm about to setup a 60 node harvester cluster and wanted to hold off until v1.1.0 for GPU pass through and storage tiering

Hi everyone! Trying to set up rancher on Windows and I get active check error..anyone can help me on this ?

Hi! I'm looking for information how Rancher stores information about changes done to deployments via UI (e.g. modifications of resources limits) We have an app installed under Rancher 2.4 and someone did some manual changes a while ago without leaving a trace what exactly was changed. Is there any way to browse the Rancher's CRDs and find what changes were done via Rancher UI? I don't see anything in AppRevision objects, nor in App objects.

Hi, I want to install rancher on AWS EKS cluster running istio setup(ingress/egress). I see installation instructions wants nginx-ingress, which I dont want to use for my use case. Any reference document of setup please

I have a rancher node template defined that uses amazonec2_config, which I assume triggers docker-machine amazonec2 driver to execute, which provisions a new ec2 instance and installs docker when provisioning an AMI. The node template passes userdata as an argument. At what point during the provisioning process is the content passed in userdata executed? Is it before or after docker is installed? I'm asking because I want to pass some additional docker configuration information in (registry mirror, ulimits and other properties) that get setup with content passed with userdata.

I am running rancher 2.6.8. In the Cluster>Nodes view there is a Filter box. However, that does not seem to work for anything but the ip address of the hosts. I would love to be able to filter by node group. Is there a way to do that?

anyone have a good and fairly up to date single box harvester with rancher VM tutorial to then integrate rancher and harvester so I can create a cluster on that box. Completely not best practice, it's a lab. Running into so many issues with the rancher docker container restarting on Leap 15.4 and when I can keep it running I am having the images field for creating a cluster not displaying anything (I have .img files on harvester).

I am stuck on a networking problem in setting up Rancher in HA mode and would appreciate any advise on how to solve the issue. What I am trying to active is to not expose the Rancher cluster nodes by putting them on a different subnet behind a load balancer.

Load Balancer  VM IPs - 10.155.156.40 and 172.16.1.10
3 Rancher cluster nodes IPs - 172.16.11/16, 172.16.1.12/16 172.16.1.13/16
These VMs are on a physical server on which I have created two IPs on the same interface - 10.255.156.85/24 and 172.16.1.2/16
Gateway: 10.255.156.1

I am able to ing between the host and each VM. I am also able to ping between LB and the Rancher VMs. I am unable to curl the RKE2 download

curl -sfL <https://get.rke2.io> | sudo sh -

. from the Rancher VMs. Basically curl fails even on google.com and 8.8.8.8. Curl does work from the LB VM.

I am able to ping google from the rancher VMs, but it shows

ping <http://google.com|google.com>
PING <http://google.com|google.com> (142.250.189.238) 56(84) bytes of data.
From 172.16.1.2 (172.16.1.2) icmp_seq=1 Redirect Host(New nexthop: 1.156.255.10 (1.156.255.10))

Hi All, anyone facing this issue with Rancher 2.5.6? “Cluster health check failed: Failed to communicate with API server during namespace check: Get “https://10.43.0.1:443/api/v1/namespaces/kube-system?timeout=45s”: context deadline exceeded”

Hi I have a question, I'm running an EKS cluster within rancher with 7 nodes attached and a lot of cronjobs running. I noticed the pod capacity is always over 100% as seen in the image below. When looking through all pods I can see there are a lot of pods with

errored

or

completed

status from past jobs. The last 3 jobs from the crons will be saved along with the failed ones. Is there a way to filter these out on the cluster overview to actually see how many running pods there are in the cluster?

Hello all. I'm trying to use Rancher to install Helm Chart Repos on a connected cluster where the master nodes on that cluster must use a proxy for internet based request. The Helm chart repo times out trying to download the

index.yaml

. I've added my proxy config to

/etc/default/k3s

but that does not seem to affect the Helm Chart install from Rancher. Any idea what I am missing here or where to configure my proxy for this use case? FWIW, I can install the same repo locally on my Rancher cluster but those nodes do not require the use of a proxy for internet request.

@fast-garage-66093 I noted https://github.com/rancher-sandbox/rancher-desktop/issues/3201 (I ping you as I have struggled to route to the LB VIP as well, but maybe my problem is different) have you found a workaround?

(I am using RD 1.6.0 on MacOS (M1))

Hi, I have Rancher setup without port forwarding and no Kubernetes. Just using it with WSL and dockerd. However noticed Rancher been issuing "netsh interface portproxy add v6tov6 listenport=8080 listenaddress=:: connectport=8080 connectaddress=.....". Is there a way to stop/block it?

After building the rancher image from the source code, when I run the docker image and tried to create a RKE2/K3s cluster, I got the following error “No version info found in KDM”, Any reference to the solution, or why I get this error. Anyone can help me please ?

Hello！ I just meet a strange thing that I deploy an istio on rke2 based k8s, but the istiod always logs

warn    serverca        Authentication failed for 10.42.3.41:55132: Authenticator ClientCertAuthenticator at index 0 got error: no verified chain is found. Authenticator KubeJWTAuthenticator at index 1 got error: failed to validate the JWT from cluster "Kubernetes": the service account authentication returns an error: [invalid bearer token, token audiences ["<https://kubernetes.default.svc.cluster.local>" "rke2"] is invalid for the target audiences ["istio-ca"]].
2022-10-19T03:09:50.279840Z     warn    serverca        Authentication failed for 10.42.4.42:41496: Authenticator ClientCertAuthenticator at index 0 got error: no verified chain is found. Authenticator KubeJWTAuthenticator at index 1 got error: failed to validate the JWT from cluster "Kubernetes": the service account authentication returns an error: [invalid bearer token, token audiences ["<https://kubernetes.default.svc.cluster.local>" "rke2"] is invalid for the target audiences ["istio-ca"]].
2022-10-19T03:09:50.285617Z     warn    serverca        Authentication failed for 10.42.4.46:50152: Authenticator ClientCertAuthenticator at index 0 got error: no verified chain is found. Authenticator KubeJWTAuthenticator at index 1 got error: failed to validate the JWT from cluster "Kubernetes": the service account authentication returns an error: [invalid bearer token, token audiences ["<https://kubernetes.default.svc.cluster.local>" "rke2"] is invalid for the target audiences ["istio-ca"]].

I google it first and it seems related with init cmd of kube-api? I'm confused right now, so has anyone encounter the same thing like me? BTW, my k8s config is

master01   Ready    control-plane,etcd,master   38h   v1.21.4+rke2r2   10.64.1.20    <none>        Ubuntu 20.04.1 LTS   5.15.0-50-generic   <containerd://1.6.2>
master02   Ready    control-plane,etcd,master   25h   v1.21.4+rke2r2   10.64.1.21    <none>        Ubuntu 20.04.1 LTS   5.15.0-50-generic   <containerd://1.6.2>
master03   Ready    control-plane,etcd,master   20h   v1.21.4+rke2r2   10.64.1.22    <none>        Ubuntu 20.04.1 LTS   5.15.0-50-generic   <containerd://1.6.2>
worker01   Ready    <none>                      23h   v1.21.4+rke2r2   10.64.1.23    <none>        Ubuntu 20.04.1 LTS   5.15.0-50-generic   <containerd://1.6.2>
worker02   Ready    <none>                      23h   v1.21.4+rke2r2   10.64.1.24    <none>        Ubuntu 20.04.1 LTS   5.15.0-50-generic   <containerd://1.6.2>
worker03   Ready    <none>                      23h   v1.21.4+rke2r2   10.64.1.25    <none>        Ubuntu 20.04.1 LTS   5.15.0-50-generic   <containerd://1.6.2>

Hi! I noticed you should be able to add extra containerd rumtimes to the config.toml through a configuration file (and the

ExtraRuntimes

setting). Is there any documentation on how it works? And how do you indicate/select an extra runtime as default runtime?

👋 Hello everyone, does k3s supports cosign / sigstore natively to "verify the signature of signed container images"? As of kubernetes 1.25, this feature is native: k8s v1.25 sigstore cosign support - Verify Signed Container Images However for k3s, I only see the support of k3s with connaisseur. Where should I ask this?

Hi I'm new, I installed rancher on my aws eks cluster, when I tried accessing my ingress load balancer url, its returning 504 gateway timeout, pls can anyone help out. thanks

Hi - I am referring Hello World Example | Rancher Desktop Docs- https://docs.rancherdesktop.io/how-to-guides/hello-world-example While running nerdctl build --tag helloworld:v1.0 . nerdctl not working in windows 10 version under WSL2 Getting below error FATA[0000] lstat /sys/fs/cgroup/rancher-desktop/run/nerdctl-tmp.3927403874/input.3456756224/Containerfile: no such fileor directory

Odd issue - Running rancher 2.6.7 with a very large cluster. I have noticed that over time, in a cluster with 15k workloads deploying and undeploying, that one random etcd node will always consume much more memory than others over time, and this node will continue to use more and more memory until restarted. ETCD has periodic auto-compaction, so the size of the DB is not the issue. Is there some sort of cache that can be cleared? It goes away if you restart it, but that shouldn't be the solution.

Hi everyone, I am not new at installing rancher based k8s, i did this for may times before. At my last installation, these error occured. I don't know what this mean. my node is Active but error is "Cluster agent is not connected. rancher v: 2.6.3 k8s v: 1.21.14 Is there anyone who could help?