https://rancher.com/ logo
Join the conversationJoin Slack
Channels
academy
amazon
arm
azure
cabpr
chinese
ci-cd
danish
deutsch
developer
elemental
epinio
espanol
events
extensions
fleet
français
gcp
general
harvester
harvester-dev
hobbyfarm
hypper
japanese
k3d
k3os
k3s
k3s-contributor
kim
kubernetes
kubewarden
lima
logging
longhorn-dev
longhorn-storage
masterclass
mesos
mexico
nederlands
neuvector-security
office-hours
one-point-x
onlinemeetup
onlinetraining
opni
os
ozt
phillydotnet
portugues
rancher-desktop
rancher-extensions
rancher-setup
rancher-wrangler
random
rfed_ara
rio
rke
rke2
russian
s3gw
service-mesh
storage
submariner
supermicro-sixsq
swarm
terraform-controller
terraform-provider-rancher2
terraform-provider-rke
theranchcast
training-0110
training-0124
training-0131
training-0207
training-0214
training-1220
ukranian
v16-v21-migration
vsphere
windows
Powered by Linen
general
  • n

    narrow-vr-31549

    10/21/2022, 2:20 PM
    Now I know rancher should give me those network policies but it is probably turned off somewhere and I am at a loss where too look. Hopefully somebody here knows what i'm talking about? 🙏
  • n

    narrow-vr-31549

    10/21/2022, 2:23 PM
    On other clusters where it is working (also rke2) when i look at the cluster.yaml I see the annotation:
  • n

    narrow-vr-31549

    10/21/2022, 2:24 PM
    <http://networking.management.cattle.io/enable-network-policy|networking.management.cattle.io/enable-network-policy>: true
    But this one is missing on my problematic cluster's cluster.yaml. But I am unable to edit this yaml. (And i'm not even sure this is the culprit)
  • n

    narrow-vr-31549

    10/21/2022, 2:35 PM
    I think the right question is "How do I enable project network isolation in a RKE2 cluster which is already imported in rancher 2.6.9".
  • n

    narrow-vr-31549

    10/21/2022, 2:42 PM
    w000t! succes! hacky hacky In the
    local
    cluster:
  • n

    narrow-vr-31549

    10/21/2022, 2:42 PM
    And than change the cluster resource in question with:
    spec:
      enableNetworkPolicy: true
  • n

    narrow-vr-31549

    10/21/2022, 2:42 PM
    A button somewhere would be nice though 😉
  • p

    prehistoric-advantage-39331

    10/21/2022, 2:45 PM
    Random question about something I've observed and I wonder if anyone has a solution. After removing the rancher-monitoring chart, I can no longer delete namespaces. They all get caught up on the finalizer for custom.metrics.k8s.io - which makes sense, because this refers to prometheus components that are now gone. In the process of automated cluster creation and deletion, this is a problem when you are using terraform to create the cattle-monitoring-system namespace - it always hangs on removing it later. Has anyone else seen this and found a solution?
  • n

    narrow-rose-64653

    10/21/2022, 3:30 PM
    Has anyone successfully imported EKS Clusters v1.23.0 into Rancher 2.6. I have multiple EKS Clusters running in my AWS Account, which I'm trying to import to Rancher 2.6 (running on another EKS and VPC) but I'm getting
    Waiting for API to be available
    error. I have completed all networking between both clusters, not sure what's happening. Any guidance would be greatly appreciated.
  • b

    billions-garage-37276

    10/21/2022, 3:47 PM
    Hey, we're looking at Rancher to replace one of internally maintained tools for provisioning EKS clusters. Currently the internally maintained tool follows this general workflow: Provision EKS infrastructure > configure essential add-ons so the cluster can function at a basic level (Calico, CoreDNS, Flux) > Flux installs the rest of the add-ons. I'm curious how we could use Rancher to fill the role of that second step (configure essential add-ons so the cluster can function at a basic level). Is there an option to install some basic Kubernetes manifests during cluster provisioning? Or would it make more sense to have Rancher Fleet deploy those and Fleet replaces Flux as well?
  • c

    clean-sundown-64594

    10/21/2022, 6:47 PM
    We ran an upgrade of rancher using
    helm upgrade
    and our downstream cluster failed show up. We accidentally applied the yaml at the import endpoint <https:v3/import/pz54rz4prjpvr6668tfkg5h2zh9m2x2k78dhnrtrwmkpxwrlzmz9cr_c-l5xm7.yaml|v3/import/some_stuff_c-l5xm7.yaml> to the local cluster and now it looks like the local cluster has registered as the downstream cluster… I backed out all of these resources but it still looks to be going on and I can’t get my downstream cluster imported. Any advice?
  • e

    enough-lamp-31931

    10/22/2022, 7:15 AM
    I have an IAM product (not launched yet). we landed on Capstone as a name. what do you think when you hear the name “Capstone”? I wanted to use “Keystone” which makes a lot more sense but it’s already the name of similar project in openstack. your opinion matters a lot. please do share it with me
  • m

    most-sunset-36476

    10/22/2022, 10:01 AM
    hi all, is there a way to add labels to aks nodes ? i am creating my aks cluster with the rancher2 provider and i can't find a way to label nodes. I need to exclude them from the load balancer.
  • g

    great-oyster-72008

    10/23/2022, 1:46 PM
    How do we build rancher agent from source code?
    • 1
    • 1
  • s

    stale-church-65232

    10/23/2022, 10:02 PM
    Hi all, I am running into an issue where the Raspberry Pi cluster I am trying to add to Rancher stays in Pending state. From all my troubleshooting it looks like it may be this issue https://github.com/rancher/rancher/issues/37027 which should be able to rectified by disabling LegacyServiceAccountTokenNoAutoGeneration kube-controller-manager feature gate. Does anyone know where I can disable this?
  • f

    freezing-activity-5466

    10/24/2022, 3:17 AM
    I am looking for some guidance on how to narrow down a memory leak over time in rancher
  • r

    rich-thailand-55018

    10/24/2022, 8:04 AM
    Hi - when I try to open the logs or shell - the window is collapsed to the bottom of the window and I cannot see any obvious way to expand it 😞
  • s

    stale-art-87203

    10/24/2022, 3:59 PM
    Curious if anyone has run into this. We are running rancher v2.5.16 and plan on upgrading our existing k8s clusters to from 1.19x to 1.21+ and are working on upgrading our ingress objects. Each time we try to upgrade an ingress object from networking.k8s.io/vsbeta1 to v1, the execution is successful but rancher seems to be downgrading it to extensions/v1beta1. the objects “ManagedFields” seem to indicate that the “rancher” annotations are of version extensions/v1beta1? How do I go about upgrading these ingress objects? Does rancher need to be upgraded first?
  • b

    brash-monitor-41966

    10/24/2022, 4:04 PM
    I just got RKE cluster installed with RKE too 1.3.15 and the k8 version is 1.24.4. What version of Helm/rancher can i deploy on this cluster?
  • m

    mysterious-hospital-56910

    10/24/2022, 5:49 PM
    I have a stupid question, I searched the answer on Racher Docs without success. I have a plan to deploy a EKS Cluster with Fargate to deploy the Rancher Product to manage the other EKS Clusters on my environment. Is possible to implement the Rancher on Cluster EKS with Fargate? Have some issue about this solution?
  • l

    limited-eye-27484

    10/24/2022, 6:33 PM
    How do I till if the Rancher Monitoring kube-state-metrics install is working properly?
  • b

    billions-garage-37276

    10/24/2022, 7:19 PM
    Is there any way to disable the
    cattle-unauthenticated
    ClusterRole if we don't care to customize the login page?
  • m

    miniature-advantage-78722

    10/24/2022, 9:50 PM
    Every time I provision a RKE1 cluster via Rancher 2.6 on Harvester the DNS is all screwy. I hate to ask here but I can't find anything online to help. When I run anything in kubectl or helm everything resolves to
    52.128.23.153
    and I get
    dial tcp 52.128.23.153:443: connect: connection refused
    as an error. I have configure the coredns system to use the upstream dns servers 8.8.8.8 and 1.1.1.1 but it still won't resolve. The underlying nodes hosting the cluster resolve fine and executing nslookup in busy box via the cluster shows proper DNS lookups. I'm at a loss
    s
    c
    • 3
    • 12
  • l

    limited-eye-27484

    10/24/2022, 11:22 PM
    Hello all, on a default Rancher install on 2.6 with basically default options specified for the Monitoring Helm chart, how do I actually setup kube-state-metrics monitoring for cronjobs?
  • l

    limited-eye-27484

    10/24/2022, 11:22 PM
    I see kube-state-metrics has a bunch of cronjob options you can enable: https://github.com/kubernetes/kube-state-metrics/blob/master/docs/cronjob-metrics.md but when I look at my monitoring config in Rancher, I see no cronjob configs in my Prometheus
  • l

    limited-eye-27484

    10/24/2022, 11:23 PM
    The docs say that “By default, Rancher Monitoring deploys exporters (such as node-exporter and kube-state-metrics).”
  • l

    limited-eye-27484

    10/24/2022, 11:24 PM
    however I can’t find anything related to kube-state-metrics in either the Rancher docs, or the Prom config that Rancher put in place
  • q

    quick-advantage-47244

    10/25/2022, 12:16 AM
    Hello, I'm curious about RKE2's communication architecture, is there any documentation that explains it? If you look at the connection of the kubelet of the worker node (by ss command), it is connected to 127.0.0.1:6443 (rke2 process). Is rke2 acting as LB? I wonder how to find CP nodes, and whether the downstream cluster itself can survive when the rancher servers died.
    c
    • 2
    • 10
  • b

    bright-fireman-42144

    10/25/2022, 1:33 AM
    not production and just messing around but I ran into some rancher-webhook issues and decided to delete the mutatingwebhookconfigurations and others according to this article: https://www.suse.com/support/kb/doc/?id=000020699 Not thinking to maybe check the app catalog for rancher-webhook. I am on 2.6.9, which repo would have the rancher-webhook chart so I can apply it again.
  • w

    worried-rain-56725

    10/25/2022, 8:31 AM
    Hi. I’m trying to create downstream EKS cluster using Rancher terraform provider. For some reason EKS nodes created by Rancher have only default EKS security group even though we provided list of additional security groups. These SGs are present in EKS configuration, but nodes still don’t have them. The strangest thing is that during creating EKS cluster, you can see in node group config that they will use auto-generated SG by Rancher, but after cluster became to Active state, config has been changed and there are now list of security groups we specified. We do not have custom launch template, nodes launched from LT created by Rancher as well. And that LT for some reason contains only the default EKS node group and no instance type specified. I thought it may be issue in 2.6.4 version, but after upgrading to 2.6.9 issue still here (edited)
Powered by Linen
Title
w

worried-rain-56725

10/25/2022, 8:31 AM
Hi. I’m trying to create downstream EKS cluster using Rancher terraform provider. For some reason EKS nodes created by Rancher have only default EKS security group even though we provided list of additional security groups. These SGs are present in EKS configuration, but nodes still don’t have them. The strangest thing is that during creating EKS cluster, you can see in node group config that they will use auto-generated SG by Rancher, but after cluster became to Active state, config has been changed and there are now list of security groups we specified. We do not have custom launch template, nodes launched from LT created by Rancher as well. And that LT for some reason contains only the default EKS node group and no instance type specified. I thought it may be issue in 2.6.4 version, but after upgrading to 2.6.9 issue still here (edited)
View count: 5