rancher-users #general

general

narrow-vr-31549

10/21/2022, 2:20 PM

Now I know rancher should give me those network policies but it is probably turned off somewhere and I am at a loss where too look. Hopefully somebody here knows what i'm talking about? 🙏

narrow-vr-31549

10/21/2022, 2:23 PM

On other clusters where it is working (also rke2) when i look at the cluster.yaml I see the annotation:

narrow-vr-31549

10/21/2022, 2:24 PM

<http://networking.management.cattle.io/enable-network-policy|networking.management.cattle.io/enable-network-policy>: true

But this one is missing on my problematic cluster's cluster.yaml. But I am unable to edit this yaml. (And i'm not even sure this is the culprit)

narrow-vr-31549

10/21/2022, 2:35 PM

I think the right question is "How do I enable project network isolation in a RKE2 cluster which is already imported in rancher 2.6.9".

narrow-vr-31549

10/21/2022, 2:42 PM

w000t! succes! hacky hacky In the

local

cluster:

narrow-vr-31549

10/21/2022, 2:42 PM

And than change the cluster resource in question with:

spec:
  enableNetworkPolicy: true

narrow-vr-31549

10/21/2022, 2:42 PM

A button somewhere would be nice though 😉

prehistoric-advantage-39331

10/21/2022, 2:45 PM

Random question about something I've observed and I wonder if anyone has a solution. After removing the rancher-monitoring chart, I can no longer delete namespaces. They all get caught up on the finalizer for custom.metrics.k8s.io - which makes sense, because this refers to prometheus components that are now gone. In the process of automated cluster creation and deletion, this is a problem when you are using terraform to create the cattle-monitoring-system namespace - it always hangs on removing it later. Has anyone else seen this and found a solution?

narrow-rose-64653

10/21/2022, 3:30 PM

Has anyone successfully imported EKS Clusters v1.23.0 into Rancher 2.6. I have multiple EKS Clusters running in my AWS Account, which I'm trying to import to Rancher 2.6 (running on another EKS and VPC) but I'm getting

Waiting for API to be available

error. I have completed all networking between both clusters, not sure what's happening. Any guidance would be greatly appreciated.

billions-garage-37276

10/21/2022, 3:47 PM

Hey, we're looking at Rancher to replace one of internally maintained tools for provisioning EKS clusters. Currently the internally maintained tool follows this general workflow: Provision EKS infrastructure > configure essential add-ons so the cluster can function at a basic level (Calico, CoreDNS, Flux) > Flux installs the rest of the add-ons. I'm curious how we could use Rancher to fill the role of that second step (configure essential add-ons so the cluster can function at a basic level). Is there an option to install some basic Kubernetes manifests during cluster provisioning? Or would it make more sense to have Rancher Fleet deploy those and Fleet replaces Flux as well?

clean-sundown-64594

10/21/2022, 6:47 PM

We ran an upgrade of rancher using

helm upgrade

and our downstream cluster failed show up. We accidentally applied the yaml at the import endpoint <https:v3/import/pz54rz4prjpvr6668tfkg5h2zh9m2x2k78dhnrtrwmkpxwrlzmz9cr_c-l5xm7.yaml|v3/import/some_stuff_c-l5xm7.yaml> to the local cluster and now it looks like the local cluster has registered as the downstream cluster… I backed out all of these resources but it still looks to be going on and I can’t get my downstream cluster imported. Any advice?

enough-lamp-31931

10/22/2022, 7:15 AM

I have an IAM product (not launched yet). we landed on Capstone as a name. what do you think when you hear the name “Capstone”? I wanted to use “Keystone” which makes a lot more sense but it’s already the name of similar project in openstack. your opinion matters a lot. please do share it with me

most-sunset-36476

10/22/2022, 10:01 AM

hi all, is there a way to add labels to aks nodes ? i am creating my aks cluster with the rancher2 provider and i can't find a way to label nodes. I need to exclude them from the load balancer.

great-oyster-72008

10/23/2022, 1:46 PM

How do we build rancher agent from source code?

stale-church-65232

10/23/2022, 10:02 PM

Hi all, I am running into an issue where the Raspberry Pi cluster I am trying to add to Rancher stays in Pending state. From all my troubleshooting it looks like it may be this issue https://github.com/rancher/rancher/issues/37027 which should be able to rectified by disabling LegacyServiceAccountTokenNoAutoGeneration kube-controller-manager feature gate. Does anyone know where I can disable this?

freezing-activity-5466

10/24/2022, 3:17 AM

I am looking for some guidance on how to narrow down a memory leak over time in rancher

rich-thailand-55018

10/24/2022, 8:04 AM

Hi - when I try to open the logs or shell - the window is collapsed to the bottom of the window and I cannot see any obvious way to expand it 😞

stale-art-87203

10/24/2022, 3:59 PM

Curious if anyone has run into this. We are running rancher v2.5.16 and plan on upgrading our existing k8s clusters to from 1.19x to 1.21+ and are working on upgrading our ingress objects. Each time we try to upgrade an ingress object from networking.k8s.io/vsbeta1 to v1, the execution is successful but rancher seems to be downgrading it to extensions/v1beta1. the objects “ManagedFields” seem to indicate that the “rancher” annotations are of version extensions/v1beta1? How do I go about upgrading these ingress objects? Does rancher need to be upgraded first?

brash-monitor-41966

10/24/2022, 4:04 PM

I just got RKE cluster installed with RKE too 1.3.15 and the k8 version is 1.24.4. What version of Helm/rancher can i deploy on this cluster?

mysterious-hospital-56910

10/24/2022, 5:49 PM

I have a stupid question, I searched the answer on Racher Docs without success. I have a plan to deploy a EKS Cluster with Fargate to deploy the Rancher Product to manage the other EKS Clusters on my environment. Is possible to implement the Rancher on Cluster EKS with Fargate? Have some issue about this solution?

limited-eye-27484

10/24/2022, 6:33 PM

How do I till if the Rancher Monitoring kube-state-metrics install is working properly?

billions-garage-37276

10/24/2022, 7:19 PM

Is there any way to disable the

cattle-unauthenticated

ClusterRole if we don't care to customize the login page?

miniature-advantage-78722

10/24/2022, 9:50 PM

Every time I provision a RKE1 cluster via Rancher 2.6 on Harvester the DNS is all screwy. I hate to ask here but I can't find anything online to help. When I run anything in kubectl or helm everything resolves to

52.128.23.153

and I get

dial tcp 52.128.23.153:443: connect: connection refused

as an error. I have configure the coredns system to use the upstream dns servers 8.8.8.8 and 1.1.1.1 but it still won't resolve. The underlying nodes hosting the cluster resolve fine and executing nslookup in busy box via the cluster shows proper DNS lookups. I'm at a loss

limited-eye-27484

10/24/2022, 11:22 PM

Hello all, on a default Rancher install on 2.6 with basically default options specified for the Monitoring Helm chart, how do I actually setup kube-state-metrics monitoring for cronjobs?

limited-eye-27484

10/24/2022, 11:22 PM

I see kube-state-metrics has a bunch of cronjob options you can enable: https://github.com/kubernetes/kube-state-metrics/blob/master/docs/cronjob-metrics.md but when I look at my monitoring config in Rancher, I see no cronjob configs in my Prometheus

limited-eye-27484

10/24/2022, 11:23 PM

The docs say that “By default, Rancher Monitoring deploys exporters (such as node-exporter and kube-state-metrics).”

limited-eye-27484

10/24/2022, 11:24 PM

however I can’t find anything related to kube-state-metrics in either the Rancher docs, or the Prom config that Rancher put in place

quick-advantage-47244

10/25/2022, 12:16 AM

Hello, I'm curious about RKE2's communication architecture, is there any documentation that explains it? If you look at the connection of the kubelet of the worker node (by ss command), it is connected to 127.0.0.1:6443 (rke2 process). Is rke2 acting as LB? I wonder how to find CP nodes, and whether the downstream cluster itself can survive when the rancher servers died.

bright-fireman-42144

10/25/2022, 1:33 AM

not production and just messing around but I ran into some rancher-webhook issues and decided to delete the mutatingwebhookconfigurations and others according to this article: https://www.suse.com/support/kb/doc/?id=000020699 Not thinking to maybe check the app catalog for rancher-webhook. I am on 2.6.9, which repo would have the rancher-webhook chart so I can apply it again.

worried-rain-56725

10/25/2022, 8:31 AM

Hi. I’m trying to create downstream EKS cluster using Rancher terraform provider. For some reason EKS nodes created by Rancher have only default EKS security group even though we provided list of additional security groups. These SGs are present in EKS configuration, but nodes still don’t have them. The strangest thing is that during creating EKS cluster, you can see in node group config that they will use auto-generated SG by Rancher, but after cluster became to Active state, config has been changed and there are now list of security groups we specified. We do not have custom launch template, nodes launched from LT created by Rancher as well. And that LT for some reason contains only the default EKS node group and no instance type specified. I thought it may be issue in 2.6.4 version, but after upgrading to 2.6.9 issue still here (edited)

Title

worried-rain-56725

10/25/2022, 8:31 AM

View count: 5