Hi, anybody has any idea why rancher pods keep restarting? I have 2.6.4 version.

cattle-fleet-system    fleet-agent-96f6f455c-hl4tw                           1/1     Running     13 (9h ago)     10d
cattle-system          cattle-cluster-agent-ffddb7bf7-5d297                  1/1     Running     12 (9h ago)     10d
cattle-system          cattle-cluster-agent-ffddb7bf7-dbcsb                  1/1     Running     5 (33h ago)     9d

If I run a kubectl describe to pods, I get:

Last State:     Terminated
      Reason:       Error
      Exit Code:    1

I’ve setup ADFS authentication on Rancher (using Authentik) But when attempting to add users/groups to projects/namespaces the search isn’t working properly and I am unable to add users/groups. Any help?

It doesn’t actually search, as there is a user called Daave but no user called Daa. If I type Daave in and click enter, it “adds” them but doesn’t actually give the user permissions.

trying to run rke up on 3 nodes and one node is failing: got error, [seliniux] does nott recognize SELinux label [label=type: rke_container_t], this is for kubernetes version [>=1.22.0-rancher0]/ Please install rancher-selinux RPM packahe and try again.

I did install rancher-selinux.noarch

any idea

my rke version is 1.3.12

Hi everybody. Does anybody know how to enable

proxy-mode: ipvs

and

ipvs-strict-arp

for RKE2's kube-proxy when deploying RKE2 via Rancher? I have found thishttps://github.com/rancher/rancher/issues/35430 stating that I can set these in a YAML but can't find the YAML though.

Can someone help me clear this installation step up for a POC?

TIP FOR TESTING AND DEVELOPMENT: This final command to install Rancher requires a domain name that forwards traffic to Rancher. If you are using the Helm CLI to set up a proof-of-concept, you can use a fake domain name when passing the

hostname

option. An example of a fake domain name would be

<IP_OF_LINUX_NODE>.<http://sslip.io|sslip.io>

, which would expose Rancher on an IP where it is running. Production installs would require a real domain name.

Would this be a fake domain name to the load balancer?

Or a single node of the RKE cluster?

i am having issues running ansible playbook from a jumphost where the rke tool and cluster.yaml is located. I run the task as user ansible but the task has become_user: rke user but keep getting errors

anyone have tried doing this before?

if I just do rke up, the cluster configures just fine

when using rke user

Hello all. I just stood up a brand new K3s cluster running version

v1.24.3+k3s1

. I already have an independent Rancher 2.6.5 cluster running. I went to import my new K3s cluster into Rancher (generic, using local VMware) and I am getting failures during the initial cattle-system setup. The cattle-system-agent is failing to start. The pod logs show

evel=fatal msg="looking up cattle-system/cattle ca/token: no secret exists for service account cattle-system/cattle"

. I found here https://github.com/rancher/rancher/issues/37027 that Rancher 2.6.5 AND 2.6.6 for that matter do not support K8s distros of 1.24. Is my only solution to install a prior version of K3s? Looks like

v1.23.9+k3s1

is the previous 1.23 version available on GitHub.

Hello. I need help please. I changed my rancher certs from self-signed to LetsEncrypt and now my downstream RKE2 clusters all show "Provisioning - Waiting for at least one bootstrap node" in my Cluster Management list. I tried the cluster-agent-tool but that does not work. rancher-system-agent is erroring: level=error msg="[K8s] received secret to process that was older than the last secret operated on. (143299511 vs 143302860)" level=error msg="error syncing 'fleet-default/custom-c1ddfcd26899-machine-plan': handler secret-watch: secret received was too old, requeuing"

I'm running Rancher 2.6.4 and my downstream clusters are 1.22.x

@high-toddler-81593 , sorry to be a bit off topic, but have your ever been asked if you are/were the lead singer of WhiteCross? If not, consider me your first! 😁

Figured I'd ask, I'm sure at this point in his life, I'm sure he wouldn't care much about IT stuff like this 😁😁😁😁

Hey, the Rancher Agent keeps trying to use the wrong network interface and IP, even when I specify an

address

and

internal address

. Is there a way to tell it to use a certain interface? I am joining my worker node by running the registration command that runs the docker rancher-agent.

so outbound comms work (via the addresses I specified), but when i try to shell into the node or send traffic via a service, it keeps trying to use the local IP (192..) instead of the interface/ip that I have set

👋 Hi everyone! can anyone given me resources of ingress controller in rancher like Custom Resource Definition, Cluster Role, Cluster Role Binding.

Hi guys. I have a tricky task to deploy k3s + custom helm chart to the offline machines (20-22 ports exposed only for tests, no connection in future at all). I was trying to modify a bit installation script to make everything offline. Installation requires to download and install a lot of dependencies, so analysis and fixing links takes really lot of time. Maybe someone faced the solution or helpful manuals. Thanks in advance

Hi there, is there a good place to see docs for when rke2 was updated to look for

/proc/sys/net/ipv4/ip_unprivileged_port_start

? I upgraded to the latest version, 1.24.3, and ran into issues where that file could not be found. From what I can tell, it exists in kernel versions 4.11+, which I do not have the ability to upgrade to yet.

hello fellow ranch hands.

super new k8s and the whole SUSE k8s ecosystem but I'll try not to ask dumb questions. First one, and yes I've googled and checked githhub. I have deployed rancher server on gcp using terraform and would like to now create a gke cluster. I have created a service account and I think the roles are correct but I don't think the docs are up to date with what you see in google's UI so this ultimately might be a permissions issue. The problem is creating the cluster, after specifying all the options, the project ID and specifying the credentials I created (with associated service account json) I get: "TypeError: Cannot read properties of undefined (reading 'error')". Is there any particular log or a terminal that I can see what API commands and the returning result to see what these always nebulous java errors are?

@fast-piano-59234 Rancher pods CrashLoopBackOff and I cannot Ping 10.43.0.1 using

dnsutils

pod. Can you please ping me back when you have time? Thanks for your help. I appreciate it. RKE: v1.3.8, Rancher: v2.6.6, Kubernetes: v1.22.7, Docker: v20.10.12