rancher-users #general

able-wall-25846

11/29/2022, 5:22 PM

Copy code

root@knode03:~# crictl pull <http://registry01.sys.nc4.iad0.nsscloud.net:5000/ns-ubuntu-20-04-qemu:latest|registry01.sys.nc4.iad0.nsscloud.net:5000/ns-ubuntu-20-04-qemu:latest>
FATA[0000] pulling image: rpc error: code = Unknown desc = failed to pull and unpack image "<http://registry01.sys.nc4.iad0.nsscloud.net:5000/ns-ubuntu-20-04-qemu:latest|registry01.sys.nc4.iad0.nsscloud.net:5000/ns-ubuntu-20-04-qemu:latest>": failed to resolve reference "<http://registry01.sys.nc4.iad0.nsscloud.net:5000/ns-ubuntu-20-04-qemu:latest|registry01.sys.nc4.iad0.nsscloud.net:5000/ns-ubuntu-20-04-qemu:latest>": failed to do request: Head "<https://registry01.sys.nc4.iad0.nsscloud.net:5000/v2/ns-ubuntu-20-04-qemu/manifests/latest>": http: server gave HTTP response to HTTPS client

able-wall-25846

11/29/2022, 5:23 PM

any tips on how I can get this working?

able-wall-25846

11/29/2022, 5:25 PM

Copy code

/var/lib/rancher/rke2/agent/etc/containerd/config.toml

able-wall-25846

11/29/2022, 5:25 PM

has this

able-wall-25846

11/29/2022, 5:25 PM

Copy code

[plugins.cri.registry.mirrors."<http://registry01.sys.nc4.iad0.nsscloud.net|registry01.sys.nc4.iad0.nsscloud.net>"]
  endpoint = ["<http://registry01.sys.nc4.iad0.nsscloud.net:5000>"]

able-wall-25846

11/29/2022, 5:25 PM

I think that's right

flaky-shampoo-86024

11/29/2022, 6:33 PM

Is there a way to prevent Rancher from adding finalizers to specific namespaces? We are trying to prevent this finalizer from being added to a specific namespace. finalizers: - controller.cattle.io/namespace-auth , since most of namespaces are in "Terminating" state when trying to get removed

gentle-petabyte-40055

11/30/2022, 5:22 AM

Hello. Has anyone used Velero with an RKE cluster. How do you use the cli. Do you install it on one of the control plane nodes?

best-address-42882

11/30/2022, 5:34 AM

Hi, I am creating brand new cluster and getting "Disconnected] Cluster agent is not connected" and "Waiting for API to be available" errors. I've tested cluster creating on Rancher 2.6.9 and 2.7.0 and got same error. Issue affects only Weave CNI, others works fine. Spent 3 days on it with no result.

salmon-chef-55025

11/30/2022, 9:18 AM

hi , we have a legacy Rancher Cluster running Rancher version v2.4.4 Rke version v1.0.8 Kubernetes version v1.17.5 Docker version v18.9.2 Our deployments are failing with following errors

Copy code

"unable to decode an event from the watch stream: backed up reader") has prevented the request from succeeding




[main] 2022/11/23 14:38:18 Starting Tiller v2.16.5-rancher1 (tls=false)

[main] 2022/11/23 14:38:18 GRPC listening on :61000

[main] 2022/11/23 14:38:18 Probes listening on :50491

[main] 2022/11/23 14:38:18 Storage driver is ConfigMap

[main] 2022/11/23 14:38:18 Max history per release is 10

[tiller] 2022/11/23 14:38:19 getting history for release ne-campaign

[storage] 2022/11/23 14:38:19 getting release history for "ne-campaign"

[storage/driver] 2022/11/23 14:38:19 query: failed to query with labels: Get <https://localhost:443/k8s/clusters/c-xzmr2/api/v1/namespaces/ne-campaign/configmaps?labelSelector=NAME%3Dne-campaign%2COWNER%3DTILLER>: dial tcp 127.0.0.1:443: connect: cannot assign requested address

[tiller] 2022/11/23 14:38:19 preparing update for ne-campaign

[storage] 2022/11/23 14:38:19 getting deployed releases from "ne-campaign" history

[storage/driver] 2022/11/23 14:38:19 query: failed to query with labels: Get <https://localhost:443/k8s/clusters/c-xzmr2/api/v1/namespaces/ne-campaign/configmaps?labelSelector=NAME%3Dne-campaign%2COWNER%3DTILLER%2CSTATUS%3DDEPLOYED>: dial tcp 127.0.0.1:443: connect: cannot assign requested address

[tiller] 2022/11/23 14:38:19 failed to prepare update: Get <https://localhost:443/k8s/clusters/c-xzmr2/api/v1/namespaces/ne-campaign/configmaps?labelSelector=NAME%3Dne-campaign%2COWNER%3DTILLER%2CSTATUS%3DDEPLOYED>: dial tcp 127.0.0.1:443: connect: cannot assign requested address

[tiller] 2022/11/23 14:38:19 performing force update for ne-campaign

[storage] 2022/11/23 14:38:19 getting last revision of "ne-campaign"

[storage] 2022/11/23 14:38:19 getting release history for "ne-campaign"

[storage/driver] 2022/11/23 14:38:19 query: failed to query with labels: Get <https://localhost:443/k8s/clusters/c-xzmr2/api/v1/namespaces/ne-campaign/configmaps?labelSelector=NAME%3Dne-campaign%2COWNER%3DTILLER>: dial tcp 127.0.0.1:443: connect: cannot assign requested address





[main] 2022/11/23 14:38:19 Starting Tiller v2.16.5-rancher1 (tls=false)

[main] 2022/11/23 14:38:19 GRPC listening on :50491

[main] 2022/11/23 14:38:19 Probes listening on :50491

[main] 2022/11/23 14:38:19 Storage driver is ConfigMap

[main] 2022/11/23 14:38:19 Max history per release is 10

[main] 2022/11/23 14:38:19 Probes server died: listen tcp :50491: bind: address already in use

[main] 2022/11/23 14:48:20 Starting Tiller v2.16.5-rancher1 (tls=false)

[main] 2022/11/23 14:48:20 GRPC listening on :50491

[main] 2022/11/23 14:48:20 Probes listening on :61000

[main] 2022/11/23 14:48:20 Storage driver is ConfigMap

[main] 2022/11/23 14:48:20 Max history per release is 10

[tiller] 2022/11/23 14:48:21 getting history for release ne-campaign

[storage] 2022/11/23 14:48:21 getting release history for "ne-campaign"

[storage/driver] 2022/11/23 14:48:21 query: failed to query with labels: Get <https://localhost:443/k8s/clusters/c-xzmr2/api/v1/namespaces/ne-campaign/configmaps?labelSelector=NAME%3Dne-campaign%2COWNER%3DTILLER>: dial tcp 127.0.0.1:443: connect: cannot assign requested address

[tiller] 2022/11/23 14:48:21 preparing update for ne-campaign

[storage] 2022/11/23 14:48:21 getting deployed releases from "ne-campaign" history

[storage/driver] 2022/11/23 14:48:21 query: failed to query with labels: Get <https://localhost:443/k8s/clusters/c-xzmr2/api/v1/namespaces/ne-campaign/configmaps?labelSelector=NAME%3Dne-campaign%2COWNER%3DTILLER%2CSTATUS%3DDEPLOYED>: dial tcp 127.0.0.1:443: connect: cannot assign requested address

[tiller] 2022/11/23 14:48:21 failed to prepare update: Get <https://localhost:443/k8s/clusters/c-xzmr2/api/v1/namespaces/ne-campaign/configmaps?labelSelector=NAME%3Dne-campaign%2COWNER%3DTILLER%2CSTATUS%3DDEPLOYED>: dial tcp 127.0.0.1:443: connect: cannot assign requested address

[tiller] 2022/11/23 14:48:21 performing force update for ne-campaign

[storage] 2022/11/23 14:48:21 getting last revision of "ne-campaign"

[storage] 2022/11/23 14:48:21 getting release history for "ne-campaign"

[storage/driver] 2022/11/23 14:48:21 query: failed to query with labels: Get <https://localhost:443/k8s/clusters/c-xzmr2/api/v1/namespaces/ne-campaign/configmaps?labelSelector=NAME%3Dne-campaign%2COWNER%3DTILLER>: dial tcp 127.0.0.1:443: connect: cannot assign requested address

[main] 2022/11/23 14:48:22 Starting Tiller v2.16.5-rancher1 (tls=false)

[main] 2022/11/23 14:48:22 GRPC listening on :50491

[main] 2022/11/23 14:48:22 Probes listening on :61000

[main] 2022/11/23 14:48:22 Storage driver is ConfigMap

[main] 2022/11/23 14:48:22 Max history per release is 10

[tiller] 2022/11/23 14:48:23 getting history for release ne-campaign

[storage] 2022/11/23 14:48:23 getting release history for "ne-campaign"

[storage/driver] 2022/11/23 14:48:23 query: failed to query with labels: Get <https://localhost:443/k8s/clusters/c-xzmr2/api/v1/namespaces/ne-campaign/configmaps?labelSelector=NAME%3Dne-campaign%2COWNER%3DTILLER>: dial tcp 127.0.0.1:443: connect: cannot assign requested address

[tiller] 2022/11/23 14:48:23 preparing update for ne-campaign

[storage] 2022/11/23 14:48:23 getting deployed releases from "ne-campaign" history

[storage/driver] 2022/11/23 14:48:23 query: failed to query with labels: Get <https://localhost:443/k8s/clusters/c-xzmr2/api/v1/namespaces/ne-campaign/configmaps?labelSelector=NAME%3Dne-campaign%2COWNER%3DTILLER%2CSTATUS%3DDEPLOYED>: dial tcp 127.0.0.1:443: connect: cannot assign requested address

[tiller] 2022/11/23 14:48:23 failed to prepare update: Get <https://localhost:443/k8s/clusters/c-xzmr2/api/v1/namespaces/ne-campaign/configmaps?labelSelector=NAME%3Dne-campaign%2COWNER%3DTILLER%2CSTATUS%3DDEPLOYED>: dial tcp 127.0.0.1:443: connect: cannot assign requested address

[tiller] 2022/11/23 14:48:23 performing force update for ne-campaign

[storage] 2022/11/23 14:48:23 getting last revision of "ne-campaign"

[storage] 2022/11/23 14:48:23 getting release history for "ne-campaign"

[storage/driver] 2022/11/23 14:48:23 query: failed to query with labels: Get <https://localhost:443/k8s/clusters/c-xzmr2/api/v1/namespaces/ne-campaign/configmaps?labelSelector=NAME%3Dne-campaign%2COWNER%3DTILLER>: dial tcp 127.0.0.1:443: connect: cannot assign requested address

We have tried restarting the master nodes (& docker service ) on downstream Kubernetes nodes .. but same has not helped. We have tried deploying latest code on other micro services hosted on the same cluster but that is also failing. This error seems to have worsened now .. PFB the recent logs where its getting blocked at even earlier stage.

Copy code

2022/11/28 14:40:29 [ERROR] Error certs=InvalidBodyContent 422: failed to find cert that matched private key parsing cert template-repository-prod-tls. Will not display correctly in UI

2022/11/28 14:43:12 [INFO] Installing chart using helm version: rancher-helm

[main] 2022/11/28 14:43:12 Starting Tiller v2.16.5-rancher1 (tls=false)

[main] 2022/11/28 14:43:12 GRPC listening on :61000

[main] 2022/11/28 14:43:12 Probes listening on :61000

[main] 2022/11/28 14:43:12 Storage driver is ConfigMap

[main] 2022/11/28 14:43:12 Max history per release is 10

[main] 2022/11/28 14:43:12 Probes server died: listen tcp :61000: bind: address already in use

UPGRADE FAILED

Error: context deadline exceeded

2022/11/28 14:53:12 [ERROR] AppController p-746c7/ecomm-support [helm-controller] failed with : failed to install app ecomm-support. Error: UPGRADE FAILED: context deadline exceeded

billowy-vegetable-58311

11/30/2022, 10:21 AM

HI team , after installing Rancher desktop I am getting the following error When I am trying to execute the first command ... Please help

Copy code

brew install --cask --verbose --force docker
Error shows as  ...  "Error: It seems there is already a Binary at '/usr/local/share/zsh/site-functions/_docker'.

Following is the terminal logs which I am sharing

Copy code

vishwanathangadi@vishwanaths-MacBook-Pro ~ % brew install --cask --verbose --force docker
Running `brew update --auto-update`...
==> Auto-updated Homebrew!
Updated 1 tap (homebrew/core).

You have 18 outdated formulae installed.
You can upgrade them with brew upgrade
or list them with brew outdated.

==> Downloading <https://desktop.docker.com/mac/main/amd64/91661/Docker.dmg>
Already downloaded: /Users/vishwanathangadi/Library/Caches/Homebrew/downloads/1ffb31f522268752a888fbee3b48dcfa70666365c75c92b6d179e0dd22e82e89--Docker.dmg
==> Verifying checksum for cask 'docker'
==> Installing Cask docker
hdiutil attach -plist -nobrowse -readonly -mountrandom /private/tmp/d20221130-1928-ongdwu /Users/vishwanathangadi/Library/Caches/Homebrew/downloads/1ffb31f522268752a888fbee3b48dcfa70666365c75c92b6d179e0dd22e82e89--Docker.dmg
mkbom -s -i /private/tmp/20221130-1928-zb8c19.list -- /private/tmp/20221130-1928-1z0cblx.bom
ditto --bom /private/tmp/20221130-1928-1z0cblx.bom -- /private/tmp/d20221130-1928-ongdwu/dmg.khdXlw /private/tmp/d20221130-1928-1j5lsiq
diskutil info -plist /private/tmp/d20221130-1928-ongdwu/dmg.khdXlw
diskutil eject /private/tmp/d20221130-1928-ongdwu/dmg.khdXlw
cp -pR /private/tmp/d20221130-1928-1j5lsiq/Docker.app/. /usr/local/Caskroom/docker/4.14.1,91661/Docker.app
chmod -Rf +w /private/tmp/d20221130-1928-1j5lsiq
==> Moving App '<http://Docker.app|Docker.app>' to '/Applications/Docker.app'
==> Linking Binary 'docker-compose.bash-completion' to '/usr/local/etc/bash_completion.d/docker-compose'
==> Unlinking Binary '/usr/local/etc/bash_completion.d/docker-compose'
==> Backing App '<http://Docker.app|Docker.app>' up to '/usr/local/Caskroom/docker/4.14.1,91661/Docker.app'
==> Removing App '/Applications/Docker.app'
==> Purging files for version 4.14.1,91661 of Cask docker
Error: It seems there is already a Binary at '/usr/local/share/zsh/site-functions/_docker'.

future-alarm-92026

11/30/2022, 2:05 PM

👋 Hi everyone!

bitter-noon-90925

11/30/2022, 2:28 PM

Hello everyone. ~~I hope this channel is the correct one.~~ ~~We are currently evaluating Rancher Desktop at our Company and I’m coordinating this process.~~ ~~We have currently this issue https://github.com/rancher-sandbox/rancher-desktop/issues/905 with our company proxy.~~ ~~We have defined our proxies in our override.yamls and iff rancher desktop or lima VM boots, we can use docker registries through our proxy.~~ ~~But rancher desktop doesn’t start up every now and then, with the error message in the issue #905.~~ ~~Is there any workaround to this issue?~~ ~~Thanks~~

✅ 1

fierce-nest-35400

11/30/2022, 2:58 PM

fierce-nest-35400

11/30/2022, 2:59 PM

Hi restarted my computer and started rancher it stuck waiting for kube apis

fierce-nest-35400

11/30/2022, 2:59 PM

any suggestions how to solve this issue

orange-gigabyte-8918

11/30/2022, 3:08 PM

I'm not 100% sure, but I don't think so. Sorry.

little-father-38603

11/30/2022, 3:45 PM

Hi, do anyone know how to increase the vebosity level for kubelet running in docker and deployed with RKE? I'm trying to debug a situation where the

/stats/summary

endpoint takes a really long time to respond

little-father-38603

11/30/2022, 4:42 PM

Actually, never mind,

docker stats

hangs, I suppose kubelet calls that. If anyone knows why this could happen, please let me know :)

early-lunch-37616

11/30/2022, 5:15 PM

Hi everyone, I'm hoping someone can help me figure out a docker auth issue I'm having. Using Rancher Desktop with nerdctl I'm getting 403 auth errors when trying to pull images from GCR. I'm logged in with nerdctl and was able to pull images when using dockerCLI. Any ideas?

breezy-ram-80329

12/01/2022, 4:18 AM

getting [ERROR] Error during subscribe websocket: close sent in the rancher server logs. And the cluster agent logs is stuck with level=info msg="Connecting to proxy" url="wss://rancher-poc.corp.xxxxcom/v3/connect". My rancher server is behind a aws application load balancer. Any idea why this is happening ?

famous-grass-8099

12/01/2022, 5:03 AM

Hi Guys Here is how my setup is. single node docker image running behind nginx as reverse proxy (it is docker-compose.yml having both containers). That single node is behind AWS classic load balancer. following are the errors being logged by rancher node (docker-compose logs -f).

Copy code

rancher-server_1  | 2022/12/01 04:54:09 [ERROR] Failed to handle tunnel request from remote address 172.19.0.2:49716 (X-Forwarded-For: 44.230.106.196, 172.31.30.132): response 400: websocket: the client is not using the websocket protocol: 'websocket' token not found in 'Upgrade' header
rancher-server_1  | 2022/12/01 04:54:09 [ERROR] Failed to handle tunnel request from remote address 172.19.0.2:49716 (X-Forwarded-For: 44.230.106.196, 172.31.30.132): response 400: Error during upgrade for host [c-sxlgx]: websocket: the client is not using the websocket protocol: 'websocket' token not found in 'Upgrade' header

I have another AWS EKS cluster. I am trying to import in above rancher instance. It is showing

waiting

status.

early-lifeguard-63817

12/01/2022, 8:50 AM

Can I use an existing Prometheus instance to show metrics in the Rancher UI? I have imported an existing cluster which has a long-running prom operator on it. This must be some kind of FAQ but can't find a real answer.

shy-tent-66642

12/01/2022, 10:18 AM

👋 Hi everyone!

kind-analyst-38351

12/01/2022, 10:51 AM

Hello, does anyone know how to enable prometheus metrics in nginx-ingress-controller (installed via RKE)?

gifted-shampoo-48019

12/01/2022, 12:16 PM

The fleet-agent auto generates cluster-name such as

cluster-fb7393592079

. is there a way for me to change that name?

acceptable-printer-7134

12/01/2022, 12:24 PM

What is the minimum aws permissions required for rancher cloud credentials. Our use case is to just import EKS and rancher as UI and help us manage RBAC on top our auth provider.

helpful-student-22864

12/01/2022, 1:16 PM

Hello Everyone 👋 New to Rancher and this forum. Looking for help on Global Roles. The requirement is to setup roles for team members to be able to manage resources within a particular namespace only. I would appreciate if you can guide me or direct me to available resources that I can use to complete this setup. I have created a new custom role and added users to it so far, however I am still trying to find out ways to restrict this group to have access only on a particular namespace. Thank you!

early-lifeguard-63817

12/01/2022, 2:09 PM

ok so feeling really stupid here.. how do I reset the password of a non-admin user?

dazzling-computer-84464

12/01/2022, 7:32 PM

Has anyone encountered error like this?

Copy code

2022/12/01 19:28:41 [DEBUG] No active connection for cluster [c-rw259], will wait for about 30 seconds
2022/12/01 19:28:41 [TRACE] dialerFactory: apiEndpoint hostPort for cluster [c-pw867] is [172.20.0.1:443]
2022/12/01 19:28:41 [TRACE] dialerFactory: no tunnel session found for cluster [c-pw867], falling back to nodeDialer