Hello, I installed a cluster using rancher. then i installed metallb from ui then i also installed these crds: --- apiVersion: metallb.io/v1beta1 kind: IPAddressPool metadata: creationTimestamp: null name: my-ip-space namespace: metallb-system spec: addresses: - 10.8.4.0/24 status: {} --- apiVersion: metallb.io/v1beta1 kind: BGPAdvertisement metadata: creationTimestamp: null name: bgpadvertisement1 namespace: metallb-system spec: aggregationLength: 32 communities: - 64512:1234 ipAddressPools: - my-ip-space localPref: 100 status: {} I didn't see an option to enable this setting. ipvs: strictARP: true I don't know if it's because of this parameter that it doesn't work. metallb provisions ip loadbalancers well. A fortigate firewall is placed in front of the ips load balancers (metallb). Thank you for your help.

This is the RKE1

Hi All. I've an installation of rancher with a couple of managed cluster (1.24.4rke2). I've an error with default service account of a namespace: "Message":"clusters.management.cattle.io \"c-m-7l9g7r75\" is forbidden: User \"system😒erviceaccount:[namespace]:default\" cannot get resource \"clusters\" in API group \"management.cattle.io\" at the cluster scope","Cause":null,"FieldName":""} (post selfsubjectaccessreviews.authorization.k8s.io)

I created both role and rolebinding without success. I've to configure permission on the rancher console?

Hi. Has anyone successfully gotten RKE to use OIDC (Keycloak) as an authentication provider? This is separate from the Rancher front-end, just the cluster itself. I have this config set in the kube-api extra_args section:

oidc-client-id: <http://myclient.example.org|myclient.example.org>
          oidc-groups-claim: groups
          oidc-issuer-url: <https://keycloak.example.org/realms/test>
          oidc-username-claim: preferred_username

When I get a token and try to use it to authenticate (just did a kubectl --token=XXXXXXXXXX get nodes, I get a message: error: You must be logged in to the server (the server has asked for the client to provide credentials) and the kube-api server just logs this:

time="2023-01-26T18:31:29Z" level=info msg="Processing v1Authenticate request..."
time="2023-01-26T18:31:29Z" level=error msg="found 1 parts of token"

has anyone done this?

Hey gang! 🤟 Komodor’s latest open-source project, Helm-Dashboard is generally available with the release of V.1.0.0 Coincidently at the same time the project crossed 3K stars on GitHub (and hundreds of daily active users), only three months since it was released! Some of the cool new features you can expect to see in the new version: • Auto-update repositories when installed into cluster • The ability to reconfigure charts without access to their source • Specifying multiple working namespaces • Self-sufficient binary, no helm/kubectl requirement • REST API documented • As always, we welcome everyone to provide feedback and suggestions on the project’s roadmap on our social channels, GitHub, or the Slack Kommunity. We’ve even created a user survey form to make it easier on you 🙂

Does anyone know if I can use traefik 2.x as my ingress controller to access Rancher UI ? If yes how should I configure it ?

Hi y'all I am having a very hard time debugging an issue with rke-cli. I am trying to add more nodes, I am following the exact same steps as I did the first time I added them, and many times after. Except something is wrong now cuz when I run the command: rke up --update-only it does not add the new nodes

it actually complains that "Node not found" on the new nodes i have attempted to add

There are no other error logs

The cluster is functioning okay, afaik since everything else is running ( this is also in production )

I have managed to see the node for like 1-2 seconds on the node list and then it went away. The new node's kubelet complains that the node is not found as well when attempting to run kubelet

the k8s version is 1.24.4

😛artyparrot: NeuVector 5.1.1 has been released 😛artyparrot: Posted in #neuvector-security

has anyone installed rancher server on a terraform managed cluster and had it import the cluster? My concern is that TF would maybe recreate the cluster or possibly remove the rancher agent when doing upgrades, but im honestly not sure. just wondering if anyone has ever done this.

Hi together, I have running a cluster that has a version of 1.17.4, how I am able to update that cluster? For other clusters I am able to select a newer version.

I am using rancher 2.5

Hi all, we started to have pods being unable to schedule in our Rancher cluster sometime last night. Looking into the control plane nodes the docker

kube-apiserver

container is showing a lot of errors like this:

E0213 22:18:56.420705       1 leaderelection.go:325] error retrieving resource lock kube-system/kube-controller-manager: <http://leases.coordination.k8s.io|leases.coordination.k8s.io> "kube-controller-manager" is forbidden: User "system:kube-controller-manager" cannot get resource "leases" in API group "<http://coordination.k8s.io|coordination.k8s.io>" in the namespace "kube-system"

Where should I even be looking in Rancher to start troubleshooting this problem?

Figured I'd forward this because the storage chat is kind of dead, this one is racking my brain 😄 any ideas are appreciated.

Hi, I found this git issue that has been closed https://github.com/k3s-io/k3s/issues/6611. According to this k3s is compatible with Rhel 9 version. Even when I tried to setup k3s over rhel 9.1 it worked. Could you please let me know when or why use support matrix will include Rhel 9 user like us to upgrade to Rhel 9 from 8 with K3S

Are there any tools that can generate diagrams in graphviz or mermaid format for a namespace? Ideally I can just do something like

kubectl -n myns get all > myns.yaml

and then

generator myns.yaml

Hi, I'm trying to install racher 2.7 on an existing Kubernetes Cluster (1.24.10) with external loadbalancer and ssl-termination. I run the installation by helm:

helm upgrade --install rancher rancher-stable/rancher --namespace cattle-system --set hostname="myhost.mydomain" --set tls=external

sorry, here's my complete question: Hi, I'm trying to install racher 2.7 on an existing Kubernetes Cluster (1.24.10) with external loadbalancer and ssl-termination. I run the installation by helm:

helm upgrade --install rancher rancher-stable/rancher --namespace cattle-system --set hostname="myhost.mydomain" --set tls=external

Installation was ok, but the Ingress reports: 'nginx-ingress-controller Scheduled for sync' In the rancher log I see the following errors:

[ERROR] Failed to connect to peer <wss://10.45.3.4/v3/connect> [local ID=10.45.4.5]: dial tcp 10.45.3.4:443: i/o timeout

I'm confused, I would have expected the internal connections were going to port 80, which is open. Anybody can give me a hint, what could be wrong? Thanks

hi - We have an application running on kubernetes(EKS), we use rolling update strategy for our deployment. Our application does data migration from on pre m to cloud and this sometimes takes a day or two depending on the data size. The issue for us is when we do the deployment , the pod thats performing the migration gets terminated as expected . But we would want to avoid this as the migration has to be started all over again by the customer. So does anyone know of a way to exclude the pod from upgrade thats is performing the migration until the process is complete.

Hi Folks, I'm looking for a help in re-create the secret for the imported cluster in the rancher

hi, I had an rke2 cluster managed by rancher and the nodes failed are down, how can I bring the rke2 cluster up again? I mean rejoining the nodes members to rancher?

What will the consequences be if I were to move one of my two master nodes to a different network (it will be assigned a new static IP on the new network)?

Deploying RKE2 with Metallb Issue - IP gets assigned to the loadbalancer but no ARP entries are showing up under the interfaces, ARP ping and curl fails to the deployed loadbalancer IP + port IP Pool and L2Advertisement config

apiVersion: <http://metallb.io/v1beta1|metallb.io/v1beta1>
kind: IPAddressPool
metadata:
  name: core-net-192.168.92.140-159
  namespace: metallb-system
spec:
  addresses:
  - 192.168.94.140-192.168.94.159
---
apiVersion: <http://metallb.io/v1beta1|metallb.io/v1beta1>
kind: L2Advertisement
metadata:
  name: metallb-pool
  namespace: metallb-system
spec:
  ipAddressPools:
  - core-net-192.168.99.140-159

How can we enable kubeproxy ipvs on the management cluster? (at the moment i only have one cluster with workernodes added to the management cluster)

kubeproxy:
      extra_args:
        ipvs-scheduler: lc
        proxy-mode: ipvs

do i need to deploy a separate cluster with workernodes for this? Thanks a lot for your input, if im on the wrong channel for these questions please let me know, i apologize in advance Posted in #rke2

:q