adamant-kite-43734
12/15/2023, 8:19 AMadamant-kite-43734
12/15/2023, 6:22 PMclever-rain-23394
12/20/2023, 2:55 PMrke 1.4.1
with v1.24.8-rancher1-1
. I checked release node of https://github.com/rancher/rke/releases/tag/v1.4.5 and there are two major known issues listed. My question is, if I skip 1.4.5
and go directly to 1.4.7
then am I skipping the issues reported in 1.4.5
? Besides, with 1.4.7 rke
I should be able to go directly to v1.24.15-rancher1-1
if I understand correctly. Then I can upgrade my k8s version gradually and avoid skipping k8s minor versions, am I correct ? Thanks in advance for any advises!bored-nest-98612
01/03/2024, 2:53 PMbored-nest-98612
01/03/2024, 3:05 PMearly-oxygen-25563
01/05/2024, 12:49 PMrefined-cat-13674
01/06/2024, 11:29 AMfew-memory-46527
01/17/2024, 7:44 PMPinging <http://myrancher.omkarm.online|myrancher.omkarm.online> [51.20.8.229] with 32 bytes of data:
Reply from 51.20.8.229: bytes=32 time=197ms TTL=44
Reply from 51.20.8.229: bytes=32 time=224ms TTL=44
Reply from 51.20.8.229: bytes=32 time=216ms TTL=44
Reply from 51.20.8.229: bytes=32 time=441ms TTL=44
Below is the config file located at path /etc/personal/nginx/nginx.conf
worker_processes 4;
worker_rlimit_nofile 40000;
events {
worker_connections 8192;
}
stream {
upstream rancher_servers_http {
least_conn;
server 13.53.174.122:80 max_fails=3 fail_timeout=5s;
server 16.170.205.7:80 max_fails=3 fail_timeout=5s;
server 13.53.206.251:80 max_fails=3 fail_timeout=5s;
}
server {
listen 80;
proxy_pass rancher_servers_http;
}
}
http {
upstream rancher_servers_https {
least_conn;
server 13.53.174.122:443 max_fails=3 fail_timeout=5s;
server 16.170.205.7:443 max_fails=3 fail_timeout=5s;
server 13.53.206.251:443 max_fails=3 fail_timeout=5s;
}
server {
listen 443 ssl;
ssl_certificate /etc/nginx/ssl/tls.crt;
ssl_certificate_key /etc/nginx/ssl/key.key;
location / {
proxy_pass <https://rancher_servers_https>;
proxy_set_header Host <http://myrancher.omkarm.online|myrancher.omkarm.online>;
proxy_ssl_server_name on;
proxy_ssl_name <http://myrancher.omkarm.online|myrancher.omkarm.online>;
}
}
}
I am using docker container to run nginx image. I am getting the error as shown
docker logs -f 3c00b201214f
2024/01/17 19:35:28 [emerg] 1#1: BIO_new_file("/etc/nginx/ssl/tls.crt") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/nginx/ssl/tls.crt','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: [emerg] BIO_new_file("/etc/nginx/ssl/tls.crt") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/nginx/ssl/tls.crt','r') error:2006D080:BIO routines:BIO_new_file:no such file)
2024/01/17 19:35:29 [emerg] 1#1: BIO_new_file("/etc/nginx/ssl/tls.crt") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/nginx/ssl/tls.crt','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: [emerg] BIO_new_file("/etc/nginx/ssl/tls.crt") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/nginx/ssl/tls.crt','r') error:2006D080:BIO routines:BIO_new_file:no such file)
2024/01/17 19:35:29 [emerg] 1#1: BIO_new_file("/etc/nginx/ssl/tls.crt") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/nginx/ssl/tls.crt','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: [emerg] BIO_new_file("/etc/nginx/ssl/tls.crt") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/nginx/ssl/tls.crt','r') error:2006D080:BIO routines:BIO_new_file:no such file)
2024/01/17 19:35:30 [emerg] 1#1: BIO_new_file("/etc/nginx/ssl/tls.crt") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/nginx/ssl/tls.crt','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: [emerg] BIO_new_file("/etc/nginx/ssl/tls.crt") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/nginx/ssl/tls.crt','r') error:2006D080:BIO routines:BIO_new_file:no such file)
2024/01/17 19:35:31 [emerg] 1#1: BIO_new_file("/etc/nginx/ssl/tls.crt") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/nginx/ssl/tls.crt','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: [emerg] BIO_new_file("/etc/nginx/ssl/tls.crt") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/nginx/ssl/tls.crt','r') error:2006D080:BIO routines:BIO_new_file:no such file)
2024/01/17 19:35:33 [emerg] 1#1: BIO_new_file("/etc/nginx/ssl/tls.crt") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/nginx/ssl/tls.crt','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: [emerg] BIO_new_file("/etc/nginx/ssl/tls.crt") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/nginx/ssl/tls.crt','r') error:2006D080:BIO routines:BIO_new_file:no such file)
2024/01/17 19:35:36 [emerg] 1#1: BIO_new_file("/etc/nginx/ssl/tls.crt") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/nginx/ssl/tls.crt','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: [emerg] BIO_new_file("/etc/nginx/ssl/tls.crt") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/nginx/ssl/tls.crt','r') error:2006D080:BIO routines:BIO_new_file:no such file)
2024/01/17 19:35:43 [emerg] 1#1: BIO_new_file("/etc/nginx/ssl/tls.crt") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/nginx/ssl/tls.crt','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: [emerg] BIO_new_file("/etc/nginx/ssl/tls.crt") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/nginx/ssl/tls.crt','r') error:2006D080:BIO routines:BIO_new_file:no such file)
2024/01/17 19:35:56 [emerg] 1#1: BIO_new_file("/etc/nginx/ssl/tls.crt") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/nginx/ssl/tls.crt','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: [emerg] BIO_new_file("/etc/nginx/ssl/tls.crt") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/nginx/ssl/tls.crt','r') error:2006D080:BIO routines:BIO_new_file:no such file)
It is saying file not found but as you can see below the file is present.
root@ip-172-31-36-239:/etc/nginx/ssl# pwd
/etc/nginx/ssl
root@ip-172-31-36-239:/etc/nginx/ssl# ls -l
total 8
-rw------- 1 root root 1704 Jan 17 19:30 key.key
-rw-r--r-- 1 root root 1245 Jan 17 19:31 tls.crt
I am using the below docker command
docker run -d --restart=unless-stopped -p 80:80 -p 443:443 -v /etc/personal/nginx/nginx.conf:/etc/nginx/nginx.conf -v /etc/nginx/ssl:/etc/ssl/certs nginx:1.14
I have tried several ways from this https://serverfault.com/questions/537343/nginx-startup-fails-ssl-no-such-file-or-directory.
Please let me know where I am doing wrong.fast-energy-59378
01/29/2024, 6:13 PMbored-nest-98612
02/01/2024, 9:42 AMbored-nest-98612
02/01/2024, 9:42 AMbored-nest-98612
02/01/2024, 10:05 AMbusy-eve-73486
02/02/2024, 4:34 AMclever-city-95086
02/02/2024, 11:17 AMsalmon-hair-72590
02/05/2024, 1:36 AMastonishing-postman-47327
02/09/2024, 7:58 AMagreeable-salesmen-5103
02/14/2024, 11:02 AMfew-memory-46527
02/16/2024, 6:12 AM[rke-admin@Poclphusanode2 ~]$ k get pods -A
E0216 00:02:49.445646 631023 memcache.go:287] couldn't get resource list for <http://metrics.k8s.io/v1beta1|metrics.k8s.io/v1beta1>: the server is currently unable to handle the request
E0216 00:02:49.449396 631023 memcache.go:121] couldn't get resource list for <http://metrics.k8s.io/v1beta1|metrics.k8s.io/v1beta1>: the server is currently unable to handle the request
E0216 00:02:49.454321 631023 memcache.go:121] couldn't get resource list for <http://metrics.k8s.io/v1beta1|metrics.k8s.io/v1beta1>: the server is currently unable to handle the request
E0216 00:02:49.458540 631023 memcache.go:121] couldn't get resource list for <http://metrics.k8s.io/v1beta1|metrics.k8s.io/v1beta1>: the server is currently unable to handle the request
NAMESPACE NAME READY STATUS RESTARTS AGE
cattle-system cattle-cluster-agent-7d578894ff-jglt5 0/1 CrashLoopBackOff 5 4m27s
cattle-system cattle-node-agent-s78dd 1/1 Running 0 10h
cattle-system cattle-node-agent-t5qxc 1/1 Running 0 10h
cattle-system kube-api-auth-dgjb6 1/1 Running 0 10h
default overlaytest-d9gzz 1/1 Running 0 9h
default overlaytest-zpb5s 1/1 Running 0 9h
ingress-nginx ingress-nginx-admission-create-52szx 0/1 Completed 0 10h
ingress-nginx ingress-nginx-admission-patch-nzgxf 0/1 Completed 0 10h
ingress-nginx nginx-ingress-controller-dcgs8 1/1 Running 0 10h
kube-system calico-kube-controllers-6c977d77bc-jqzll 1/1 Running 0 10h
kube-system canal-dpht7 2/2 Running 0 10h
kube-system canal-vwjdr 2/2 Running 0 10h
kube-system coredns-685d6d555d-mt4dx 1/1 Running 0 10h
kube-system coredns-autoscaler-96789f8f7-k4mwn 1/1 Running 0 10h
kube-system metrics-server-7bf4b68b78-mvksk 1/1 Running 0 18m
kube-system rke-coredns-addon-deploy-job-njknl 0/1 Completed 0 10h
kube-system rke-ingress-controller-deploy-job-n9dc4 0/1 Completed 0 10h
kube-system rke-metrics-addon-deploy-job-85c9h 0/1 Completed 0 10h
kube-system rke-network-plugin-deploy-job-dq8wr 0/1 Completed 0 10h
After checking logs of that pod I see I am not able to ping to the <domain>/ping
[rke-admin@Poclphusanode2 ~]$ k logs -f cattle-cluster-agent-7d578894ff-jglt5 -n cattle-system
E0216 00:00:30.448171 628653 memcache.go:287] couldn't get resource list for <http://metrics.k8s.io/v1beta1|metrics.k8s.io/v1beta1>: the server is currently unable to handle the request
E0216 00:00:30.454407 628653 memcache.go:121] couldn't get resource list for <http://metrics.k8s.io/v1beta1|metrics.k8s.io/v1beta1>: the server is currently unable to handle the request
E0216 00:00:30.456927 628653 memcache.go:121] couldn't get resource list for <http://metrics.k8s.io/v1beta1|metrics.k8s.io/v1beta1>: the server is currently unable to handle the request
INFO: Environment: CATTLE_ADDRESS=10.42.1.10 CATTLE_CA_CHECKSUM=031ed6cd3d6a138c55f92337807cc8d6ecea38072d292ea0c375fba6548e3f6a CATTLE_CLUSTER=true CATTLE_CLUSTER_AGENT_PORT=<tcp://10.43.152.164:80> CATTLE_CLUSTER_AGENT_PORT_443_TCP=<tcp://10.43.152.164:443> CATTLE_CLUSTER_AGENT_PORT_443_TCP_ADDR=10.43.152.164 CATTLE_CLUSTER_AGENT_PORT_443_TCP_PORT=443 CATTLE_CLUSTER_AGENT_PORT_443_TCP_PROTO=tcp CATTLE_CLUSTER_AGENT_PORT_80_TCP=<tcp://10.43.152.164:80> CATTLE_CLUSTER_AGENT_PORT_80_TCP_ADDR=10.43.152.164 CATTLE_CLUSTER_AGENT_PORT_80_TCP_PORT=80 CATTLE_CLUSTER_AGENT_PORT_80_TCP_PROTO=tcp CATTLE_CLUSTER_AGENT_SERVICE_HOST=10.43.152.164 CATTLE_CLUSTER_AGENT_SERVICE_PORT=80 CATTLE_CLUSTER_AGENT_SERVICE_PORT_HTTP=80 CATTLE_CLUSTER_AGENT_SERVICE_PORT_HTTPS_INTERNAL=443 CATTLE_CLUSTER_REGISTRY= CATTLE_FEATURES=embedded-cluster-api=false,fleet=false,monitoringv1=false,multi-cluster-management=false,multi-cluster-management-agent=true,provisioningv2=false,rke2=false CATTLE_INGRESS_IP_DOMAIN=<http://sslip.io|sslip.io> CATTLE_INSTALL_UUID=8111358d-a519-4791-b1bd-c5835e8c3dfa CATTLE_INTERNAL_ADDRESS= CATTLE_IS_RKE=true CATTLE_K8S_MANAGED=true CATTLE_NODE_NAME=cattle-cluster-agent-7d578894ff-jglt5 CATTLE_SERVER=<https://hurancher.zeomega.org> CATTLE_SERVER_VERSION=v2.6.3
INFO: Using resolv.conf: nameserver 10.43.0.10 search cattle-system.svc.cluster.local svc.cluster.local cluster.local zeomega.loc options ndots:5
ERROR: <https://hurancher.zeomega.org/ping> is not accessible (Could not resolve host: <http://hurancher.zeomega.org|hurancher.zeomega.org>)
But if I do the curl from the host machine I see that I am able to successfully get the response.
[rke-admin@Poclphusanode2 ~]$ curl -i <https://hurancher.zeomega.org/ping>
HTTP/1.1 200 OK
Date: Fri, 16 Feb 2024 06:04:56 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 4
Connection: keep-alive
X-Api-Cattle-Auth: false
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=15768000; includeSubDomains
Any help here.melodic-painting-56321
02/16/2024, 8:03 AMcrooked-noon-63361
02/22/2024, 4:36 PMworried-pharmacist-7292
02/28/2024, 3:22 PM1.27.x
:
I would like to enable the following features in the kubelet.
• --kube-reserved
• --system-reserved
• --eviction-hard
I'm trying to reserve and allocate a predefined set of resources for the Kubernetes components and system components so that my nodes will never go unresponsive due to high load/resource utilisation.
I understood that I have to add these arguments in the cluster.yml
file under kubelet
-> extra_args
section. I have the following questions:
1. Since all the Kubernetes components are running as static pods on each node, will these extra_args
for kube-reserved
will work?
2. There is two more options --system-reserved-cgroup
and --kube-reserved-cgroup
mentioned in the documentation. For --system-reserved-cgroup
the default value is system.slice
what would be the right value for --kube-reserved-cgroup
since the components are running as static pods and not as systemd service, can we ignore this option?
I'd appreciate, any help/suggestions.. Thank you.tall-raincoat-70627
02/28/2024, 9:24 PMacceptable-park-17780
03/03/2024, 9:52 PMorange-france-12544
03/08/2024, 10:00 AMminiature-notebook-6405
03/12/2024, 1:59 PMmillions-church-70938
03/13/2024, 10:20 PMrich-plumber-96719
03/13/2024, 10:55 PMminiature-notebook-6405
03/18/2024, 9:55 PMminiature-notebook-6405
03/18/2024, 11:20 PMcreamy-pencil-82913
03/19/2024, 12:37 AM