https://rancher.com/ logo
Join the conversationJoin Slack
Channels
academy
amazon
arm
azure
cabpr
chinese
ci-cd
danish
deutsch
developer
elemental
epinio
espanol
events
extensions
fleet
français
gcp
general
harvester
harvester-dev
hobbyfarm
hypper
japanese
k3d
k3os
k3s
k3s-contributor
kim
kubernetes
kubewarden
lima
logging
longhorn-dev
longhorn-storage
masterclass
mesos
mexico
nederlands
neuvector-security
office-hours
one-point-x
onlinemeetup
onlinetraining
opni
os
ozt
phillydotnet
portugues
rancher-desktop
rancher-extensions
rancher-setup
rancher-wrangler
random
rfed_ara
rio
rke
rke2
russian
s3gw
service-mesh
storage
submariner
supermicro-sixsq
swarm
terraform-controller
terraform-provider-rancher2
terraform-provider-rke
theranchcast
training-0110
training-0124
training-0131
training-0207
training-0214
training-1220
ukranian
v16-v21-migration
vsphere
windows
Powered by Linen
rke2
  • l

    late-vr-98727

    09/21/2022, 9:25 AM
    message has been deleted
  • s

    shy-megabyte-75492

    09/22/2022, 7:09 PM
    Trying to do a graceful shutdown of my bare metal nodes. When running the rke2 killall script on each node, then I shutoff. When I turn them back on, the cluster is back up but the rook ceph pods are very unhappy. I found a GitHub issue but it hasn’t been updated in a while. Any help?
    c
    i
    • 3
    • 2
  • s

    swift-zebra-42479

    09/23/2022, 5:58 AM
    Good after is any tools to rotate the Containerd logs on RKE2 or RKE2 are provided inbuild tool to rotate the contianerd logs ?,Please suggest me if any
  • a

    abundant-yak-72647

    09/25/2022, 4:30 AM
    How to create terraform module for onprem baremetal servers to have rke @here #rke2
  • t

    tall-doctor-28108

    09/26/2022, 1:04 PM
    I saw that there are different versions and branches for the RKE2 install.sh script: https://github.com/rancher/rke2/blob/release-1.21/install.sh Do I have to use the script from the branch of my current k8s version, or can I just use the latest script from the master branch for all versions?
    g
    • 2
    • 2
  • e

    enough-toddler-31145

    09/26/2022, 1:16 PM
    Hey everyone! So I have a unique scenario and use case for rke2. I am using it for government compliance and to give people the warm and fuzzies on moving over to k8s. I started to deploy my VMs using terraform with RHEL8_STIG base image. From their I having ansible deploy rke2 and bootstrap rke2. The issue I have been running into so far is certificates. So far the first server will be bootstrapped and running however the other server nodes cannot connect due to
    remote error: tls: bad certificate "remote error: tls: bad certificate"
    and I messed with my config a little bit and restarted the bootstrapped server to now get the following error:
    E0926 13:03:06.509286 1306356 leaderelection.go:325] error retrieving resource lock kube-system/rke2: Get <https://127.0.0.1:6443/api/v1/namespaces/kube-system/configmaps/rke2>: dial tcp 127.0.0.1:6443: connect: connection refused
    running a curl against this gives the following output:
    curl: (60) SSL certificate problem: self signed certificate in certificate chain
    More details here: <https://curl.haxx.se/docs/sslcerts.html>
    
    curl failed to verify the legitimacy of the server and therefore could not
    establish a secure connection to it. To learn more about this situation and
    how to fix it, please visit the web page mentioned above.
    Then running a curl and ignore certificates provides this output:
    {
      "kind": "Status",
      "apiVersion": "v1",
      "metadata": {},
      "status": "Failure",
      "message": "Unauthorized",
      "reason": "Unauthorized",
      "code": 401
    }
    Has anyone ran into any trouble with rke2-server certificates and specifically on hardened RHEL8 boxes?? Thanks!
    g
    • 2
    • 3
  • b

    bulky-glass-61156

    09/26/2022, 6:52 PM
    Hi, Not sure this is the right channel but I am looking to talk to someone from RKE2 sales team as our team would like to explore options for support. Any contact would be great!! Thanks!
    c
    • 2
    • 2
  • s

    shy-zebra-53074

    09/27/2022, 3:40 PM
    hey all! quick q, wondering why I’m not able to install
    1.22.15
    even though I’m being very explicit in all of my config options
  • s

    shy-zebra-53074

    09/27/2022, 3:40 PM
    curl -sfL <https://get.rke2.io> | INSTALL_RKE2_TYPE="server" INSTALL_RKE2_VERSION="v1.22.15+rke2r1" INSTALL_RKE2_CHANNEL="v1.22" INSTALL_RKE2_CHANNEL_URL="<https://update.rke2.io/v1-release/channels>" sudo -E sh -
    [INFO]  using stable RPM repositories
    [INFO]  using 1.22 series from channel stable
    Rancher RKE2 Common (v1.22)                                                                                                                                                                                                                                  9.7 kB/s | 2.9 kB     00:00    
    Rancher RKE2 1.22 (v1.22)                                                                                                                                                                                                                                     13 kB/s | 2.9 kB     00:00    
    No match for argument: rke2-server-1.22.15~rke2r1
    Error: Unable to find a match: rke2-server-1.22.15~rke2r1
    g
    • 2
    • 2
  • s

    shy-zebra-53074

    09/27/2022, 3:41 PM
    ah, I see I can only specify
    latest
    stable
    and
    testing
  • s

    shy-zebra-53074

    09/27/2022, 3:43 PM
    ok so through trial / error
    1.22.13
    worked but not
    1.22.14
    /
    1.22.15
  • s

    shy-zebra-53074

    09/27/2022, 3:43 PM
    What’s the best way to identify the latest stable patch version of a minor version?
  • b

    bright-whale-83501

    09/28/2022, 6:23 PM
    are there any solution to the system upgrade controller continuously trying to upgrade exe-files like kubelet.exe on and on?
    c
    • 2
    • 15
  • b

    broad-petabyte-50341

    09/28/2022, 8:52 PM
    Hey all, quick question, after upgrading from rke2
    1.22.6
    ->
    1.22.13
    with my CNI set to
    cilium
    I'm getting failures with some of my pods making connections to postgres. The pods in question are in the same namespace, I'm able to connect to the database manually, the pods have the correct creds but they can't connect and I'm not getting a helpful error message. Reverting to 1.22.6 fixes the issue.
    g
    c
    p
    • 4
    • 4
  • h

    high-winter-92040

    09/29/2022, 11:07 AM
    QQ: any word on whether RKE2 is getting support from SuSE going forwards? or is RKE the preferred base?
    b
    • 2
    • 2
  • s

    shy-zebra-53074

    09/29/2022, 3:31 PM
    I’ve been dealing with this issue for months now, does anyone else have issues with
    fapolicyd
    continuing to block
    runc
    even though it’s been allowed as a rule AND added to the trust database??
  • s

    shy-zebra-53074

    09/29/2022, 3:33 PM
    For example:
    [root@ip-192-168-96-10 ~]# cat /etc/fapolicyd/rules.d/01-app.rules 
    # uids
    %uuids=0,1000
    
    # Run RKE2
    allow perm=any all : dir=/opt/cni/
    allow perm=any all : dir=/run/k3s/
    allow perm=any all : dir=/var/lib/kubelet/
    allow perm=any all : dir=/var/lib/rancher/
    allow perm=any all : dir=/var/lib/rancher/rke2/data/v1.22.6-rke2r1-e6c1502b55cd/bin/
    allow perm=any all : dir=/var/lib/rancher/rke2/data/v1.22.6-rke2r1-e6c1502b55cd/bin/runc
  • s

    shy-zebra-53074

    09/29/2022, 3:34 PM
    [root@ip-192-168-96-10 ~]# cat /etc/fapolicyd/trust.d/app 
    # AUTOGENERATED FILE VERSION 2
    # This file contains a list of trusted files
    #
    #  FULL PATH        SIZE                             SHA256
    # /home/user/my-ls 157984 61a9960bf7d255a85811f4afcac51067b8f2e4c75e21cf4f2af95319d4ed1b87
    /usr/bin/unzip 206704 299d6bae8ec58c76e087f8516cb6be438db2481bbab9b2b61a6c6a5c206a27f3
    /var/lib/rancher/rke2/data/v1.22.6-rke2r1-e6c1502b55cd/bin/runc 11068888 b3276789a9b735b758e6292ce469192c9ef77514bf7fa3b3fef77d631a4e4ee3
  • s

    shy-zebra-53074

    09/29/2022, 3:34 PM
    [root@ip-192-168-96-10 ~]# sha256sum /var/lib/rancher/rke2/data/v1.22.6-rke2r1-e6c1502b55cd/bin/runc
    b3276789a9b735b758e6292ce469192c9ef77514bf7fa3b3fef77d631a4e4ee3  /var/lib/rancher/rke2/data/v1.22.6-rke2r1-e6c1502b55cd/bin/runc
  • s

    shy-zebra-53074

    09/29/2022, 3:35 PM
    [root@ip-192-168-96-10 ~]# ausearch -m fanotify --raw | aureport --file --summary
    File Summary Report
    ===========================
    total  file
    ===========================
    609  /var/lib/rancher/rke2/data/v1.22.6-rke2r1-e6c1502b55cd/bin/runc
  • s

    shy-zebra-53074

    09/29/2022, 4:21 PM
    Also this: https://github.com/rancher/rke2/issues/2848
  • k

    kind-air-74358

    09/30/2022, 1:10 PM
    Hi, What is your opinion on the best way to create an infrastructure consisting of a network, some VM’s and RKE2 installed on top? For the network and VM part I like using Terraform, but one downside is that Terraform is not that great to install and configure software on a VM. So how do you handle this? I see some different kind of solutions possible; 1. Create a golden image using, for example Packer, and use this image to deploy the OS and RKE2 on the VM. Even possible with something like cloud-init to provision specific configuration for RKE2. Downside is that I have to create a new image for each new RKE2 / OS version I want to use. Resulting in an update of my infrastructure (using Terraform). 2. After creating the VM, using Ansible (or some other procedural configuration management tool) to install and configure RKE2. Updates with Terraform are then probably a bit more tricky as Ansible doesn’t use desired state (so how to figure out which parts Terraform have to update) 3. Same as 2. but instead of using Ansible make use of a declarative tool like SaltStack. Downside on this is, that you have to provide an additional infrastructure for running SaltSack (or run this master-less), and still need to register the VM’s in Salt (or auto-approve / approve via grains?) What would you suggest? Or am I missing some other options?
    v
    s
    • 3
    • 5
  • s

    sparse-fireman-14239

    10/03/2022, 11:20 AM
    I’ve gone through the documentation for RKE2, Googled and still haven’t found a way to gracefully shutdown an RKE2 node. systemctl stop rke2-server (or agent) doesn’t seem to work, regardless of which version I’ve tried (1.22.x & 1.23.x)
    s
    • 2
    • 2
  • s

    shy-zebra-53074

    10/03/2022, 6:00 PM
    Hey all! Just in case anyone is trying to get RKE2 working with
    fapolicyd
    here’s a thread I had that resolved my issue: https://github.com/linux-application-whitelisting/fapolicyd/issues/205
  • a

    ancient-air-32350

    10/03/2022, 8:19 PM
    hi! i’m just playing with rke2 on vsphere in my lab and wondering if there is some equivalent of rke1 node templates in rke2 ? It’s really hard, when trying to new things to always fill in the complete machine-pool-config. I hoped that i could copy everything as yaml from try to try, but it seems that the machine pool config is not even show in yaml view ?
  • l

    little-actor-95014

    10/03/2022, 8:57 PM
    Anyone else seeing Calico's ServiceAccoun token expire and breaking spawning containers with
    "plugin type="calico" failed (add): error getting ClusterInformation: connection is unauthorized: Unauthorized"
    since upgrading to
    v1.24.6+rke2r1
    from a 1.23 release? I assume it's something to do with the change to service account configs in 1.24 with
    LegacyServiceAccountTokenNoAutoGeneration
    going to enabled by default?
    c
    b
    b
    • 4
    • 7
  • b

    boundless-dog-9864

    10/05/2022, 1:52 PM
    How does the default nginx ingress controller become available on ports 80 and 443 on worker nodes? I was under the impression it uses a node port service but I can’t find that so looks like I am wrong.
    a
    • 2
    • 1
  • a

    able-engineer-22050

    10/05/2022, 6:06 PM
    Hi, I have a couple of rke2 clusters deployed from Rancher not created with authorized cluster endpoint enabled. Can I somehow enable this after creation? I found a stackoverflow question regarding this (https://stackoverflow.com/questions/72778753/how-to-add-an-authorised-cluster-endpoint-to-a-rke2-cluster-created-by-rancher) Is that to be performed only on one of the masters (I mean the webhook definition) and it is automatically synced across all masters? Is it /var/lib/rancher/rke2 where the webhook yaml is to be created or rather the server/manifests under it?
    • 1
    • 1
  • g

    great-flag-38820

    10/06/2022, 4:59 AM
    Hi guys, do I need to create node templates for RKE2 clusters? The docs seem to say so, but I was under the impression they were only required for RKE1 - https://docs.ranchermanager.rancher.io/how-to-guides/new-user-guides/kubernetes-clusters-in-[…]ider/vsphere/provision-kubernetes-clusters-in-vsphere
  • f

    famous-energy-13283

    10/06/2022, 6:12 PM
    Anyone have seen that after upgrading RKE2 to 1.25.0? error getting ClusterInformation: connection is unauthorized On some occasions, I'm seeing that on describing a pod that does not goes beyond the ContainerCreating phase. The weird thing is that rebooting the node fixes the issue, until it happens again. Never saw that before the upgrade (I was on 1.24.something before)
    l
    • 2
    • 2
Powered by Linen
Title
f

famous-energy-13283

10/06/2022, 6:12 PM
Anyone have seen that after upgrading RKE2 to 1.25.0? error getting ClusterInformation: connection is unauthorized On some occasions, I'm seeing that on describing a pod that does not goes beyond the ContainerCreating phase. The weird thing is that rebooting the node fixes the issue, until it happens again. Never saw that before the upgrade (I was on 1.24.something before)
l

little-actor-95014

10/06/2022, 6:13 PM
Yeah, this sounds exactly like https://github.com/rancher/rke2/issues/3425
f

famous-energy-13283

10/06/2022, 6:18 PM
Exactly my case. At least, I know how to fix this without having to reboot my nodes over and over again until there's a permanent fix to this. Thanks for the link!
View count: 9