able-engineer-2205010/07/2022, 2:44 PM
careful-piano-3501910/10/2022, 10:21 AM
most-hairdresser-4245410/10/2022, 10:23 AM
broad-farmer-7049810/10/2022, 9:56 PM
hallowed-energy-6862210/11/2022, 9:21 AM
able-engineer-2205010/11/2022, 2:19 PM
rough-ocean-4184310/11/2022, 2:29 PM
rough-ocean-4184310/11/2022, 7:56 PM
stale-painting-8020310/12/2022, 5:30 PM
ancient-air-3235010/13/2022, 5:41 PM
to strict on rancher launched rke2 clusters with cilium ? if yes, could you please tellme how ? thanks
hundreds-hairdresser-4604310/14/2022, 2:00 PM
rich-crowd-3698710/14/2022, 3:40 PM
Oct 14 15:09:01 k8worker05 rke2: time="2022-10-14T15:09:01Z" level=info msg="Connecting to proxy" url="<wss://10.149.5.62:9345/v1-rke2/connect>" Oct 14 15:09:01 k8worker05 rke2: time="2022-10-14T15:09:01Z" level=error msg="Failed to connect to proxy" error="x509: certificate is valid for 10.149.4.146, 10.149.4.32, 10.149.4.77, 10.43.0.1, 127.0.0.1, not 10.149.5.62" Oct 14 15:09:01 k8worker05 rke2: time="2022-10-14T15:09:01Z" level=error msg="Remotedialer proxy error" error="x509: certificate is valid for 10.149.4.146, 10.149.4.32, 10.149.4.77, 10.43.0.1, 127.0.0.1, not 10.149.5.62"
is the new IP and doesn't match what the cert is advertising. I'm stumped however about how the cert is being generated. The
file doesn't have any IP references... There are IPs in
though these appear to be the result of some process. Any idea how to regenerate these certs?
flat-notebook-9263910/14/2022, 6:55 PM
magnificent-vr-8857110/15/2022, 3:13 AM
This ended up in error
root@server:/home/ubuntu# crictl pull --creds "AWS:eyJwYXlsb2FkIjoieXRSVW5JMzkwRlVneitXNnpPNnJGOGRqYU9yZ0tRbEFIdkF0aGprMjlNTU1JWWdQd095QlJsQ01FUmRCWFVjZlZNNkEyRTdYS3ByeVRwRjhPNWlneStEdEtmcXdrR2tkMnlwM3RNUnFNNG8zOW1xdUsrSlVOemVWWDFUbGEwR1RqdjkyMmtXMWNsVUZuVnJxOEUzM3VubG9wdm5HbVp0a3o2YVdVSGNzM20reDEvbTl1K2dLZTk1ZnhaTnIrdU43SmRyNlBod0Z1TXBMUnNxUzZoZC9rYy9xMmwxbDJRNXk0Nm9scDNtNG9uc29pdjRid1JBMVpIaEdvMDhSS1lac" <http://1234.dkr.ecr.us-west-2.amazonaws.com/mlflow-run:latest|1234.dkr.ecr.us-west-2.amazonaws.com/mlflow-run:latest>
to overcome above error, I have added
WARN image connect using default endpoints: [unix:///var/run/dockershim.sock unix:///run/containerd/containerd.sock unix:///run/crio/crio.sock]. As the default settings are now deprecated, you should set the endpoint instead. ERRO connect endpoint 'unix:///var/run/dockershim.sock', make sure you are running as root and the endpoint has been started: context deadline exceeded ERRO connect endpoint 'unix:///run/containerd/containerd.sock', make sure you are running as root and the endpoint has been started: context deadline exceeded FATA connect: connect endpoint 'unix:///run/crio/crio.sock', make sure you are running as root and the endpoint has been started: context deadline exceeded
file with below content.
After creating above file, on pod creation images were pulled successfully from AWS ECR.
runtime-endpoint: unix:///run/k3s/containerd/containerd.sock image-endpoint: unix:///run/k3s/containerd/containerd.sock timeout: 10
loud-receptionist-9835510/17/2022, 7:42 AM
loud-receptionist-9835510/17/2022, 2:18 PM
alert-grass-6793110/17/2022, 3:51 PM
rich-crowd-3698710/17/2022, 4:42 PM
directory and relaunch
, it appears to create an entirely new cluster (as the process starts successfully, but
only returns itself.) On the second master node, after removing the dir and relaunching the service, it is just showing this loop in the logs:
kubectl get nodes
Oct 17 16:37:09 <http://k8mst02.espc-nostromo.nos-amc.io|k8mst02.espc-nostromo.nos-amc.io> rke2: time="2022-10-17T16:37:09Z" level=info msg="Failed to test data store connection: this server has not yet been promoted from learner to voting member" Oct 17 16:37:10 <http://k8mst02.espc-nostromo.nos-amc.io|k8mst02.espc-nostromo.nos-amc.io> rke2: time="2022-10-17T16:37:10Z" level=info msg="Waiting to retrieve kube-proxy configuration; server is not ready: <https://127.0.0.1:9345/v1-rke2/readyz>: 500 Internal Server Error"
sparse-fireman-1423910/18/2022, 11:40 AM
nice-answer-2194310/18/2022, 2:32 PM
nice-answer-2194310/18/2022, 2:49 PM
numerous-country-2040010/18/2022, 8:58 PM
- for example the new cert-manager 1.10 introduces https://artifacthub.io/packages/helm/cert-manager/cert-manager/1.10.0#default-security-contexts a new default security context - thus i cannot install it on my rke2 cluster. Same goes with bitnami-wordpress start 15.2.0 which also introduce RuntimeDefault as their default runtime. Is there anything missing in my rke2 configuration or do i miss the point entirely?
forbidden seccomp may not be set
millions-australia-7501510/19/2022, 11:29 AM
gentle-petabyte-4005510/19/2022, 4:24 PM
gentle-petabyte-4005510/19/2022, 4:41 PM
cool-pillow-178110/19/2022, 7:48 PM
cool-pillow-178110/19/2022, 7:50 PM
gentle-petabyte-4005510/20/2022, 12:19 AM
sparse-fireman-1423910/20/2022, 8:26 AM
sparse-fireman-1423910/20/2022, 8:09 PM