freezing-holiday-13112
09/01/2022, 4:39 PMmost-sunset-36476
09/06/2022, 8:17 AMclever-processor-78736
09/08/2022, 8:49 PMrancher2_cluster_v2
resource? We're trying to create a external loadbalancer and adding the control plane nodes into a LB backend-pool.worried-rain-56725
09/09/2022, 9:32 AMRancher version: 2.6.8
Installation method: Helm
Helm repo: <https://releases.rancher.com/server-charts/stable>
After installing rancher, I tried to bootstrap it, using rancher terraform provider and next tf configuration:
resource "rancher2_bootstrap" "admin" {
provider = rancher2.bootstrap
initial_password = "Password1"
password = local.rancher_bootstrap_password
telemetry = false
}
For some reason after few minutes, creating of this process fails with the following error log:
│ **Error:** **[ERROR] Updating token: Bad response statusCode [403]. Status [403 Forbidden]. Body: [baseType=error, code=Forbidden, message=<http://settings.management.cattle.io|settings.management.cattle.io> "k8s-version" is forbidden: User "user-bfkj6" cannot get resource "settings" in API group "<http://management.cattle.io|management.cattle.io>" at the cluster scope] from [<https://rancher-internal.foo.bar.com/v3/settings/k8s-version]**>
│
│ with rancher2_bootstrap.admin,
│ on <http://main.tf|main.tf> line 48, in resource "rancher2_bootstrap" "admin":
│ 48: resource "rancher2_bootstrap" "admin" {
That user has GlobalBindingRole to admin role, so it should has access to Setting CRD.
Also there are a lot of such error messages in rancher pod:
2022/09/09 09:07:41 [ERROR] Failed to connect to peer <wss://10.0.3.184/v3/connect> [local ID=10.0.1.59]: websocket: bad handshake
I’ve also tried to bootstrap rancher via UI, but after entering bootstrap password the only thing I see is the white screen.
Any ideas? (edited)eager-refrigerator-66976
09/12/2022, 8:22 AMadditional_manifest
apply terraform and it deletes my cluster…
I’ve created ticket with all the details: https://github.com/rancher/terraform-provider-rancher2/issues/993boundless-dog-9864
09/13/2022, 3:49 PMmost-sunset-36476
09/28/2022, 5:09 PMglamorous-painting-54907
09/29/2022, 11:19 AMglamorous-painting-54907
10/04/2022, 5:27 AMmammoth-postman-10874
10/17/2022, 9:41 AMmost-sunset-36476
10/22/2022, 10:01 AMmost-sunset-36476
10/24/2022, 10:12 AMworried-rain-56725
10/25/2022, 8:30 AMplain-refrigerator-80586
10/25/2022, 11:04 AMgifted-lizard-48491
10/25/2022, 7:26 PMfreezing-holiday-13112
11/04/2022, 8:21 PMcolossal-dentist-5939
11/09/2022, 6:14 PMfreezing-holiday-13112
11/10/2022, 9:32 PMmost-sunset-36476
11/14/2022, 4:53 PMmany-area-51777
11/15/2022, 3:24 PMfreezing-holiday-13112
11/21/2022, 6:30 PMjolly-area-75887
11/22/2022, 1:31 PMFATA[0001] Bad response statusCode [403]. Status [403 Forbidden]. Body: [baseType=error, code=Forbidden, message=<http://clusters.management.cattle.io|clusters.management.cattle.io> "test" is forbidden: User "u-v8qr9" cannot get resource "clusters" in API group "<http://management.cattle.io|management.cattle.io>" at the cluster scope: Azure does not have opinion for this non AAD user. If you are an AAD user, please set Extra:oid parameter for impersonated user in the kubeconfig] from [<https://rancher/v3/clusters/test>]
Can someone help with this?jolly-area-75887
11/22/2022, 1:32 PM│ Error: Bad response statusCode [401]. Status [401 Unauthorized]. Body: [baseType=error, code=Unauthorized, message=admission webhook "<http://rancher.cattle.io|rancher.cattle.io>" denied the request: Azure does not have opinion for this non AAD user. If you are an AAD user, please set Extra:oid parameter for impersonated user in the kubeconfig] from [<https://rancher/v3/clusters>]
plain-refrigerator-80586
12/01/2022, 8:41 AMglamorous-painting-54907
12/06/2022, 11:54 AMadorable-photographer-68517
12/07/2022, 7:03 PMgray-laptop-20554
12/12/2022, 12:04 PMagreeable-pager-80720
12/13/2022, 7:36 AMmammoth-postman-10874
12/13/2022, 8:55 AMgroup_principal_id = "azuread_group://${each.value}"
agreeable-pager-80720
12/13/2022, 8:56 AMeach.value
comes from ...?