https://rancher.com/ logo
Title
s

stale-painting-80203

07/26/2022, 5:56 AM
I am trying to setup a Rancher HA server with an ngix LB, but seems I may have not setup the LB correctly. When I try to join other nodes to the cluster I get the following error:
failed to get CA certs: Get \"<https://rancher.mydomain.com:9345/cacerts>\": dial tcp... connect: connection refused"
The following suggests setting up a listener https://rancher.com/docs/rancher/v2.6/en/installation/resources/k8s-tutorials/ha-rke2/ Note that in order for RKE2 to work correctly with the load balancer, you need to set up two listeners: one for the supervisor on port 9345, and one for the Kubernetes API on port 6443. How should these be setup? Is it an nginx configuration?
a

ambitious-motherboard-40337

07/26/2022, 6:08 AM
You installed it inside a kubernetes cluster?
s

stale-painting-80203

07/26/2022, 6:19 AM
The LB is external and installed in a VM
a

ambitious-motherboard-40337

07/26/2022, 6:20 AM
What dose it mean external
s

stale-painting-80203

07/26/2022, 6:22 AM
As in not in any cluster
a

ambitious-motherboard-40337

07/26/2022, 6:25 AM
And the rancher is inside a k8s cluster?
s

stale-painting-80203

07/26/2022, 6:27 AM
I am following the rancher docs, which suggests creating 4 VMs. Install rke2 on 3 of them for the rancher server. Install nginx on the 4th.
a

ambitious-motherboard-40337

07/26/2022, 6:27 AM
Anyway the listeners are configured as a configuration of nginx https://www.nginx.com/products/nginx/load-balancing/
m

magnificent-vr-88571

07/27/2022, 10:44 PM
domain needs an entry in /etc/rancher/rke2/config.yaml under tls-san right?
s

stale-painting-80203

07/27/2022, 10:51 PM
I had the domain in the tls-san. The issue was with the nginx config. For nodes to communicate with each other on port 9345, the LB config needs a listener and forward the request
Thanks