Hello.
I am trying to join a worker node to a rancher deployed rke2 cluster.
but this node gives me this error
level=error msg="failed to get CA certs: Get \"https://127.0.0.1:6444/cacerts\": EOF
"
if i try to restart rke2-server after a reboot, i get this error
"Cluster CA certificate is not trusted by the host CA bundle, but the token does not include a CA hash. Use the full token from the server's node-token file to enable Cluster CA validation."
google have lead me to think the worker can not talk to the controllplane, but using curl to test /cacerts reachabillity, works with ipv4 address, ipv6 address, hostname, and loadbalancer ip and host.
anyone have an idea of where to troubleshoot next ?
c
creamy-pencil-82913
05/24/2023, 7:36 AM
Try adding
debug: true
to the agent config, see what else shows up in the logs
h
hallowed-window-565
05/24/2023, 8:01 AM
ooh awesome, tryting that now
i do not see anything stange in the agent, it seems to download and install as normal. https://paste.debian.net/hidden/d5d6543d/
i get the same error on rke2 as before
"failed to get CA certs: Get \"https://127.0.0.1:6444/cacerts\": EOF"
"Cluster CA certificate is not trusted by the host CA bundle, but the token does not include a CA hash. Use the full token from the server's node-token file to enable Cluster CA validation."
when i try to add the worker. the server: address in /etc/rancher/rke2/config.yaml.d/50-rancher.yaml seems odd to me. sometimes it is an ipv6 address, and it is not the load balancer address that i have made for 6443 and 9345.
and it seems to become reset all the time.
do any of you know where the worker node gets this address comes from ?
I tried making a cluster with a new name in rancher, and this time the nodes do not get the old ip stuck in /etc/rancher/rke2/config.yaml.d/50-rancher.yaml
I am on rancher 2.6.6, is there a known way to clear old data from a custom cluster that is deleted from rancher, so the cluster name can be reused ? or is that just not possible ?