Channels
academy
amazon
arm
azure
cabpr
chinese
ci-cd
danish
deutsch
developer
elemental
epinio
espanol
events
extensions
fleet
français
gcp
general
harvester
harvester-dev
hobbyfarm
hypper
japanese
k3d
k3os
k3s
k3s-contributor
kim
kubernetes
kubewarden
lima
logging
longhorn-dev
longhorn-storage
masterclass
mesos
mexico
nederlands
neuvector-security
office-hours
one-point-x
onlinemeetup
onlinetraining
opni
os
ozt
phillydotnet
portugues
rancher-desktop
rancher-extensions
rancher-setup
rancher-wrangler
random
rfed_ara
rio
rke
rke2
russian
s3gw
service-mesh
storage
submariner
supermicro-sixsq
swarm
terraform-controller
terraform-provider-rancher2
terraform-provider-rke
theranchcast
training-0110
training-0124
training-0131
training-0207
training-0214
training-1220
ukranian
v16-v21-migration
vsphere
windows
Title
h
hallowed-window-565
05/24/2023, 7:16 AMHello.
I am trying to join a worker node to a rancher deployed rke2 cluster.
but this node gives me this error
level=error msg="failed to get CA certs: Get \"https://127.0.0.1:6444/cacerts\": EOF
"
if i try to restart rke2-server after a reboot, i get this error
"Cluster CA certificate is not trusted by the host CA bundle, but the token does not include a CA hash. Use the full token from the server's node-token file to enable Cluster CA validation."
google have lead me to think the worker can not talk to the controllplane, but using curl to test /cacerts reachabillity, works with ipv4 address, ipv6 address, hostname, and loadbalancer ip and host.
anyone have an idea of where to troubleshoot next ?
c
creamy-pencil-82913
05/24/2023, 7:36 AMTry adding
debug: trueh
hallowed-window-565
05/24/2023, 8:01 AMooh awesome, tryting that now
i do not see anything stange in the agent, it seems to download and install as normal. https://paste.debian.net/hidden/d5d6543d/
i get the same error on rke2 as before
"failed to get CA certs: Get \"https://127.0.0.1:6444/cacerts\": EOF"
"Cluster CA certificate is not trusted by the host CA bundle, but the token does not include a CA hash. Use the full token from the server's node-token file to enable Cluster CA validation."
when i try to add the worker. the server: address in /etc/rancher/rke2/config.yaml.d/50-rancher.yaml seems odd to me. sometimes it is an ipv6 address, and it is not the load balancer address that i have made for 6443 and 9345.
and it seems to become reset all the time.
do any of you know where the worker node gets this address comes from ?
I tried making a cluster with a new name in rancher, and this time the nodes do not get the old ip stuck in /etc/rancher/rke2/config.yaml.d/50-rancher.yaml
I am on rancher 2.6.6, is there a known way to clear old data from a custom cluster that is deleted from rancher, so the cluster name can be reused ? or is that just not possible ?