This message was deleted.
# general
This message was deleted.
I was able to successfully shell into the cattle-agent pod and
curl -ki <https://REDACTED/ping>
to the rancher instance.
I noted that I had to add the -k to accept the certificate (even though it is a valid certificate) and I think it's because the container image may not have CA certs installed. I have the same problem using curl against, so I think this is a red herring, but I figured I'd mention it anyway. We have no TLS decryption proxying thing going on. This is direct internet access
Since this was moved from one Rancher cluster to another, could it be possible that the k3s cluster somehow did not get an updated cert from the certmanager of the new Rancher cluster? Some legacy configs may still be there preventing the k3s cluster from joining appropriately. I will look deeper into it if I have time, but this might be a good jumping off point for you to look into.
So looking further into this, unfortunately, this is not supported (yet). I use yet loosely here because there has been an open feature request on this for quite some time. It is also hinted at in the Rancher documentation this would be a no go:
I actually somehow made it work, but I'm not sure
lol, good for you!
I am sure there are a bunch of people that would like to know how you made it work given it's still an open issue on Rancher github
Glad to have been no help at all 😀
😆 1
I tried a few things in various combinations and I'm not sure which combination worked: • Delete the cluster in the new rancher • Add the cluster in the new rancher • Manually deleted the cattle-system namespace • Ran the cluster cleanup, which didn't seem to work in any case; Several times I ran it with an invalid version (IE:
instead of
), but at any rate it just spit out a lot of errors. I'd clean up with
curl $yaml_url | kubectl delete -f -