This message was deleted.
# rke2a
adamant-kite-43734
09/08/2023, 4:06 PMThis message was deleted.
c
creamy-pencil-82913
09/08/2023, 4:15 PMis this a rancher-provisioned cluster, or imported?
r
rich-garage-1614
09/08/2023, 4:19 PMIt's a rancher-provisioned rke2 cluster
c
creamy-pencil-82913
09/08/2023, 4:22 PMI believe it should add the appropriate config to the downstream cluster when you do that, but honestly I’m not sure since this is more of a Rancher question than RKE2.
creamy-pencil-82913
09/08/2023, 4:22 PMwhat version of rancher are you on?
r
rich-garage-1614
09/08/2023, 4:24 PMv1.26.7
c
creamy-pencil-82913
09/08/2023, 4:32 PMrancher, not rke2
r
rich-garage-1614
09/08/2023, 4:36 PMOh my bad, rancher version is v2.7.6
rich-garage-1614
09/08/2023, 6:04 PMI looked at the kube-apiserver logs and this is the actual error that shows there "webhook.go:154] Failed to make webhook authenticator request: the server has asked for the client to provide credentials", "authentication.go:70] "Unable to authenticate the request" err="[invalid bearer token, the server has asked for the client to provide credentials]"
rich-garage-1614
09/08/2023, 6:06 PMI notice that there's one token being used for both context and the token has a scope not sure if that could be the issue
c
creamy-pencil-82913
09/08/2023, 6:08 PMthere’s supposed to be a webhook and auth token webhook configuration injected into the downstream cluster, but I’m not sure if that works properly if you enable it after the fact.
creamy-pencil-82913
09/08/2023, 6:08 PMr
rich-garage-1614
09/08/2023, 6:28 PMI looked at the logs of kube-api-auth-ls79h and it's showing this error: level=error msg="clusterauthtokens.cluster.cattle.io \"cattle-system/kubeconfig-u-xxxx" not found. When I check though I can see the token is present, and when I use the regular context I don't get that error it's only when I use the fqdn context the error occurs.
18 Views