Channels
academy
amazon
arm
azure
cabpr
chinese
ci-cd
danish
deutsch
developer
elemental
epinio
espanol
events
extensions
fleet
français
gcp
general
harvester
harvester-dev
hobbyfarm
hypper
japanese
k3d
k3os
k3s
k3s-contributor
kim
kubernetes
kubewarden
lima
logging
longhorn-dev
longhorn-storage
masterclass
mesos
mexico
nederlands
neuvector-security
office-hours
one-point-x
onlinemeetup
onlinetraining
opni
os
ozt
phillydotnet
portugues
rancher-desktop
rancher-extensions
rancher-setup
rancher-wrangler
random
rfed_ara
rio
rke
rke2
russian
s3gw
service-mesh
storage
submariner
supermicro-sixsq
swarm
terraform-controller
terraform-provider-rancher2
terraform-provider-rke
theranchcast
training-0110
training-0124
training-0131
training-0207
training-0214
training-1220
ukranian
v16-v21-migration
vsphere
windows
Title
e
enough-xylophone-4568
08/26/2022, 2:03 PMHey there! I hit an issue when I start new nodes and start a old rancher agent version on it. Ideally, it should automatically pull the new rancher image and start a replacement docker container by itself. In my case, it fails at pulling the agent image with
Error response from daemon: Head \"<https://foo.azurecr.io/v2/rancher/rancher-agent/manifests/v2.6.7>\": unauthorized: authentication required, visit <https://aka.ms/acr/authorization> for more information.share-mntimageRegistryAuthConfigshare-mntI confirm editing the share-mnt process in the nodePlan (from nodes.management.cattle.io) did the trick. I unlocked rancher-agent from pulling the agent image.
I guess https://github.com/rancher/rancher/blob/release/v2.6/pkg/rkenodeconfigserver/nodeserver.go#L288 comes with an empty string (""), is
clusterSo there's clearly a bug on the Rancher side.
What I did is:
Add the following annotation to rancher server ingress (since I was not able to find an existing unauthentified endpoint that serves the server version):
<http://nginx.ingress.kubernetes.io/configuration-snippet|nginx.ingress.kubernetes.io/configuration-snippet>: |
location /rancher-version {
return 200 '${rancher_current_version}';
}# Pull latest Rancher agent
rancher_current_version=$(curl -sfSL ${rancher_url}/rancher-version)
docker pull "${docker_registry_url}/rancher/rancher-agent:$rancher_current_version"So, when the Rancher agent connects and checks if the share-mnt image is present, docker says yes and the pull is skipped: https://github.com/rancher/rancher/blob/5b56b17e2515302ad07b9e14e73024455157c546/pkg/rkeworker/docker.go#L138