This message was deleted.
# general
a
This message was deleted.
l
Unable to connect to the server: x509: certificate is valid for 127.0.0.1, ::1, 10.128.0.17, 10.43.0.1, not 98.190..
can anyone please help?
b
Hi. struggling with the exact same problem myself. I added a question in #rke2 thats related, and no answer.
I asume you have the fqdn context in your kubeconfig file, but no token
l
I did not provide fqdn value , it is taking the downstream cluster server ip address!
b
that should probably work aswell.
but do you have a token or certificate for that context to authenticate with?
l
yeah i have a
certificate-authority-data
,but it still throws the error
b
may I ask, did you add a CA in the form field in rancher?
l
nope just enabled it to true and did not add CA
b
I think your problem is that you need to set SAN to a k8s master IP
l
ok.. how to do it , any idea?
b
do you have rancher gui? (which version)
l
yes.. 2.6.7
b
look in cluster management, enter the cluster, edit config. Look at "Networking"
There at the bottom you have ACE, and above TLS alterrnative names
I have rancher 2.6.8 so it might be different, have not used 2.6.7 since i skipped that release
l
I do not see networking here, does that mean this user does not has permissions to edit?
b
that could be, yes
l
hey @bright-whale-83501, do I need to edit the cluster config where rancher server is installed or downstream cluster?
b
Downstream cluster
Since ACE is about authentication, what authenticate. If you dont use ace you always use the rancher cluster
l
yeah gotcha. But I am not getting the "Networking" options in cluster config yaml
b
Your rancher cluster, are you admin?
If you look in the yaml, you should see machineGlobalConfig. cluster-domain and tls-san in there?
l
I am not admin. Does it require to be admin?
a
Hi, I have a related question to this. I have a couple of downstream rke2 clusters not created with authorized cluster endpoint enabled. Can I somehow enable this after creation?