This message was deleted.
# generala
adamant-kite-43734
09/21/2022, 9:12 AMThis message was deleted.
l
late-vr-98727
09/21/2022, 9:12 AMUnable to connect to the server: x509: certificate is valid for 127.0.0.1, ::1, 10.128.0.17, 10.43.0.1, not 98.190..
late-vr-98727
09/21/2022, 9:13 AMcan anyone please help?
late-vr-98727
09/21/2022, 9:14 AMb
bright-whale-83501
09/21/2022, 9:22 AMHi. struggling with the exact same problem myself. I added a question in #rke2 thats related, and no answer.
bright-whale-83501
09/21/2022, 9:25 AMI asume you have the fqdn context in your kubeconfig file, but no token
l
late-vr-98727
09/21/2022, 9:27 AMI did not provide fqdn value , it is taking the downstream cluster server ip address!
b
bright-whale-83501
09/21/2022, 9:27 AMthat should probably work aswell.
bright-whale-83501
09/21/2022, 9:27 AMbut do you have a token or certificate for that context to authenticate with?
l
late-vr-98727
09/21/2022, 9:30 AMyeah i have a
certificate-authority-datab
bright-whale-83501
09/21/2022, 9:30 AMmay I ask, did you add a CA in the form field in rancher?
l
late-vr-98727
09/21/2022, 9:31 AMnope just enabled it to true and did not add CA
b
bright-whale-83501
09/21/2022, 9:31 AMI think your problem is that you need to set SAN to a k8s master IP
l
late-vr-98727
09/21/2022, 9:32 AMok.. how to do it , any idea?
b
bright-whale-83501
09/21/2022, 9:32 AMdo you have rancher gui? (which version)
l
late-vr-98727
09/21/2022, 9:32 AMyes.. 2.6.7
b
bright-whale-83501
09/21/2022, 9:33 AMlook in cluster management, enter the cluster, edit config. Look at "Networking"
bright-whale-83501
09/21/2022, 9:33 AMThere at the bottom you have ACE, and above TLS alterrnative names
bright-whale-83501
09/21/2022, 9:35 AMI have rancher 2.6.8 so it might be different, have not used 2.6.7 since i skipped that release
l
late-vr-98727
09/21/2022, 9:36 AMI do not see networking here, does that mean this user does not has permissions to edit?
b
bright-whale-83501
09/21/2022, 9:36 AMthat could be, yes
l
late-vr-98727
09/21/2022, 9:50 AMhey @bright-whale-83501, do I need to edit the cluster config where rancher server is installed or downstream cluster?
b
bright-whale-83501
09/21/2022, 9:54 AMDownstream cluster
bright-whale-83501
09/21/2022, 9:57 AMSince ACE is about authentication, what authenticate. If you dont use ace you always use the rancher cluster
bright-whale-83501
09/21/2022, 9:57 AMYoue tring to become alice in 4 here https://docs.ranchermanager.rancher.io/reference-guides/rancher-manager-architecture/communicating-with-downstream-user-clusters
l
late-vr-98727
09/21/2022, 11:55 AMyeah gotcha. But I am not getting the "Networking" options in cluster config yaml
b
bright-whale-83501
09/21/2022, 12:38 PMYour rancher cluster, are you admin?
bright-whale-83501
09/21/2022, 12:39 PMIf you look in the yaml, you should see machineGlobalConfig. cluster-domain and tls-san in there?
l
late-vr-98727
09/21/2022, 12:55 PMI am not admin. Does it require to be admin?
a
able-engineer-22050
10/05/2022, 4:46 PMHi,
I have a related question to this. I have a couple of downstream rke2 clusters not created with authorized cluster endpoint enabled.
Can I somehow enable this after creation?
7 Views