Channels
academy
amazon
arm
azure
cabpr
chinese
ci-cd
danish
deutsch
developer
elemental
epinio
espanol
events
extensions
fleet
français
gcp
general
harvester
harvester-dev
hobbyfarm
hypper
japanese
k3d
k3os
k3s
k3s-contributor
kim
kubernetes
kubewarden
lima
logging
longhorn-dev
longhorn-storage
masterclass
mesos
mexico
nederlands
neuvector-security
office-hours
one-point-x
onlinemeetup
onlinetraining
opni
os
ozt
phillydotnet
portugues
rancher-desktop
rancher-extensions
rancher-setup
rancher-wrangler
random
rfed_ara
rio
rke
rke2
russian
s3gw
service-mesh
storage
submariner
supermicro-sixsq
swarm
terraform-controller
terraform-provider-rancher2
terraform-provider-rke
theranchcast
training-0110
training-0124
training-0131
training-0207
training-0214
training-1220
ukranian
v16-v21-migration
vsphere
windows
Title
e
enough-toddler-31145
09/26/2022, 1:16 PMHey everyone!
So I have a unique scenario and use case for rke2. I am using it for government compliance and to give people the warm and fuzzies on moving over to k8s. I started to deploy my VMs using terraform with RHEL8_STIG base image. From their I having ansible deploy rke2 and bootstrap rke2. The issue I have been running into so far is certificates. So far the first server will be bootstrapped and running however the other server nodes cannot connect due to
remote error: tls: bad certificate "remote error: tls: bad certificate"E0926 13:03:06.509286 1306356 leaderelection.go:325] error retrieving resource lock kube-system/rke2: Get <https://127.0.0.1:6443/api/v1/namespaces/kube-system/configmaps/rke2>: dial tcp 127.0.0.1:6443: connect: connection refusedcurl: (60) SSL certificate problem: self signed certificate in certificate chain
More details here: <https://curl.haxx.se/docs/sslcerts.html>
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.{
"kind": "Status",
"apiVersion": "v1",
"metadata": {},
"status": "Failure",
"message": "Unauthorized",
"reason": "Unauthorized",
"code": 401
}g
gray-lawyer-73831
09/26/2022, 7:30 PMWhich version of rke2 are you using? We test pretty much every release using hardened rhel8 boxes and don’t see that error 🤔
I wonder if this could be similar to either of the following issues?
• https://github.com/rancher/rke2/issues/2753
• https://github.com/rancher/rke2/issues/2861
e
enough-toddler-31145
09/27/2022, 6:44 PM@gray-lawyer-73831 After some digging around my team thought we had the latest release because we copied straight from the docs here. However the repo says 1.18.
cat << EOF > /etc/yum.repos.d/rancher-rke2-1-18-latest.repo
[rancher-rke2-common-latest]
name=Rancher RKE2 Common Latest
baseurl=<https://rpm.rancher.io/rke2/latest/common/centos/8/noarch>
enabled=1
gpgcheck=1
gpgkey=<https://rpm.rancher.io/public.key>
[rancher-rke2-1-18-latest]
name=Rancher RKE2 1.18 Latest
baseurl=<https://rpm.rancher.io/rke2/latest/1.18/centos/8/x86_64>
enabled=1
gpgcheck=1
gpgkey=<https://rpm.rancher.io/public.key>
EOFg
gray-lawyer-73831
09/27/2022, 6:48 PMAh thank you for the update! I just created https://github.com/rancher/rke2/issues/3386 to address that
✅ 1