This message was deleted Rancher Users #k3s

Join Slack

This message was deleted.

# k3s

adamant-kite-43734

10/03/2022, 5:59 PM

This message was deleted.

✅ 1

creamy-pencil-82913

10/03/2022, 6:20 PM

are you sure you have the correct content in all those files? why are you passing CA and client certificates if you’ve turned off TLS verification?

creamy-pencil-82913

10/03/2022, 6:20 PM

It sounds like k3s is failing to start on that node, I’d check the logs to figure out why

prehistoric-judge-25958

10/03/2022, 6:23 PM

I thought

insecure_skip_verify: "true"

was needed to avoid checking the certificates with a known authority and so should be true when using self-signed certificates and own CA. Stupid question but where to find logs files of a node?

creamy-pencil-82913

10/03/2022, 6:24 PM

there are two ways to handle certs not issued by a public CA. You can either turn off TLS verification (less secure), or pass in the CA Certificate that signed the certificate so that it becomes trusted (more secure). You’re doing both.

creamy-pencil-82913

10/03/2022, 6:25 PM

where are the logs? In journald, ususally.

prehistoric-judge-25958

10/03/2022, 6:37 PM

~~Hm removed the cert part out of the yaml~~

Copy code

mirrors:
  harbor.k8s.lan:
    endpoint:
      - "<https://harbor.k8s.lan:443>"
configs:
  "harbor.k8s.lan":
    tls:
      insecure_skip_verify: "true"

~~but still~~

prehistoric-judge-25958

10/03/2022, 7:04 PM

Yeah! got i working. Two things was going on. I had

insecure_skip_verify: "true"

set as a string value instead of a boolean. ->

insecure_skip_verify: true

and like you said @creamy-pencil-82913 I removed the cert part likt this below and now it is working. thanks for the help!

Copy code

mirrors:
  harbor.k8s.lan:
    endpoint:
      - "<https://harbor.k8s.lan:443>"
configs:
  "harbor.k8s.lan:443":
    tls:
      insecure_skip_verify: true

10 Views

Open in Slack

Previous Next