https://rancher.com/ logo
Join Slack
Powered by
Hello......Im looking at the Rancher POD logs. My ...
# general
a
Hello......Im looking at the Rancher POD logs. My env is running IPV6 and I see the following on all 3 Rancher PODS: [ERROR] Failed to connect to peer wss://*******1718a8d::3/v3/connect [local ID=******171d6af:2] dial tcp: address *******1718a8d:3 too many colons in address
c
what version of rancher are you running?
a
2.10.3 and 2.11
c
there was an issue with this long ago regarding ipv6 addresses not being properly encoded but to the best of my knowledge that was fixed, at least for any addresses generated internally by Rancher
Are you trying to use an ipv6 address literal for your Rancher server URL, instead of a hostname?
a
nope.....
it is a EKS cluster in AWS. Everything is dual stacked from the AWS load balancer all the way to the pods.
It is only the "rancher" pods that are throwing this error.
I have 3 of the "rancher" pods for HA.
c
it is possible that this doesn’t work right with ipv6-only or ipv6 as the primary AF for the pod network
a
Is there a way to see? It almost seems like a coding issue that just puts a ":" on the end of the IP. Testing the WSS://<IPV6>/ works fine. Not sure why the code is adding the ":" at the end.....
c
that is not how ipv6 literals work
in a URL it should be wrapped in [] like 
wss://[a:b:c:8d::3]/v3/connect
a
yes....it is.....
I was just trying to see if I could do a "ping" or "netcat" to that IP using the wss to see if it was listening.
c
a
However.....On our Rancher cluster.....
If I goto the https://<rancher url>/v3
There is no link to "/v3/connect"
I do see more options under /v3
c
you can’t GET it, no. this is a websocket endpoint, you have to use the CONNECT verb.
👍 1
a
But, "connect" is not one of them
c
The IPV6 literal in the wss URL needs to be properly encoded with square braces around it. I suspect that something internally is not generating the websocket peer address properly.
a
OH>....
I see what your saying....
So, it still seems like a coding issue then.....just need to have the literal format inplace that will use the [ xxxx]
c
I’m saying that its probably a bug in rancher. I don’t think it sees much use and probably hasn’t been tested, running the rancher manager on a cluster that is ipv6-only or ipv6-primary.
a
Do you think Rancher folks would be willing to test that one out?
c
feel free to open an issue on GH with the logs yo shared here.
a
our whole cluster is basically IPV6 since our VPC is almost out of IPV4 IP's
Yep, we opened up a GH issue yeaterday.
c
are you using the AWS VPC CNI or something?
a
yes, its all in AWS
installed Rancher as the GUI for the EKS cluster
c
To manage downstream clusters, or the cluster it is installed to?
a
its installed on the cluster
c
you’re not REALLY supposed to run anything besides Rancher on the cluster it is installed to. The model is that you have a cluster that hosts rancher, and then manage other downstream clusters from that UI.
a
we have separate node groups specifically for the Rancher install.
c
the RBAC stuff does not isolate things very well if you let people manage projects on the same cluster as rancher itself
you should really create downstream clusters for projects and then grant non-admins access to those projects/clusters
a
so far, we are the only team that will be on this 1 cluster.
we will have 1 for dev and 1 for prod.
we dont plan to have others come in and use Rancher for cluster
3 Views
Open in Slack
PreviousNext
Powered by