Hey team, We're running into issues provisioning ...
# rke2
e
Hey team, We're running into issues provisioning a 3 CP, 3 worker RKE2 downstream cluster on RHEL 8.10 via Rancher.
kubectl get nodes
shows "Ready," but we're seeing persistent errors like
Failed to create pod sandbox: ... Calico ... TLS handshake timeout
when Calico tries to connect to the API server. This points to a networking/proxy problem. We tried configuring
HTTP_PROXY
,
HTTPS_PROXY
, and
NO_PROXY
(with broad internal ranges including
10.0.0.0/8
and
.<http://xyz.org|xyz.org>
) in
/etc/default/rke2-server
and
/etc/default/rke2-agent
to avoid a global proxy setup. However, the
rancher-system-agent
is still failing to pull images, specifically
rancher/system-agent-installer-rke2:v1.31.7-rke2r1
from
<http://index.docker.io|index.docker.io>
, reporting a
dial tcp ...:443: i/o timeout
. This suggests the proxy isn't being picked up by the system agent for its initial image pulls, or there's an issue with the proxy itself reaching Docker Hub. Any thoughts on why the system agent isn't using the proxy config from
/etc/default/
files, or what else could be causing this image pull timeout and the subsequent Calico TLS handshake errors? Thanks in advance!
c
You need to set the http proxy env vars in agent env section of the Rancher UI for that cluster. You may not be able to change this after the fact, if the nodes are unable to communicate with rancher without the proxy configured. This is covered in the rancher docs.