Channels
academy
amazon
arm
azure
cabpr
chinese
ci-cd
danish
deutsch
developer
elemental
epinio
espanol
events
extensions
fleet
français
gcp
general
harvester
harvester-dev
hobbyfarm
hypper
japanese
k3d
k3os
k3s
k3s-contributor
kim
kubernetes
kubewarden
lima
logging
longhorn-dev
longhorn-storage
masterclass
mesos
mexico
nederlands
neuvector-security
office-hours
one-point-x
onlinemeetup
onlinetraining
opni
os
ozt
phillydotnet
portugues
rancher-desktop
rancher-extensions
rancher-setup
rancher-wrangler
random
rfed_ara
rio
rke
rke2
russian
s3gw
service-mesh
storage
submariner
supermicro-sixsq
swarm
terraform-controller
terraform-provider-rancher2
terraform-provider-rke
theranchcast
training-0110
training-0124
training-0131
training-0207
training-0214
training-1220
ukranian
v16-v21-migration
vsphere
windows
Title
f
faint-policeman-5206
11/15/2022, 7:51 AMWe have an (imported) cluster running behind a firewall that does TLS interception.
Is there an env var to tell cattle-cluster-agent to ignore the CA? (We might have the CA somewhere, but not on the Rancher server - we do have it on the nodes in the cluster running the imported cluster (but I'm not aware of a way to add mounts to the manifests that calttle-cluste-agent use)
Only the proxy variables seems to be documented. (In this case, the proxy is blocking the URL, but firewall access is open (but it is being intercepted) (I can't find an obvious reference with the env vars that cattle-cluster-agent support in the documentation, using "site:rancher.com inurl:v2.6 https_proxy" (that only fins one page that happens to mention that that is how proxy settings is configured)
The agent has a blank CATTLE_CA_CHECkSUM (the rancher server has a Let's encrypt cert) (I'm not sure if that setting can be overwritten from the env var settings for the cluster or how to obtain that checksum)
This seems like a different issue - curl fails with cert issues - but OpenSSL shows the correct and identical certs as on a cluster than works.... So this is likely another issue...
(It is stuck at "connecting to proxy" with the URL. No errors, but no progress either) (curl (with
-k-kWith
CATTLE_DEBUGThis seems to have more details than the documentation: https://rancher.support/training/rancher/rancher-agents/ (at least on some of the env vars)
CATTLE_TUNNEL_DATA_DEBUG"Waiting fro API to be available" on Rancher and "Ready" is false under Conditions with "[Disconnected] Cluster agent is not connected"
"Reconciling" is true with "[Reconciling]"
It was created ~3weeks ago, it seems like the provisioning link changed.
(It seems like the new link did not resolve it though)
Daleting and readding the cluster on Rancher resolved it (and deleting old cattle-system namespace before importing new gent config)