Hi, I am doing my first install of Rancher on RKE2 (2.6) and am having some issues with accessing

/var/lib/rancher/rke2/*server/manifests*

to configure nginx as a daemonset as outlined in these docs. It appears the permissions for the

server

directory are not set properly on any of the nodes in this cluster. I'm seeing the steps were tested in 2.5.6. So, is this a bug or intended? Also, what permissions should I set on that directory to complete the final step in those docs?

What do you mean not set properly. What permissions are you expecting, and what do you see?

Here is what I am getting...

user@srv1:/var/lib/rancher/rke2$ cd server

-bash: cd: server: Permission denied

user@srv1:/var/lib/rancher/rke2$ sudo cd server

sudo: cd: command not found

If you did a recent RKE2 install you may not need to do the step of chaning nginx ingress controller to a DaemonSet as when I did it several months ago (with RKE2 v1.21.6 if I recall correctly), I was able to run

kubectl get daemonsets -A

and see that it was already a DaemonSet.

Thank you for that observation. It has me curious about the docs. I will be setting up a second cluster in the next week or so and I'll take a look at that. I'm going to create my own set of documentation that cleans up the process for me. While doing this first install, I felt like I was jumping back and forth and trying to figure out which was the chicken and which was the egg at times. I'll either validate that experience and have some feedback on docs or I'll realize I was just getting confused.

A lot was slightly off/wrong on the docs for me using RKE2 v1.21 & Rancher 2.6 on the install. Sad to hear they're still that way.

Can you link to the docs page that you're looking at?

The ones that I recall quickly are all on https://rancher.com/docs/rancher/v2.6/en/installation/resources/k8s-tutorials/ha-rke2/ . When I was first using the page something in I think step 1 was malformed and I had to go back to the 2.5 install page to see the info but that looks fixed. Steps 4 & 5 are both incorrect if using RKE2 v1.21.x (and presumably higher), so noting what versions those are for and/or having a link or note about differences in the different supported versions would be good. I can't remember what it was from months ago past that.

interesting, I’ll pass that along to the docs team. If you ever notice something like that, there’s an Edit This Page button at the bottom of every page, if you can take a moment to even just comment on what you’d like improved in the docs that helps close the loop better than just noting it on Slack.

I suspect the consistent problem I had is that I was installing my first RKE2 (v1.23) and my first Rancher (v2.6) and the references/notes had me going to other docs to figure out some detail that the main doc assumed I'd know. Then those second docs might have a step/action that was inconsistent with what I was originally trying to do. I've watched numerous videos, read several docs outside of Rancher to try and piece it all together so that the HA RKE2 Rancher install made sense. I'm just about there, I think. of course, most resources in the wild pertain to docker, so it's been interesting. One area I had a lot of confusion on was setting up a load balancer. Looks like we need two load balancers? One for RKE2 and the other for Rancher. Anyway, the chicken/egg comment from above had a lot to do with documentation around load balancers and figuring out that I needed the RKE2 one in place before doing anything with the other one. When I write that it seems logical and simple, but when bouncing between several docs...

You don’t technically need two load-balancers, but if you are using dedicated agents to run the Rancher app to keep the server nodes free for running etcd+control-plane, then you would probably want that, since you won’t have the same nodes for the control-plane LB as you will for the ingress LB.

That makes sense. Separate LBs is what I prefer for our situation. The docs on the Rancher LB also emphasize not adding anything other than Rancher to its external LB.

I'm prototyping in small dev environments but trying to keep it moderately production-like. I have 3 nodes for Rancher HA RKE2 cluster, then a downstream RKE2 cluster with 3 control plane/etcd & 5 worker nodes. I have a DNS hostname pointing at the three Rancher RKE2 nodes (and if I set it up manually rather than with Rancher UI commands then another DNS hostname pointing at the three downstream RKE2 control plane nodes). I then have a single external HAProxy instance that points to port 443 on all 5 worker nodes that has a wildcard DNS entry for a subdomain and then I set up my Ingress objects to use that subdomain and go through that HAProxy (I expect the prod instance to put the HAProxy equivalent in a DMZ).