https://rancher.com/ logo
Title
f

fierce-cat-34865

06/16/2022, 8:03 PM
Worked my way to this section and tried both helm and kubectl with no luck. https://docs.rancherdesktop.io/how-to-guides/setup-NGINX-Ingress-Controller Is there a simple fix for this?
w

wide-mechanic-33041

06/16/2022, 8:14 PM
When I have hit TLS handshake issues it’s been MTU settings in the VM. packet fragmentation and all that. Now I would expect that for pulling an image which may be buried in the logs. you could rdctl shell into the backing VM and set it to 1250 or 1300 just to see if things get better
f

fierce-cat-34865

06/16/2022, 8:18 PM
Good advice, I wish I knew how to try it.
w

wide-mechanic-33041

06/16/2022, 9:09 PM
So use
rdctl shell
to get into the backing VM when Rancher is running. Then
ip link set mtu 1250 dev eth0
if you are hitting layers of virt and then a VPN and then layers of intranet maybe its getting broken
f

fierce-cat-34865

06/16/2022, 9:11 PM
Do I have to have pass in any other flag or argument ? or just rdctl shell ? do I have to supply the VM name?
w

wide-mechanic-33041

06/16/2022, 9:11 PM
nope that’s a client the Rancher team has created. “shell” is the param
f

fierce-cat-34865

06/16/2022, 9:13 PM
Im on wifi, will eth0 work?
w

wide-mechanic-33041

06/16/2022, 9:14 PM
yup you are changing the interfaces in the VM backing the Rancher instance. I don’t run it on Linux, but in the rd shell you should see the bridges like rd1 and rd2, cni0, etc. you shouldn’t see your host network stack.
i don’t believe the linux variant went away from the VM backend even though it could just orchestrate the features on the linux host
f

fierce-cat-34865

06/16/2022, 9:15 PM
I get operation not permitted. I need sudo ?
w

wide-mechanic-33041

06/16/2022, 9:15 PM
hmmm you sure you are in the backing alpine instance?
f

fierce-cat-34865

06/16/2022, 9:18 PM
w

wide-mechanic-33041

06/16/2022, 9:18 PM
what does
uname -a
show you?
been spending too much time in WSL land i guess
f

fierce-cat-34865

06/16/2022, 9:18 PM
in the rdctl shell?
w

wide-mechanic-33041

06/16/2022, 9:19 PM
no you are in the alpine VM
give it a sudo
f

fierce-cat-34865

06/16/2022, 9:19 PM
I am in vrirt alpine
w

wide-mechanic-33041

06/16/2022, 9:20 PM
yeah just confirmed on my mac you need sudo
it uses a real alpine vm backing rather than the WSL userspace
f

fierce-cat-34865

06/16/2022, 9:20 PM
sudo before the rdctl shell ?
w

wide-mechanic-33041

06/16/2022, 9:20 PM
no rdctl shell is just an SSH session to the backing VM
you are in as a user on that VM and not your host anylonger
f

fierce-cat-34865

06/16/2022, 9:21 PM
sudo before the mtu ?
w

wide-mechanic-33041

06/16/2022, 9:21 PM
so in that
lima-rancher-desktop:…
prompt use the sudo …
f

fierce-cat-34865

06/16/2022, 9:22 PM
ok. once thats done go back to the host?
w

wide-mechanic-33041

06/16/2022, 9:22 PM
yeah try running the same command you were using before
f

fierce-cat-34865

06/16/2022, 9:22 PM
best way to exit the vm?
w

wide-mechanic-33041

06/16/2022, 9:23 PM
just a shot in the dark on the resolution.
just
exit
just like ssh
f

fierce-cat-34865

06/16/2022, 9:24 PM
still unreachable maybe try 1300
w

wide-mechanic-33041

06/16/2022, 9:24 PM
in the host
kubectl cluster-info
going bigger if its fragmentation wouldn’t help
seems like it is something different
f

fierce-cat-34865

06/16/2022, 9:25 PM
server unreachable
w

wide-mechanic-33041

06/16/2022, 9:26 PM
and your Kubernetes Settings has it enabled right? seems like the cluster itself is not running
anything in the logs? Preferences\Troubleshooting\Show Logs
f

fierce-cat-34865

06/16/2022, 9:27 PM
kubernetes enabled, traefik disabled, docker moby runtime
1300 also timedout
w

wide-mechanic-33041

06/16/2022, 9:28 PM
sorry stretching my knowledge, but do they use sudo to create the socket
and yeah 1300 is bigger than 1250 so wouldn’t expect if it was fragmentation for that to work when 1250 didn’t
f

fierce-cat-34865

06/16/2022, 9:30 PM
thanks anyways, i did become aware of rdctl which was not on my radar before
try 1200
w

wide-mechanic-33041

06/16/2022, 9:30 PM
and in your Host side .kube/config its going to 127.0.0.1:6443?
and you have a no_proxy for 127.0.0.1?
f

fierce-cat-34865

06/16/2022, 9:31 PM
i never set one, so no i guess
w

wide-mechanic-33041

06/16/2022, 9:31 PM
gut says based on kubectl failing it isn’t mtu, but could still be a proxy in play
do you have an https_proxy envvar?
f

fierce-cat-34865

06/16/2022, 9:32 PM
1200 timed out too, but the message is diff
w

wide-mechanic-33041

06/16/2022, 9:32 PM
well that’s interesting
do you normally use a proxy though on your machine or are you just nat’d to the internet?
f

fierce-cat-34865

06/16/2022, 9:34 PM
no proxy
👍 1
w

wide-mechanic-33041

06/16/2022, 9:35 PM
i mean you could make the VM MTU smaller, but not sure why packet sizes would need to be so small. I don’t know how the bridging is setup on linux so having to sort of go off what i see on my mac
f

fierce-cat-34865

06/16/2022, 9:35 PM
is it possible lower mtu might work ?
w

wide-mechanic-33041

06/16/2022, 9:36 PM
maybe, but if it does i would use that to try and figure out why. thats a lot of packet header
f

fierce-cat-34865

06/16/2022, 9:37 PM
ok. thanks
w

wide-mechanic-33041

06/16/2022, 9:38 PM
have to run, but post back and maybe folks on the rancher team have some thoughts around causes that might be tied to a Linux client
f

fierce-cat-34865

06/16/2022, 9:38 PM
ok
w

wide-mechanic-33041

06/16/2022, 9:38 PM
and if you haven’t tried it yet maybe do a Factory Reset in case the cluster got torqued up during the install
and def check the logs for any errors jumping out to you