https://rancher.com/ logo
Channels
academy
amazon
arm
azure
cabpr
chinese
ci-cd
danish
deutsch
developer
elemental
epinio
espanol
events
extensions
fleet
français
gcp
general
harvester
harvester-dev
hobbyfarm
hypper
japanese
k3d
k3os
k3s
k3s-contributor
kim
kubernetes
kubewarden
lima
logging
longhorn-dev
longhorn-storage
masterclass
mesos
mexico
nederlands
neuvector-security
office-hours
one-point-x
onlinemeetup
onlinetraining
opni
os
ozt
phillydotnet
portugues
rancher-desktop
rancher-extensions
rancher-setup
rancher-wrangler
random
rfed_ara
rio
rke
rke2
russian
s3gw
service-mesh
storage
submariner
supermicro-sixsq
swarm
terraform-controller
terraform-provider-rancher2
terraform-provider-rke
theranchcast
training-0110
training-0124
training-0131
training-0207
training-0214
training-1220
ukranian
v16-v21-migration
vsphere
windows
Powered by
Title
c

creamy-animal-16878

12/21/2022, 1:37 PM
I get this error 1 in 3 times when trying any kubectl command, using a KubeConfig from rancher ui for a "downstream" rke cluster: 
Error from server (InternalError): an error on the server ("unable to create impersonator account: error setting up impersonation for user user-6j58n: failed to get secret for service account: cattle-impersonation-system/cattle-impersonation-user-6j58n, error: timed out waiting for the condition") has prevented the request from succeeding (get nodes)
There's 3 nodes with "all roles", plus 1 worker. "current-context" in KubeConfig points to fqdn for rancher mgmt cluster. If I change this to point to one of the rke cluster nodes, it always works, for all 3 nodes. In "cattle-impersonation-system" ns on rke cluster exists secret "cattle-impersonation-user-6j58n-token", but not without "-token". Help? 🙂
Tried copying the secret to same name w/o "-token", no effekt. On rancher mgmt cluster, this ns is empty.
165 Views
#rkeJoin Slack
Powered by