Channels
extensions
rancher-extensions
supermicro-sixsq
ozt
os
one-point-x
rio
onlinemeetup
v16-v21-migration
events
onlinetraining
training-1220
training-0110
training-0124
k3s-contributor
submariner
storage
k3os
windows
ci-cd
theranchcast
rfed_ara
nederlands
ukranian
danish
training-0131
masterclass
training-0207
training-0214
terraform-controller
epinio
phillydotnet
swarm
rancher-wrangler
deutsch
russian
chinese
mesos
français
japanese
arm
longhorn-dev
terraform-provider-rke
service-mesh
azure
gcp
academy
random
elemental
espanol
lima
harvester-dev
portugues
kubernetes
kim
hypper
kubewarden
opni
logging
neuvector-security
rancher-setup
developer
office-hours
mexico
cabpr
rke
vsphere
longhorn-storage
k3s
k3d
terraform-provider-rancher2
fleet
amazon
harvester
rke2
s3gw
hobbyfarm
rancher-desktop
general
Title
m
miniature-notebook-6405
01/10/2023, 5:40 PMHello, I am seeking insight regarding the Rancher agent that is run on the remote cluster. We would like to run a cluster on an isolated network (Azure) and communicate to Rancher server over a private endpoint on one IP address. Is this not possible with the Rancher import agent? I had hoped only port 6443, and all ports for that matter, on a single IP would be enough for the agent to talk to the server, but it is not importing. Does Rancher server require unfettered access to the network of the remote cluster, such as peering with that network? I would have hoped we would be able to leverage the agent for isolated networks, but it appears to have more access requirements than I had thought. Thank you!
Ok we have at least three issues that could cause us problems joining Rancher server...
1. agent pod no obeying /etc/hosts on node, added hostAlias to pod spec.
2. currently we are not using a supported version of kubernetes for the version of RKE, chalk up to overzealous automation, we need to plod along more like a tortoise.
3. kubernetes 1.2.1 has a known issue getting stuck at "Waiting for API to become available."
rke downgrade to a supported version then...
If this all works then we have successfully joined Rancher server over a single IP private endpoint on an isolated network.. if.
for number 2 somehow we ended up running rke 1.3.15 which does not support the k8s version hard-coded into our "manifests" 1.21.8. Every time a dev says "manifests" I get a lovecraftian protagonist shudder.
Ok it didn't work. The Rancher agent is driving me batty, I would hostAlias the deployment yaml to use the private endpoint, it would use that to contact Rancher server initially, then it would redeploy and erase my alias in deployment yaml, so that it would try to use the DNS information, which happens to be an inaccessible IP since it is not peered. Peering the vnets worked, however my network engineer does not like that configuration.