01/10/2023, 5:40 PM
Hello, I am seeking insight regarding the Rancher agent that is run on the remote cluster. We would like to run a cluster on an isolated network (Azure) and communicate to Rancher server over a private endpoint on one IP address. Is this not possible with the Rancher import agent? I had hoped only port 6443, and all ports for that matter, on a single IP would be enough for the agent to talk to the server, but it is not importing. Does Rancher server require unfettered access to the network of the remote cluster, such as peering with that network? I would have hoped we would be able to leverage the agent for isolated networks, but it appears to have more access requirements than I had thought. Thank you!
Ok we have at least three issues that could cause us problems joining Rancher server...
1. agent pod no obeying /etc/hosts on node, added hostAlias to pod spec.
2. currently we are not using a supported version of kubernetes for the version of RKE, chalk up to overzealous automation, we need to plod along more like a tortoise.
3. kubernetes 1.2.1 has a known issue getting stuck at "Waiting for API to become available."
rke downgrade to a supported version then...
If this all works then we have successfully joined Rancher server over a single IP private endpoint on an isolated network.. if.
for number 2 somehow we ended up running rke 1.3.15 which does not support the k8s version hard-coded into our "manifests" 1.21.8. Every time a dev says "manifests" I get a lovecraftian protagonist shudder.
Ok it didn't work. The Rancher agent is driving me batty, I would hostAlias the deployment yaml to use the private endpoint, it would use that to contact Rancher server initially, then it would redeploy and erase my alias in deployment yaml, so that it would try to use the DNS information, which happens to be an inaccessible IP since it is not peered. Peering the vnets worked, however my network engineer does not like that configuration.