dazzling-twilight-41550
01/26/2023, 10:21 PMmagnificent-napkin-96586
01/27/2023, 1:05 AMthankful-hospital-82027
01/27/2023, 1:34 PMk3s
binary is running only on the Rancher Desktop distribution rancher-desktop
.
With that said, can I kindly ask you to create the pki files as follow:
wsl -d rancher-desktop
# run your provisioning script
ATTENTION: please note that Rancher Desktop distro is "ephemeral" , all your changes will be lost.dazzling-twilight-41550
01/27/2023, 2:20 PMthankful-hospital-82027
01/27/2023, 2:56 PMprovisioning script
could exist for many layers.
So, it's fair to assume that you created a $env:USERPROFILE\AppData\Roaming\rancher-desktop\provisioning\[script name].start
with the content you shared above?
I tried it, and at first I had also the same issue, the files didn't appear, however as stated in the docs, the line endings should be Unix format and not DOS. Example: if you use VSCode, you'll need to change the line endings from CRLF to LF.
Once I've done that change, the directories and files correctly appeared in Rancher Desktop distrodazzling-twilight-41550
01/27/2023, 3:44 PMk3s_overrides.start
file in the $env:USERPROFILE\AppData\Roaming\rancher-desktop\provisioning
windows folder and added the contents above to the file. I did verify that the line endings were LF in the provisioning script file. When Rancher Desktop runs, it executes the provisioning script and creates the files as expected in the rancher-desktop distro. However, when Rancher Desktop starts k3s in the rancher-desktop distro, the kube-apiserver begins throwing error messages stating that the sa.key file or directory could not be found. Once this happens, authentication fails for other components and causes Rancher Desktop to hang, while configuring kubectl. Unfortunately, when this happens, the only option left is to perform a factory reset and start over. I am wondering if this is related to k3s and not Rancher Desktop. I will post a message to the #k3s channel to see if this is a k3s configuration issue.thankful-hospital-82027
01/27/2023, 4:00 PMdazzling-twilight-41550
01/27/2023, 4:44 PMtime="2023-01-27T16:41:00Z" level=info msg="Running kube-apiserver --advertise-port=6443 --allow-privileged=true --anonymous-auth=false --api-audiences=<https://kubernetes.default.svc.cluster.local>,k3s --authorization-mode=Node,RBAC --bind-address=127.0.0.1 --cert-dir=/var/lib/rancher/k3s/server/tls/temporary-certs --client-ca-file=/var/lib/rancher/k3s/server/tls/client-ca.crt --egress-selector-config-file=/var/lib/rancher/k3s/server/etc/egress-selector-config.yaml --enable-admission-plugins=NodeRestriction --enable-aggregator-routing=true --etcd-servers=<unix://kine.sock> --feature-gates=JobTrackingWithFinalizers=true --kubelet-certificate-authority=/var/lib/rancher/k3s/server/tls/server-ca.crt --kubelet-client-certificate=/var/lib/rancher/k3s/server/tls/client-kube-apiserver.crt --kubelet-client-key=/var/lib/rancher/k3s/server/tls/client-kube-apiserver.key --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname --profiling=false --proxy-client-cert-file=/var/lib/rancher/k3s/server/tls/client-auth-proxy.crt --proxy-client-key-file=/var/lib/rancher/k3s/server/tls/client-auth-proxy.key --requestheader-allowed-names=system:auth-proxy --requestheader-client-ca-file=/var/lib/rancher/k3s/server/tls/request-header-ca.crt --requestheader-extra-headers-prefix=X-Remote-Extra- --requestheader-group-headers=X-Remote-Group --requestheader-username-headers=X-Remote-User --secure-port=6444 --service-account-issuer=\"<https://csgcorpitaaioidcissuer01.blob.core.windows.net/oidc-test/>\" --service-account-key-file=\"/etc/rancher/k3s/pki/sa.pub\" --service-account-signing-key-file=\"/etc/rancher/k3s/pki/sa.key\" --service-cluster-ip-range=10.43.0.0/16 --service-node-port-range=30000-32767 --storage-backend=etcd3 --tls-cert-file=/var/lib/rancher/k3s/server/tls/serving-kube-apiserver.crt --tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 --tls-private-key-file=/var/lib/rancher/k3s/server/tls/serving-kube-apiserver.key"
time="2023-01-27T16:41:00Z" level=info msg="Running kube-scheduler --authentication-kubeconfig=/var/lib/rancher/k3s/server/cred/scheduler.kubeconfig --authorization-kubeconfig=/var/lib/rancher/k3s/server/cred/scheduler.kubeconfig --bind-address=127.0.0.1 --kubeconfig=/var/lib/rancher/k3s/server/cred/scheduler.kubeconfig --leader-elect=false --profiling=false --secure-port=10259"
time="2023-01-27T16:41:00Z" level=info msg="Waiting for API server to become available"
I0127 16:41:00.631039 467 server.go:581] external host was not specified, using 192.168.67.3
Error: failed to parse service-account-issuer-key-file: open "/etc/rancher/k3s/pki/sa.key": no such file or directory