01/31/2023, 9:56 PM
Freeing up resources in my harvester cluster (and keeping rancher manager 'off-cluster' so I am using RD on Win11 and following the Rancher Manager on Rancher Desktop official documentation (a bit outdated as I have to set my kubernetes version in RD lower to allow Rancher manager latest to install) and I can not reach that workload and it seems to break my certificate to allow my Lens IDE to connect. Wondering if anyone has run into something similar. Details coming as a thread.
$ curl -vLk * Trying * TCP_NODELAY set * Connected to ( port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: /etc/ssl/certs/ca-certificates.crt CApath: /etc/ssl/certs * TLSv1.3 (OUT), TLS handshake, Client hello (1): * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): * TLSv1.3 (IN), TLS handshake, Certificate (11): * TLSv1.3 (IN), TLS handshake, CERT verify (15): * TLSv1.3 (IN), TLS handshake, Finished (20): * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.3 (OUT), TLS handshake, Finished (20): * SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256 * ALPN, server accepted to use h2 * Server certificate: * subject: CN=TRAEFIK DEFAULT CERT * start date: Jan 31 18:36:19 2023 GMT * expire date: Jan 31 18:36:19 2024 GMT * issuer: CN=TRAEFIK DEFAULT CERT * SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway. * Using HTTP2, server supports multi-use * Connection state changed (HTTP/2 confirmed) * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0 * Using Stream ID: 1 (easy handle 0x5629dba598c0)
user-agent: curl/7.68.0
accept: /
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): * Connection state changed (MAX_CONCURRENT_STREAMS == 250)! < HTTP/2 404 < content-type: text/plain; charset=utf-8 < x-content-type-options: nosniff < content-length: 19 < date: Tue, 31 Jan 2023 19:17:32 GMT < 404 page not found * Connection #0 to host left intact $ curl -vLk * Trying * TCP_NODELAY set * connect to port 443 failed: Connection timed out * Failed to connect to port 443: Connection timed out * Closing connection 0 curl: (28) Failed to connect to port 443: Connection timed out $ k get nodes NAME STATUS ROLES AGE VERSION tumbler Ready control-plane,master 64m v1.24.10+k3s1 k version WARNING: This version information is deprecated and will be replaced with the output from kubectl version --short. Use --output=yaml|json to get the full version. Client Version: version.Info{Major:"1", Minor:"25", GitVersion:"v1.25.0", GitCommit:"a866cbe2e5bbaa01cfd5e969aa3e033f3282a8a2", GitTreeState:"clean", BuildDate:"2022-08-23T17:36:43Z", GoVersion:"go1.19", Compiler:"gc", Platform:"linux/amd64"} Kustomize Version: v4.5.7 Server Version: version.Info{Major:"1", Minor:"24", GitVersion:"v1.24.10+k3s1", GitCommit:"546a94e9ae1c3be6f9c0dcde32a6e6672b035bc8", GitTreeState:"clean", BuildDate:"2023-01-26T00:35:57Z", GoVersion:"go1.19.5", Compiler:"gc", Platform:"linux/amd64"}
Lens IDE error after completing E0131 16:49:57.669209 12744 proxy_server.go:147] Error while proxying request: x509: certificate signed by unknown authority
just an update.... getting containers to be reachable using RD on Win11 with WSL2, I needed to add a portproxy (adjust for the ports you want your wsl2 RD hyper-v VMs to listen on.
netsh interface portproxy add v4tov4 listenport=38081 listenaddress= connectport=38080 connectaddress=localhost