https://rancher.com/ logo
Title
a

adorable-midnight-46384

02/19/2023, 8:19 AM
Hello, I am getting crazy trying to deploy a RKE2 cluster at Amazon ECS using Rancher 2.7. I am unable to use the option "Amazon Cloud Provider" so it is integrated with the AWS load balancer. I have no problems doing the deployment if I i choose "none" instead of Amazon Cloud Provider, but on this case, I lost the ELB integration. I tryed to setup a IAM role, as suggested on the guide, but I guess I am doing something bad there (and instructions are not clear enough for meat that point). Anyone can help me, please ?
a

agreeable-oil-87482

02/19/2023, 8:32 PM
Did you tag the relevant aws resources?
a

adorable-midnight-46384

02/20/2023, 9:08 AM
Not sure if I am doing correctly. I have my security group "rancher-nodes" created in advance in AWS, with the tag "kubernetes.io/cluster/hcl-lab=owned". In addition, my VPC & the sube has the kubernetes.io/cluster/hcl-lab=shared, and on the Rancher interface I setup to add the tag kubernetes.io/cluster/hcl-lab=shared to the nodes that are being created by rancher. But not working.. ­čś× My cluster is called hcl-lab, as the tagging. Is there any else I should do ?
a

agreeable-oil-87482

02/20/2023, 9:44 AM
IIRC tagging the VPC, Subnet, EC2 instances and SG objects should be sufficient
a

adorable-midnight-46384

02/20/2023, 9:47 AM
Not sure what I am doing wrong them, because the clusters does not finished to be deployed, it remains on "Updating" with the message "Configuring bootstrap node(s) hcl-masters-6c5696c4bc-plxmm: waiting for probes: calico, etcd, kube-apiserver, kube-controller-manager, kube-scheduler, kubelet"
a

agreeable-oil-87482

02/20/2023, 9:48 AM
If you SSH into the node does
/etc/rancher/rke2/rke2.yaml
exist?
a

adorable-midnight-46384

02/20/2023, 9:48 AM
Is there any difference between using the value "owned" or "shared" on the tagging? I do not really understand very well why i have both options
a

agreeable-oil-87482

02/20/2023, 9:49 AM
It's an AWS thing - defines if you want resources shared amongst clusters
a

adorable-midnight-46384

02/20/2023, 9:57 AM
yes, rke2.yaml file exists....
a

agreeable-oil-87482

02/20/2023, 9:57 AM
export KUBECONFIG=/etc/rancher/rke2/rke2.yaml
/var/lib/rancher/rke2/bin/kubectl get no
Also try and get the list of Pods and what state they're in
a

adorable-midnight-46384

02/20/2023, 10:00 AM
root@hcl-masters-8c76e660-g5g6g:/etc/rancher/rke2# export KUBECONFIG=/etc/rancher/rke2/rke2.yaml root@hcl-masters-8c76e660-g5g6g:/etc/rancher/rke2# /var/lib/rancher/rke2/bin/kubectl get no The connection to the server 127.0.0.1:6443 was refused - did you specify the right host or port?
a

agreeable-oil-87482

02/20/2023, 10:02 AM
journalctl -u rke2-server
a

adorable-midnight-46384

02/20/2023, 10:16 AM
Feb 20 10:14:46 hcl-masters-8c76e660-g5g6g rke2[10235]: Error: failed to run Kubelet: could not init cloud provider "aws": Found multiple cluster tags with prefix kubernetes.io/cluster/ ("c-m-d62wvfwn" and "hcl")
Seems I do not understand how to do the tagging ­čś×
I can not understand why there is multiple tagging found. That this means I should not tag the EC2 on the UI of rancher ?
I am pretty sure I did not created myself the tag "c-m-d62wvfwn", I guess it was created by rancher. But that tag is not the same one of the VPC I already have, or the security group... Does this means I should not create tags for the EC2 since Rancher chooses and writes their owns ?