https://rancher.com/ logo
Title
s

stale-spring-20280

02/27/2023, 4:36 PM
I am trying to import EKS cluster in Rancher (2.7). I first tried and went ahead to create a Cloud Credential for AWS. I get "Authentication test failed, please check your credentials" on the UI. This info on the UI is bit vague. Where can I get more details to troubleshoot further?
b

bright-fireman-42144

02/27/2023, 5:27 PM
how did you install rancher manager?
s

stale-spring-20280

02/27/2023, 5:28 PM
Rancher manager on K3s using helm
b

bright-fireman-42144

02/27/2023, 5:31 PM
https://ranchermanager.docs.rancher.com/v2.6/troubleshooting/other-troubleshooting-tips/rancher-ha should point you in the right direction... or select the correct version of the version of rancher you are using.
it will be a kubectl logs command
I also use browser developer tools to get an idea of what the UI is requesting and what is returned.
my apologies.... this is just to get you to more information than what is in the UI so you can dig deeper, it's basically how I've been learning everything. Poking around and breaking it 😉
s

stale-spring-20280

02/27/2023, 5:56 PM
@bright-fireman-42144 Thanks for the tip. I traced the call on developer tools. It got a 403 on https://<rancher-ui>/meta/proxy/ec2.us-east-1.amazonaws.com/ and nothing more. I used "wget" to get more info.... https://<rancher-ui>/meta/proxy/ec2.us-east-1.amazonaws.com/ reveals that ERROR: The certificate of ‘rancher-ui’ is not trusted. ERROR: The certificate of ‘rancher-ui’ hasn't got a known issuer.
@bright-fireman-42144 - I am using self signed cert by certmanager. Do we need a real cert here to get past the error? Any workarounds?
b

bright-fireman-42144

02/27/2023, 8:29 PM
I'm not entirely sure. I've had plenty of cert issues, especially with rancher and harvester integration. It would be nice if they exposed cert-manager (at least Lets Encrypt options) in the UI for harvester but I don't think that is possible for rancher due to the numerous ways Rancher Manager can be installed. I don't /think/ that's your problem (I often see errors related to certs that are self signed) but if it's a 403, that means the server got the request and possibly even understood it but is actively denying it for some reason. Could be due to the cert or some other authorization is expects (IP blacklisting, something higher up in the OSI layers, expected a token of some type.... dunno) Sorry I can't be of more help.