Can't setup a cluster in Rancher 2.0

i just getting the following error when i try to deploy a new cluster custom

This cluster is currently Provisioning; areas that interact directly with it will not be available until the API is ready.

[controlPlane] Failed to bring up Control Plane: Failed to verify healthcheck: Service [kube-apiserver] is not healthy on host [10.215.0.56]. Response code: [403], response body: {“kind”:“Status”,“apiVersion”:“v1”,“metadata”:{},“status”:“Failure”,“message”:“forbidden: User “kube-apiserver” cannot get path “/healthz””,“reason”:“Forbidden”,“details”:{},“code”:403}

  • Make sure that you have clean nodes when you are building a cluster, re-using etcd data and/or certificates can break provisioning. Run https://gist.github.com/superseb/2cf186726807a012af59a027cb41270d on each node before provisioning.
  • Can you provide output of docker logs etcd and docker logs kube-apiserver on 10.215.0.56 as that should show what’s going wrong.

Same issue here on RedHat 7.5.

The nodes have been completely new, however due to my several retries to solve the issue, I always used the gist to clean the nodes up. “docker logs etcd” showed me:

2018-06-26 14:26:37.663453 W | rafthttp: health check for peer c2cf041a6dbd41df could not connect: dial tcp 10.230.38.31:2380: i/o timeout

so I opened the firewall port. Which fixed that issue for me. Hope this helps. The documentation did not mention this port to be open, IMHO.

All ports are documented here: https://rancher.com/docs/rancher/v2.x/en/installation/references/