Dual-Stack RKE2 Cluster cert error

MatijaTerzic · August 29, 2023, 11:37am

I am trying to setup a Dual-Stack with Calico cluster with the following setup:

Service CIDR: 10.43.0.0/16,fd00:c00b:2::/64
Cluster CIDR: 10.42.0.0/16,fd00:c00b:1::/64

IPv4 and IPv6 on the hosts is configured and working.

If i try to setup cluster i got following error:

level=error msg=“error loading CA cert for probe (kube-controller-manager) /var/lib/rancher/rke2/server/tls/kube-controller-manager/kube-controller-manager.crt: open /var/lib/rancher/rke2/server/tls/kube-controller-manager/kube-controller-manager.crt: no such file or directory”
Aug 29 13:34:44 k8-master rancher-system-agent[3037]: time=“2023-08-29T13:34:44+02:00” level=error msg=“error while appending ca cert to pool for probe kube-controller-manager”
Aug 29 13:34:44 k8-master rancher-system-agent[3037]: time=“2023-08-29T13:34:44+02:00” level=error msg=“error loading CA cert for probe (kube-scheduler) /var/lib/rancher/rke2/server/tls/kube-scheduler/kube-scheduler.crt: open /var/lib/rancher/rke2/server/tls/kube-scheduler/kube-scheduler.crt: no such file or directory”
Aug 29 13:34:44 k8-master rancher-system-agent[3037]: time=“2023-08-29T13:34:44+02:00” level=error msg=“error while appending ca cert to pool for probe kube-scheduler”
Aug 29 13:34:44 k8-master rke2[3240]: time=“2023-08-29T13:34:44+02:00” level=info msg=“Waiting to retrieve kube-proxy configuration; server is not ready: https://127.0.0.1:9345/v1-rke2/readyz: 500 Internal Server Error”
Aug 29 13:34:49 k8-master rancher-system-agent[3037]: time=“2023-08-29T13:34:49+02:00” level=error msg=“error loading CA cert for probe (kube-controller-manager) /var/lib/rancher/rke2/server/tls/kube-controller-manager/kube-controller-manager.crt: open /var/lib/rancher/rke2/server/tls/kube-controller-manager/kube-controller-manager.crt: no such file or directory”
Aug 29 13:34:49 k8-master rancher-system-agent[3037]: time=“2023-08-29T13:34:49+02:00” level=error msg=“error while appending ca cert to pool for probe kube-controller-manager”
Aug 29 13:34:49 k8-master rancher-system-agent[3037]: time=“2023-08-29T13:34:49+02:00” level=error msg=“error loading CA cert for probe (kube-scheduler) /var/lib/rancher/rke2/server/tls/kube-scheduler/kube-scheduler.crt: open /var/lib/rancher/rke2/server/tls/kube-scheduler/kube-scheduler.crt: no such file or directory”

And the cluster won’t setup. With only IPv4 i don’t have this problem

virgiliofilho · March 12, 2024, 4:42pm

i’ve the same problem… do you resolved?

redhat 8.9
rke2 1.26 or 1.27
cert-manager 1.14 or 1.15
rancher 2.8.2

i can deploy:
rke2 (no set plugin cni active, but it’s work with default)- ok
deploy cert-manager - ok
rancher - “not good”

but rancher don’t work well…

with ingress (rke2 or ingress-nginx)
with loadbalancer (i’m trying using metallb)
with nodeport

the rancher stay ‘operational’ but i CAN’T create anothers cluster too, wherever rke2 or k3s.

kubectl logs -n cattle-system -l app=rancher -f

[ERROR] error syncing ‘harvester’: handler feature-handler: Internal error occurred: failed calling webhook “rancher.cattle.io.nodedrivers.management.cattle.io”: failed to call webhook: Post “https://rancher-webhook.cattle-system.svc:443/v1/webhook/validation/nodedrivers.management.cattle.io?timeout=10s”: no endpoints available for service “rancher-webhook”, requeuing

2024/03/12 16:30:58 [ERROR] error syncing ‘all’: handler user-controllers-controller: userControllersController: failed to set peers for key all: failed to start user controllers for cluster c-m-xtkmnbsz: ClusterUnavailable 503: cluster not found, requeuing
2024/03/12 16:31:02 [ERROR] Failed syncing peers [{10.42.0.26 true false}]: failed to start user controllers for cluster c-m-xtkmnbsz: ClusterUnavailable 503: cluster not found
2024/03/12 16:31:02 [ERROR] Failed to handle tunnel request from remote address 192.168.1.56:60728: response 400: cluster not found
2024/03/12 16:31:07 [ERROR] Failed to handle tunnel request from remote address 192.168.1.56:60732: response 400: cluster not found
2024/03/12 16:31:09 [ERROR] error syncing ‘all’: handler user-controllers-controller: userControllersController: failed to set peers for key all: failed to start user controllers for cluster c-m-xtkmnbsz: ClusterUnavailable 503: cluster not found, requeuing
2024/03/12 16:31:10 [INFO] Adding peer wss://10.42.0.27/v3/connect, 10.42.0.27
2024/03/12 16:31:10 [ERROR] Failed syncing peers [{10.42.0.26 [10.42.0.27] true false}]: failed to start user controllers for cluster c-m-xtkmnbsz: ClusterUnavailable 503: cluster not found

Topic		Replies	Views
Can't Add existing, or Create new cluster - Certificate Errors Rancher 2.x	0	981	March 10, 2021
Wrong IP given to Pod Rancher 2.x	6	1999	December 17, 2019
Rancher 2 / ssl / recognized CA Rancher 2.x	4	2673	May 24, 2018
Unable to build or upgrade cluster due to validation error Rancher 2.x	2	2373	January 27, 2020
How to resolve client's certificate: x509 issues when creating a cluster Rancher 2.x	2	5120	June 30, 2021

Dual-Stack RKE2 Cluster cert error

kubectl logs -n cattle-system -l app=rancher -f

Related Topics