Import existing cluster into rancher

rafik · February 14, 2023, 3:22pm

Hello, I have a Rancher server in a single node installation.
I want to import a RKE2 cluster into my Rancher.

When I try to generate the import command, the result is empty commands:

rbahri@testmachine:~% rancher cluster create mycluster --import                                                                                                                                                                       
Successfully created cluster mycluster
                                                                                                                                                                                                         
rbahri@testmachine:~% rancher cluster import mycluster                                                                                                                                                                                
Run the following command in your cluster:


If you get an error about 'certificate signed by unknown authority' because your Rancher installation is running with an untrusted/self-signed SSL certificate, run the command below instead to bypass the certificate check:

Here are the Rancher server logs

2023/02/14 15:20:12 [INFO] [mgmt-cluster-rbac-delete] Creating namespace c-x2hbn
2023/02/14 15:20:12 [INFO] [mgmt-cluster-rbac-delete] Creating Default project for cluster c-x2hbn
2023/02/14 15:20:12 [INFO] [mgmt-project-rbac-create] Creating namespace p-xvpvw
2023/02/14 15:20:12 [INFO] [mgmt-cluster-rbac-delete] Creating System project for cluster c-x2hbn
2023/02/14 15:20:12 [INFO] [mgmt-project-rbac-create] Creating namespace p-jg59z
2023/02/14 15:20:12 [INFO] [mgmt-cluster-rbac-delete] Updating cluster c-x2hbn
2023/02/14 15:20:12 [ERROR] defaultSvcAccountHandler: Sync: error handling default ServiceAccount of namespace key=c-x2hbn, err=Operation cannot be fulfilled on namespaces "c-x2hbn": the object has been modified; please apply your changes to the latest version and try again
2023/02/14 15:20:12 [INFO] [mgmt-project-rbac-create] Creating creator projectRoleTemplateBinding for user user-hx622 for project p-xvpvw
2023/02/14 15:20:12 [INFO] [mgmt-project-rbac-create] Creating creator clusterRoleTemplateBinding for user user-hx622 for cluster c-x2hbn
2023/02/14 15:20:12 [INFO] [mgmt-project-rbac-create] Creating creator projectRoleTemplateBinding for user user-hx622 for project p-jg59z
2023/02/14 15:20:12 [INFO] [mgmt-auth-crtb-controller] Setting InitialRolesPopulated condition on project p-jg59z
2023/02/14 15:20:12 [ERROR] defaultSvcAccountHandler: Sync: error handling default ServiceAccount of namespace key=p-xvpvw, err=Operation cannot be fulfilled on namespaces "p-xvpvw": the object has been modified; please apply your changes to the latest version and try again
2023/02/14 15:20:12 [INFO] [mgmt-auth-prtb-controller] Creating role/clusterRole p-jg59z-projectowner
2023/02/14 15:20:12 [INFO] [mgmt-project-rbac-create] Updating project p-jg59z
2023/02/14 15:20:12 [INFO] [mgmt-auth-crtb-controller] Creating role/clusterRole c-x2hbn-clusterowner
2023/02/14 15:20:12 [INFO] [mgmt-auth-crtb-controller] Setting InitialRolesPopulated condition on project p-xvpvw
2023/02/14 15:20:12 [INFO] [mgmt-auth-crtb-controller] Setting InitialRolesPopulated condition on cluster c-x2hbn
2023/02/14 15:20:12 [INFO] [mgmt-cluster-rbac-delete] Updating cluster c-x2hbn
2023/02/14 15:20:12 [INFO] [mgmt-auth-prtb-controller] Creating roleBinding for membership in project p-jg59z for subject user-hx622
2023/02/14 15:20:12 [INFO] [mgmt-auth-crtb-controller] Creating clusterRoleBinding for membership in cluster c-x2hbn for subject user-hx622
2023/02/14 15:20:12 [INFO] [mgmt-auth-prtb-controller] Creating role/clusterRole p-xvpvw-projectowner
2023/02/14 15:20:12 [INFO] [mgmt-project-rbac-create] Updating project p-xvpvw
2023/02/14 15:20:12 [INFO] [mgmt-auth-crtb-controller] Creating role cluster-owner in namespace c-x2hbn
2023/02/14 15:20:12 [INFO] [mgmt-auth-prtb-controller] Creating role/clusterRole c-x2hbn-clustermember
2023/02/14 15:20:12 [INFO] [mgmt-project-rbac-create] Updating project p-jg59z
2023/02/14 15:20:12 [ERROR] defaultSvcAccountHandler: Sync: error handling default ServiceAccount of namespace key=p-jg59z, err=Operation cannot be fulfilled on namespaces "p-jg59z": the object has been modified; please apply your changes to the latest version and try again
2023/02/14 15:20:12 [INFO] [mgmt-auth-prtb-controller] Creating roleBinding for membership in project p-xvpvw for subject user-hx622
2023/02/14 15:20:12 [INFO] [mgmt-auth-crtb-controller] Creating roleBinding for subject user-hx622 with role cluster-owner in namespace c-x2hbn
2023/02/14 15:20:12 [INFO] [mgmt-auth-prtb-controller] Creating clusterRoleBinding for membership in cluster c-x2hbn for subject user-hx622
2023/02/14 15:20:12 [INFO] [mgmt-auth-prtb-controller] Creating clusterRoleBinding for membership in cluster c-x2hbn for subject user-hx622
2023/02/14 15:20:12 [INFO] [mgmt-auth-prtb-controller] Creating role project-owner in namespace c-x2hbn
2023/02/14 15:20:12 [INFO] [mgmt-project-rbac-create] Updating project p-xvpvw
2023/02/14 15:20:12 [INFO] [mgmt-auth-crtb-controller] Creating role cluster-owner in namespace p-xvpvw
2023/02/14 15:20:12 [ERROR] defaultSvcAccountHandler: Sync: error handling default ServiceAccount of namespace key=p-jg59z, err=Operation cannot be fulfilled on namespaces "p-jg59z": the object has been modified; please apply your changes to the latest version and try again
2023/02/14 15:20:12 [INFO] [mgmt-auth-prtb-controller] Creating roleBinding for subject user-hx622 with role project-owner in namespace c-x2hbn
2023/02/14 15:20:12 [INFO] [mgmt-auth-crtb-controller] Creating roleBinding for subject user-hx622 with role cluster-owner in namespace p-xvpvw
2023/02/14 15:20:12 [INFO] [mgmt-auth-prtb-controller] Updating clusterRoleBinding crb-rsyzume4yj for cluster membership in cluster c-x2hbn for subject user-hx622
2023/02/14 15:20:12 [INFO] [mgmt-auth-prtb-controller] Creating role project-owner in namespace p-jg59z
2023/02/14 15:20:12 [INFO] [mgmt-auth-crtb-controller] Creating role cluster-owner in namespace p-jg59z
2023/02/14 15:20:12 [INFO] [mgmt-auth-prtb-controller] Creating roleBinding for subject user-hx622 with role project-owner in namespace c-x2hbn
2023/02/14 15:20:12 [INFO] [mgmt-auth-prtb-controller] Creating role admin in namespace p-jg59z
2023/02/14 15:20:12 [INFO] [mgmt-auth-crtb-controller] Creating roleBinding for subject user-hx622 with role cluster-owner in namespace p-jg59z
2023/02/14 15:20:12 [INFO] [mgmt-auth-prtb-controller] Creating role project-owner in namespace p-xvpvw
2023/02/14 15:20:12 [INFO] [mgmt-auth-prtb-controller] Creating roleBinding for subject user-hx622 with role admin in namespace p-jg59z
2023/02/14 15:20:12 [INFO] [mgmt-auth-prtb-controller] Creating role admin in namespace p-xvpvw
2023/02/14 15:20:12 [INFO] [mgmt-auth-prtb-controller] Creating roleBinding for subject user-hx622 with role project-owner in namespace p-xvpvw
2023/02/14 15:20:12 [INFO] [mgmt-auth-prtb-controller] Creating roleBinding for subject user-hx622 with role project-owner in namespace p-jg59z
2023/02/14 15:20:12 [INFO] [mgmt-auth-prtb-controller] Creating roleBinding for subject user-hx622 with role admin in namespace p-xvpvw
2023/02/14 15:20:13 [INFO] [mgmt-cluster-rbac-delete] Updating cluster c-x2hbn

Rancher server version: v2.7.1
Rancher CLI version: v2.6.0 (since v2.6.4+ has a blocking bug when rancher-cli v2.6.4 errors out trying to create an imported cluster. · Issue #37574 · rancher/rancher · GitHub)

Any help please? Workarounds or other ways to import the cluster?
Thank you!

daemonadmin · February 17, 2023, 9:45am

rafik:

tHandler: Sync: error handling default ServiceAccount of namespace key=p-jg59z, err=Operation cannot be fulfilled on namespaces "p-jg59z": the object has been modified; please apply your changes to the latest version and try again
2023/02/14 15:20:12 [INFO] [mgmt-auth-prtb-controller] Creating roleBin

Hello! Try to import cluster via Rancher UI. Also try to use CLI downloaded from Rancher UI:
http(s)://your-rancher-url/dashboard/about (section CLI Downloads).

If your version is 2.7.1 look at this post (rancher cli = 2.7.0):

rafik · March 14, 2023, 3:39pm

Thanks ! I figured out the problem.
In my case, I wanted to write a playbook to :

Install Rancher (Docker container single node mode)
Import an existing RKE2 cluster into Rancher using the rancher-cli

Here’s the solution to my problem :
Assuming Rancher is installed

Install rancher-cli
rancher token --user {{ rancher_admin_user }} --server {{ rancher_url }}
rancher login --token {{ token }} {{ rancher_url }}
rancher settings set server-url {{ rancher_url }} # This command validates the Server URL for Rancher, otherwise it will ask you to validate it when you open the Rancher UI for the first time. After the validation, Rancher will update his TLS certificate.
rancher cluster create {{ cluster_name }} --import
rancher cluster import -q {{ cluster_name }} | head -1 # The command youn need to run to import your cluster !

Good luck.

Topic		Replies	Views
I need help with importing my cluster	2	1056	October 10, 2019
Help importing cluster Rancher	3	2284	October 4, 2018
Certificate issue on import k3s node to rancher manager Rancher	3	1845	May 17, 2021
Cattle-cluster-agent "certificate signed by unknown authority" Rancher	1	712	January 2, 2024
Problem importing rke2 cluster Rancher	2	1166	November 7, 2022

Import existing cluster into rancher

Related topics