I’ve added a cluster with an old version of Kubernetes to Rancher. When realizing it’s not supported I removed it from Rancher but in doing so I lost most of my functionality on the cluster. The kubectl command from a management node with direct connection to the cluster, not through Rancher, only worked on a very high level, like getting Pods and Nodes, but I couldn’t get any logs from Pods for example. It threw a Permission denied error on
kube-apiserver. This was related apparently to the service account created / used by Rancher having some kind of exclusivity on the cluster.
Adding the cluster back to Rancher, even though it provides no functionality, added the service account back and all went back to normal.
My question is, how can it be that a service account created by Rancher when adding a cluster, has such a disastrous effect when removing it?
Anyone have experienced this issue or can indicate what the root cause might be and how to remove a cluster from Rancher without breaking access to said cluster?