The Rancher CAPR planner apparently queries this anonymously to get the IP address of the first etcd node (to be used as the init node), instead of just using the address of the first node with the etcd label.
K3s itself uses auth when retrieving this resource, but since Rancher does not we need to make it available anonymously again - at least from localhost.
Types of Changes
integration/ bugfix
Verification
curl -ks https://localhost:6443/db/info on an etcd node.
Build a split-role cluster from Rancher, confirm all the nodes join properly.
Proposed Changes
The Rancher CAPR planner apparently queries this anonymously to get the IP address of the first etcd node (to be used as the init node), instead of just using the address of the first node with the etcd label.
K3s itself uses auth when retrieving this resource, but since Rancher does not we need to make it available anonymously again - at least from localhost.
Types of Changes
integration/ bugfix
Verification
curl -ks https://localhost:6443/db/info
on an etcd node.Testing
Linked Issues
User-Facing Change
Further Comments