vitobotta
commented
4 years ago @mxschmitt Following up to #44... stupid question, how do I upgrade? :D
Closed mxschmitt closed 4 years ago
vitobotta
commented
4 years ago @mxschmitt Following up to #44... stupid question, how do I upgrade? :D
vitobotta
commented
4 years ago Nevermind, I'm stupid :D
mxschmitt
commented
4 years ago @mxschmitt Following up to #44... stupid question, how do I upgrade? :D
UI-Driver URL is the same. So actually you have to only adjust the Docker machine driver URL to the new one. (See readme).
vitobotta
commented
4 years ago Yep just updated and am going to test it now.
spatialy
commented
4 years ago Hi @mxschmitt @vitobotta, we try several times using multiple combinations for the [network selection - use private network checkbox - rancher setting URL as IP or domain resolving to local IP] but the traffic never goes thru the private network. Have you any further recommendations about making this work? Best
ptr1120
commented
4 years ago How do you verify that traffic not goes though private network? Does Rancher show that it uses the private Ip like in the picture at https://github.com/mxschmitt/ui-driver-hetzner/pull/83#issue-395133099?
mxschmitt
commented
4 years ago Hi @mxschmitt @vitobotta, we try several times using multiple combinations for the [network selection - use private network checkbox - rancher setting URL as IP or domain resolving to local IP] but the traffic never goes thru the private network. Have you any further recommendations about making this work? Best
It's important that you have the internal IP of the Rancher host configured in your Rancher settings. Do you have setup that?
spatialy
commented
4 years ago We jusr try again an the results are the same, maybe we are overlooking something in our side for sure.
We install a HA Rancher server with K3s and MySQL as datastore.
If we use the DNS name in the server-url config section as originally set, the cluster go thru all the process until complete using the public interface.
If we change the server-url config to the private ip of the server and spin a new cluster then the nodes never register back to the rancher server ... we see until the register step a lot of traffic between Rancher server and the nodes over the private interface as desire.
Looking into the logs for the containers in the nodes, we see this:
root@master-1:~# docker logs --follow mystifying_carson
INFO: Arguments: --server https://192.168.1.1 --token REDACTED -r -n m-lcsxw
INFO: Environment: CATTLE_ADDRESS=<PUBLIC_IP> CATTLE_AGENT_CONNECT=true CATTLE_INTERNAL_ADDRESS= CATTLE_NODE_NAME=m-lcsxw CATTLE_SERVER=https://192.168.1.1 CATTLE_TOKEN=REDACTED
INFO: Using resolv.conf: nameserver 213.133.98.98 nameserver 213.133.100.100 nameserver 213.133.99.99
ERROR: https://192.168.1.1/ping is not accessible (Failed to connect to 192.168.1.1 port 443: Connection timed out)Any ideas wath we are due wrong?
Thanks a lot for the answers.
Best
spatialy
commented
4 years ago Redoing all from scratch we now get for the attemp on the private address:
root@TEST-WORKER:~# curl https://192.168.1.3
curl: (60) SSL certificate problem: self signed certificate
More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
Changes:
noopener noreferrerto the outgoing linksubuntu-18.04as default image (Closes #82)Before
After
(just temporary clusters, so no worries for sharing the IPs)
Thank you very much @ptr1120 for adding support in the upstream driver and investigating into that specific issue.