winterallen
commented
1 year ago I found a reason:
/etc/cni/net.d/calico-kubeconfig
is not updated after RKE2 cluster certificate rotation
Open winterallen opened 1 year ago
winterallen
commented
1 year ago I found a reason:
/etc/cni/net.d/calico-kubeconfig
is not updated after RKE2 cluster certificate rotation
bennysp
commented
1 year ago @winterallen Having the same problem. Did you find a workaround?
winterallen
commented
1 year ago @winterallen Having the same problem. Did you find a workaround?
Yes, I successfully updated "/etc/cni/net.d/calico-kubeconfig" by upgrading the downstream RKE2 cluster version to v1.24.7+rke2r1, and the cluster returned to normal, but RancherUI prompts "Failed to communicate with API server during namespace check: Unauthorized", you can try to just upgrade the calico version in the test environment, and observe whether "/etc/cni/net.d/calico-kubeconfig" is updated
winterallen
commented
1 year ago @winterallen Having the same problem. Did you find a workaround?
Yes, I successfully updated "/etc/cni/net.d/calico-kubeconfig" by upgrading the downstream RKE2 cluster version to v1.24.7+rke2r1, and the cluster returned to normal, but RancherUI prompts "Failed to communicate with API server during namespace check: Unauthorized", you can try to just upgrade the calico version in the test environment, and observe whether "/etc/cni/net.d/calico-kubeconfig" is updated
RKE2 version v1.21.5+rke2r2 when not upgraded
Rancher Server Setup
Information about the Cluster
Downstream cluster rotation certificate updated kubeconfig, rancher operation downstream cluster appears
the downstream cluster is REK2 created in advance, and the cluster is imported through rancher cluster management
what do I need to do to get rancher back in control of the downstream cluster