New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[BUG] Enabling ACE after cluster provisioning results in unusable kubeconfig contexts #41832
Comments
duplicate of #42255 |
Same issue here, with the stable rancher and provisioning latest RKE2. |
As workaround restarting upstream rancher pods on local cluster fixes the issue. I am running Rancher 2.7.1 v1.24.10+rke2r1. |
running Rancher 2.8 and K8s v1.26.11 +rke2r1 - same problem. |
Running Rancher v2.8.2 and can confirm the issue and the resolution was to restart the Upstream Rancher Pods. |
+1 on Rancher 2.8.2 here, and also affected by this bug. For us, a |
Not sure if exactly the same issue. We have Rancher v2.7.9 and the CRDs for I can see in my kube-audit logs on a working rke2 cluster for an event with
And that |
Will this problem be fixed in the next version? ? ? Currently I am using v2.8.3 and also encountered |
Rancher Server Setup
Information about the Cluster
User Information
Describe the bug
When you create a RKE2 cluster on existing nodes or provisioned through and activate "Authorized Cluster Endpoint" after the cluster is available; connecting to the ACE endpoint results in a "401 Unauthorized" even though there is a cert/token present.
The ACE works fine if it is enabled when creating the cluster. This behavior only occurs when enabling ACE after creation.
To Reproduce
Result
The ACE context does not work.
Expected Result
The ACE should work exactly as it does if it is enabled during provisioning -> e.g. exactly like a regular k8s context hitting the infrastructure node(s).
Screenshots
n/a
Additional context
clusterauthtoken
aren't present, thus the kube-api-proxy pod barks about not being able to fetch the token when the user comes in on the ACE endpointalways_install_token_crds.diff
SURE-6359
SURE-6353
The text was updated successfully, but these errors were encountered: