Docker run rancher 2.13.1提示configmaps "" not found和TLS

Rancher 2.x
1

Rancher Server 设置

下游集群信息

  • Kubernetes 版本:
  • Cluster Type (Local/Downstream):
    • 如果 Downstream,是什么类型的集群?(自定义/导入或为托管 等):

用户信息

  • 登录用户的角色是什么? (管理员/集群所有者/集群成员/项目所有者/项目成员/自定义):
    • 如果自定义,自定义权限集:

主机操作系统:Alibaba Cloud Elastic Compute Service

问题描述:

重现步骤:

结果:

预期结果:

截图:

其他上下文信息:

日志 
[root@rancher rancher]# docker logs rancher|grep ERROR
I1223 15:35:35.161213      43 warnings.go:110] "Warning: v1 Endpoints is deprecated in v1.33+; use discovery.k8s.io/v1 EndpointSlice"
I1223 15:35:35.163379      43 warnings.go:110] "Warning: v1 Endpoints is deprecated in v1.33+; use discovery.k8s.io/v1 EndpointSlice"
I1223 15:35:35.167286      43 warnings.go:110] "Warning: v1 Endpoints is deprecated in v1.33+; use discovery.k8s.io/v1 EndpointSlice"
I1223 15:35:44.435619      43 handler.go:285] Adding GroupVersion ext.cattle.io v1 to ResourceManager
I1223 15:35:46.308231      43 requestheader_controller.go:180] Starting RequestHeaderAuthRequestController
I1223 15:35:46.308256      43 shared_informer.go:349] "Waiting for caches to sync" controller="RequestHeaderAuthRequestController"
I1223 15:35:46.308303      43 configmap_cafile_content.go:205] "Starting controller" name="client-ca::kube-system::extension-apiserver-authentication::requestheader-client-ca-file"
I1223 15:35:46.308313      43 shared_informer.go:349] "Waiting for caches to sync" controller="client-ca::kube-system::extension-apiserver-authentication::requestheader-client-ca-file"
I1223 15:35:46.309441      43 secure_serving.go:211] Serving securely on [::]:6666
I1223 15:35:46.311288      43 tlsconfig.go:243] "Starting DynamicServingCertificateController"
I1223 15:35:46.409054      43 shared_informer.go:356] "Caches are synced" controller="client-ca::kube-system::extension-apiserver-authentication::requestheader-client-ca-file"
I1223 15:35:46.409060      43 shared_informer.go:356] "Caches are synced" controller="RequestHeaderAuthRequestController"
2025/12/23 15:35:43 [ERROR] RDPClient: error reading connect secret: secrets "api-extension" not found, will attempt to create new one...
2025/12/23 15:35:44 [ERROR] failed to update api service
I1223 15:35:56.933945      43 leaderelection.go:257] attempting to acquire leader lease kube-system/cattle-controllers...
I1223 15:35:56.974451      43 leaderelection.go:271] successfully acquired lease kube-system/cattle-controllers
2025/12/23 15:35:56 [ERROR] getting AuthConfig genericoidc: authconfigs.management.cattle.io "genericoidc" not found
2025/12/23 15:35:56 [ERROR] getting AuthConfig cognito: authconfigs.management.cattle.io "cognito" not found
2025/12/23 15:35:56 [ERROR] failed to call leader func: authconfigs.management.cattle.io "genericoidc" not found
W1223 15:35:57.457554      43 gvks.go:80] Failed to read API for groups: map[ext.cattle.io/v1:stale GroupVersion discovery: ext.cattle.io/v1]
2025/12/23 15:35:57 [ERROR] Failed to read API for groups map[ext.cattle.io/v1:stale GroupVersion discovery: ext.cattle.io/v1]
I1223 15:35:59.248616      43 warnings.go:110] "Warning: v1 Endpoints is deprecated in v1.33+; use discovery.k8s.io/v1 EndpointSlice"
I1223 15:35:59.311957      43 warnings.go:110] "Warning: v1 Endpoints is deprecated in v1.33+; use discovery.k8s.io/v1 EndpointSlice"
W1223 15:36:00.386739      43 gvks.go:80] Failed to read API for groups: map[ext.cattle.io/v1:stale GroupVersion discovery: ext.cattle.io/v1]
I1223 15:36:02.356409      43 warnings.go:110] "Warning: v1 ComponentStatus is deprecated in v1.19+"
I1223 15:36:02.430705      43 warnings.go:110] "Warning: v1 Endpoints is deprecated in v1.33+; use discovery.k8s.io/v1 EndpointSlice"
I1223 15:36:02.671523      43 warnings.go:110] "Warning: v1 Endpoints is deprecated in v1.33+; use discovery.k8s.io/v1 EndpointSlice"
I1223 15:36:02.758856      43 warnings.go:110] "Warning: v1 Endpoints is deprecated in v1.33+; use discovery.k8s.io/v1 EndpointSlice"
W1223 15:36:04.565719      43 gvks.go:80] Failed to read API for groups: map[ext.cattle.io/v1:stale GroupVersion discovery: ext.cattle.io/v1]
I1223 15:36:07.049130      43 warnings.go:110] "Warning: v1 Endpoints is deprecated in v1.33+; use discovery.k8s.io/v1 EndpointSlice"
I1223 15:36:07.387869      43 warnings.go:110] "Warning: v1 ComponentStatus is deprecated in v1.19+"
W1223 15:36:07.711878      43 gvks.go:80] Failed to read API for groups: map[ext.cattle.io/v1:stale GroupVersion discovery: ext.cattle.io/v1]
W1223 15:36:08.172747      43 gvks.go:80] Failed to read API for groups: map[ext.cattle.io/v1:stale GroupVersion discovery: ext.cattle.io/v1]
2025/12/23 15:35:59 [ERROR] Failed to find system chart fleet will try again in 5 seconds: configmaps "" not found
2025/12/23 15:36:00 [ERROR] error syncing 'server-url': handler apiservice-settings: secrets "tls-rancher-internal-ca" not found, requeuing
2025/12/23 15:36:00 [ERROR] error syncing 'server-url': handler apiservice-settings: secrets "tls-rancher-internal-ca" not found, requeuing
2025/12/23 15:36:00 [ERROR] error syncing 'fleet-local/local': handler cluster-create: server url is missing, can't generate kubeconfig for fleet import cluster, requeuing
2025/12/23 15:36:00 [ERROR] error syncing 'fleet-local/local': handler cluster-create: server url is missing, can't generate kubeconfig for fleet import cluster, requeuing
2025/12/23 15:36:00 [ERROR] error syncing 'server-url': handler apiservice-settings: secrets "tls-rancher-internal-ca" not found, requeuing
2025/12/23 15:36:00 [ERROR] error syncing 'fleet-local/local': handler cluster-create: server url is missing, can't generate kubeconfig for fleet import cluster, requeuing
W1223 15:36:09.371555      43 gvks.go:80] Failed to read API for groups: map[ext.cattle.io/v1:stale GroupVersion discovery: ext.cattle.io/v1]
2025/12/23 15:36:00 [ERROR] error syncing 'fleet-local/local': handler cluster-create: server url is missing, can't generate kubeconfig for fleet import cluster, requeuing
2025/12/23 15:36:00 [ERROR] error syncing 'fleet-local/local': handler cluster-create: server url is missing, can't generate kubeconfig for fleet import cluster, requeuing
2025/12/23 15:36:00 [ERROR] error syncing 'server-url': handler apiservice-settings: secrets "tls-rancher-internal-ca" not found, requeuing
2025/12/23 15:36:00 [ERROR] error syncing 'fleet-local/local': handler cluster-create: server url is missing, can't generate kubeconfig for fleet import cluster, requeuing
2025/12/23 15:36:00 [ERROR] error syncing 'fleet-local/local': handler cluster-create: server url is missing, can't generate kubeconfig for fleet import cluster, requeuing
2025/12/23 15:36:00 [ERROR] error syncing 'server-url': handler apiservice-settings: secrets "tls-rancher-internal-ca" not found, requeuing
2025/12/23 15:36:00 [ERROR] error syncing 'fleet-local/local': handler cluster-create: server url is missing, can't generate kubeconfig for fleet import cluster, requeuing
W1223 15:36:10.199308      43 gvks.go:80] Failed to read API for groups: map[ext.cattle.io/v1:stale GroupVersion discovery: ext.cattle.io/v1]
2025/12/23 15:36:01 [ERROR] error syncing 'server-url': handler apiservice-settings: secrets "tls-rancher-internal-ca" not found, requeuing
2025/12/23 15:36:01 [ERROR] error syncing 'server-url': handler apiservice-settings: secrets "tls-rancher-internal-ca" not found, requeuing
2025/12/23 15:36:01 [ERROR] error syncing 'fleet-local/local': handler cluster-create: server url is missing, can't generate kubeconfig for fleet import cluster, requeuing
2025/12/23 15:36:01 [ERROR] error syncing 'server-url': handler apiservice-settings: secrets "tls-rancher-internal-ca" not found, requeuing
2025/12/23 15:36:02 [ERROR] error syncing 'server-url': handler apiservice-settings: secrets "tls-rancher-internal-ca" not found, requeuing
2025/12/23 15:36:02 [ERROR] error syncing 'fleet-local/local': handler cluster-create: server url is missing, can't generate kubeconfig for fleet import cluster, requeuing
2025/12/23 15:36:03 [ERROR] Failed to read API for groups map[ext.cattle.io/v1:stale GroupVersion discovery: ext.cattle.io/v1]
2025/12/23 15:36:04 [ERROR] error syncing 'fleet-local/local': handler cluster-create: server url is missing, can't generate kubeconfig for fleet import cluster, requeuing
2025/12/23 15:36:04 [ERROR] error syncing 'fleet-local/local': handler cluster-create: server url is missing, can't generate kubeconfig for fleet import cluster, requeuing
2025/12/23 15:36:04 [ERROR] Failed to find system chart fleet will try again in 5 seconds: configmaps "" not found
2025/12/23 15:36:05 [ERROR] error syncing 'server-url': handler apiservice-settings: secrets "tls-rancher-internal-ca" not found, requeuing
2025/12/23 15:36:05 [ERROR] error syncing 'server-url': handler apiservice-settings: secrets "tls-rancher-internal-ca" not found, requeuing
2025/12/23 15:36:05 [ERROR] error syncing 'fleet-local/local': handler cluster-create: server url is missing, can't generate kubeconfig for fleet import cluster, requeuing
W1223 15:36:10.859670      43 gvks.go:80] Failed to read API for groups: map[ext.cattle.io/v1:stale GroupVersion discovery: ext.cattle.io/v1]
2025/12/23 15:36:06 [ERROR] http: TLS handshake error from 124.79.210.145:7240: remote error: tls: unknown certificate
2025/12/23 15:36:06 [ERROR] http: TLS handshake error from 124.79.210.145:7241: remote error: tls: unknown certificate
2025/12/23 15:36:07 [ERROR] Failed to read API for groups map[ext.cattle.io/v1:stale GroupVersion discovery: ext.cattle.io/v1]
2025/12/23 15:36:09 [ERROR] Failed to find system chart fleet will try again in 5 seconds: configmaps "" not found
2025/12/23 15:36:10 [ERROR] error syncing 'local/p-5gcfh': handler project-namespace-auth: clusterroles.rbac.authorization.k8s.io "p-5gcfh-namespaces-edit" already exists, requeuing
2025/12/23 15:36:10 [ERROR] namespaceHandler: Sync: error adding project id label to namespace err=Operation cannot be fulfilled on namespaces "kube-node-lease": the object has been modified; please apply your changes to the latest version and try again
2025/12/23 15:36:10 [ERROR] defaultSvcAccountHandler: Sync: error handling default ServiceAccount of namespace key=fleet-local, err=Operation cannot be fulfilled on namespaces "fleet-local": the object has been modified; please apply your changes to the latest version and try again
2025/12/23 15:36:10 [ERROR] namespaceHandler: Sync: error adding project id label to namespace err=Operation cannot be fulfilled on namespaces "default": the object has been modified; please apply your changes to the latest version and try again
2025/12/23 15:36:10 [ERROR] defaultSvcAccountHandler: Sync: error handling default ServiceAccount of namespace key=kube-public, err=Operation cannot be fulfilled on namespaces "kube-public": the object has been modified; please apply your changes to the latest version and try again
2025/12/23 15:36:10 [ERROR] namespaceHandler: Sync: error adding project id label to namespace err=Operation cannot be fulfilled on namespaces "cattle-global-data": the object has been modified; please apply your changes to the latest version and try again
2025/12/23 15:36:10 [ERROR] namespaceHandler: Sync: error adding project id label to namespace err=Operation cannot be fulfilled on namespaces "default": the object has been modified; please apply your changes to the latest version and try again
2025/12/23 15:36:10 [ERROR] namespaceHandler: Sync: error adding project id label to namespace err=Operation cannot be fulfilled on namespaces "cattle-local-user-passwords": the object has been modified; please apply your changes to the latest version and try again
2025/12/23 15:36:10 [ERROR] namespaceHandler: Sync: error adding project id label to namespace err=Operation cannot be fulfilled on namespaces "kube-system": the object has been modified; please apply your changes to the latest version and try again
2025/12/23 15:36:11 [ERROR] namespaceHandler: Sync: error adding project id label to namespace err=Operation cannot be fulfilled on namespaces "fleet-default": the object has been modified; please apply your changes to the latest version and try again
2025/12/23 15:36:11 [ERROR] namespaceHandler: Sync: error adding project id label to namespace err=Operation cannot be fulfilled on namespaces "cattle-system": the object has been modified; please apply your changes to the latest version and try again
2025/12/23 15:36:11 [ERROR] namespaceHandler: Sync: error adding project id label to namespace err=Operation cannot be fulfilled on namespaces "kube-system": the object has been modified; please apply your changes to the latest version and try again
2025/12/23 15:36:11 [ERROR] defaultSvcAccountHandler: Sync: error handling default ServiceAccount of namespace key=kube-public, err=Operation cannot be fulfilled on namespaces "kube-public": the object has been modified; please apply your changes to the latest version and try again
I1223 15:36:12.160469      43 warnings.go:110] "Warning: v1 Endpoints is deprecated in v1.33+; use discovery.k8s.io/v1 EndpointSlice"
I1223 15:36:12.386110      43 warnings.go:110] "Warning: v1 ComponentStatus is deprecated in v1.19+"
2025/12/23 15:36:12 [ERROR] Failed to read API for groups map[ext.cattle.io/v1:stale GroupVersion discovery: ext.cattle.io/v1]
2025/12/23 15:36:12 [ERROR] namespaceHandler: Sync: error adding project id label to namespace err=Operation cannot be fulfilled on namespaces "cattle-impersonation-system": the object has been modified; please apply your changes to the latest version and try again
I1223 15:36:13.947990      43 warnings.go:110] "Warning: v1 ComponentStatus is deprecated in v1.19+"
2025/12/23 15:36:12 [ERROR] defaultSvcAccountHandler: Sync: error handling default ServiceAccount of namespace key=cattle-impersonation-system, err=Operation cannot be fulfilled on namespaces "cattle-impersonation-system": the object has been modified; please apply your changes to the latest version and try again
I1223 15:36:14.081522      43 warnings.go:110] "Warning: v1 Endpoints is deprecated in v1.33+; use discovery.k8s.io/v1 EndpointSlice"
2025/12/23 15:36:14 [ERROR] Failed to find system chart fleet will try again in 5 seconds: configmaps "" not found
2025/12/23 15:36:17 [ERROR] http: TLS handshake error from 124.79.210.145:7277: remote error: tls: unknown certificate
2025/12/23 15:36:17 [ERROR] http: TLS handshake error from 124.79.210.145:7278: remote error: tls: unknown certificate
2025/12/23 15:36:19 [ERROR] Failed to find system chart fleet will try again in 5 seconds: configmaps "" not found
2025/12/23 15:36:24 [ERROR] Failed to find system chart fleet will try again in 5 seconds: configmaps "" not found
2025/12/23 15:36:29 [ERROR] Failed to find system chart fleet will try again in 5 seconds: configmaps "" not found
2025/12/23 15:36:34 [ERROR] Failed to find system chart fleet will try again in 5 seconds: configmaps "" not found
2025/12/23 15:36:39 [ERROR] Failed to find system chart fleet will try again in 5 seconds: configmaps "" not found
2025/12/23 15:36:44 [ERROR] Failed to find system chart fleet will try again in 5 seconds: configmaps "" not found
2025/12/23 15:36:49 [ERROR] Failed to find system chart fleet will try again in 5 seconds: configmaps "" not found
2025/12/23 15:36:54 [ERROR] Failed to find system chart fleet will try again in 5 seconds: configmaps "" not found
2025/12/23 15:36:59 [ERROR] Failed to find system chart fleet will try again in 5 seconds: configmaps "" not found
2025/12/23 15:37:04 [ERROR] Failed to find system chart fleet will try again in 5 seconds: configmaps "" not found
2025/12/23 15:37:09 [ERROR] Failed to find system chart fleet will try again in 5 seconds: configmaps "" not found
2025/12/23 15:37:14 [ERROR] Failed to find system chart fleet will try again in 5 seconds: configmaps "" not found
2025/12/23 15:37:19 [ERROR] namespaceHandler: Sync: error adding project id label to namespace err=Operation cannot be fulfilled on namespaces "cattle-fleet-system": the object has been modified; please apply your changes to the latest version and try again
2025/12/23 15:38:21 [ERROR] Failed to install system chart fleet (release name: fleet): pod cattle-system/helm-operation-scfq2 failed, watch closed
2025/12/23 15:39:24 [ERROR] Failed to install system chart fleet-crd (release name: fleet-crd): pod cattle-system/helm-operation-r68db failed, watch closed
2

打开WEB UI提示 API Aggregation not ready

3

可参考:Docker run 启动 rancher,由于映射数据目录导致 rancher/mirrored-pause 无法拉取 - #2,来自 ksd

4

或者这样也可以:

docker run -d --restart=unless-stopped \
  -p 80:80 -p 443:443 \
  --privileged \
  -e CATTLE_SYSTEM_DEFAULT_REGISTRY=registry.cn-hangzhou.aliyuncs.com \
  -e CATTLE_SYSTEM_CATALOG=bundled \
  --name rancher \
  -v /opt/rancher/data:/var/lib/rancher \
  -v ./registries.yaml:/etc/rancher/k3s/registries.yaml \
  registry.cn-hangzhou.aliyuncs.com/rancher/rancher:v2.13.1


cat ./registries.yaml
mirrors:
  docker.io:
    endpoint:
      - "https://docker.1ms.run"
5

我现在改用helm安装,我设置了systemDefaultRegistry为阿里云的

但是,我查看到 kubectl describe pod rancher-clusterctl-configmap-cleanup-zzmk8 -n cattle-turtles-system 这里面依旧使用了 rancher/kuberlr-kubectl:v5.0.0

目前rancher没有起来,很多pod报错
kubectl logs -f helm-operation-5rwb2 -n cattle-system
Defaulted container “helm” out of: helm, proxy, init-kubeconfig-volume (init)
helm upgrade --history-max=5 --install=true --labels=catalog.cattle.io/cluster-repo-name=rancher-charts --namespace=cattle-turtles-system --reset-values=true --take-ownership=true --timeout=5m0s --values=/home/shell/helm/values-rancher-turtles-108.0.1-up0.25.1.yaml --version=108.0.1+up0.25.1 --wait=true rancher-turtles /home/shell/helm/rancher-turtles-108.0.1-up0.25.1.tgz
Error: UPGRADE FAILED: pre-upgrade hooks failed: 1 error occurred:
* timed out waiting for the condition

6

参考:Rancher Turtles 国内安装如何拉取镜像呢?