Docker run rancher 2.13.1提示configmaps "" not found和TLS

Rancher 2.x
1

Rancher Server 设置

下游集群信息

  • Kubernetes 版本:
  • Cluster Type (Local/Downstream):
    • 如果 Downstream,是什么类型的集群?(自定义/导入或为托管 等):

用户信息

  • 登录用户的角色是什么? (管理员/集群所有者/集群成员/项目所有者/项目成员/自定义):
    • 如果自定义,自定义权限集:

主机操作系统:Alibaba Cloud Elastic Compute Service

问题描述:

重现步骤:

结果:

预期结果:

截图:

其他上下文信息:

日志 
[root@rancher rancher]# docker logs rancher|grep ERROR
I1223 15:35:35.161213      43 warnings.go:110] "Warning: v1 Endpoints is deprecated in v1.33+; use discovery.k8s.io/v1 EndpointSlice"
I1223 15:35:35.163379      43 warnings.go:110] "Warning: v1 Endpoints is deprecated in v1.33+; use discovery.k8s.io/v1 EndpointSlice"
I1223 15:35:35.167286      43 warnings.go:110] "Warning: v1 Endpoints is deprecated in v1.33+; use discovery.k8s.io/v1 EndpointSlice"
I1223 15:35:44.435619      43 handler.go:285] Adding GroupVersion ext.cattle.io v1 to ResourceManager
I1223 15:35:46.308231      43 requestheader_controller.go:180] Starting RequestHeaderAuthRequestController
I1223 15:35:46.308256      43 shared_informer.go:349] "Waiting for caches to sync" controller="RequestHeaderAuthRequestController"
I1223 15:35:46.308303      43 configmap_cafile_content.go:205] "Starting controller" name="client-ca::kube-system::extension-apiserver-authentication::requestheader-client-ca-file"
I1223 15:35:46.308313      43 shared_informer.go:349] "Waiting for caches to sync" controller="client-ca::kube-system::extension-apiserver-authentication::requestheader-client-ca-file"
I1223 15:35:46.309441      43 secure_serving.go:211] Serving securely on [::]:6666
I1223 15:35:46.311288      43 tlsconfig.go:243] "Starting DynamicServingCertificateController"
I1223 15:35:46.409054      43 shared_informer.go:356] "Caches are synced" controller="client-ca::kube-system::extension-apiserver-authentication::requestheader-client-ca-file"
I1223 15:35:46.409060      43 shared_informer.go:356] "Caches are synced" controller="RequestHeaderAuthRequestController"
2025/12/23 15:35:43 [ERROR] RDPClient: error reading connect secret: secrets "api-extension" not found, will attempt to create new one...
2025/12/23 15:35:44 [ERROR] failed to update api service
I1223 15:35:56.933945      43 leaderelection.go:257] attempting to acquire leader lease kube-system/cattle-controllers...
I1223 15:35:56.974451      43 leaderelection.go:271] successfully acquired lease kube-system/cattle-controllers
2025/12/23 15:35:56 [ERROR] getting AuthConfig genericoidc: authconfigs.management.cattle.io "genericoidc" not found
2025/12/23 15:35:56 [ERROR] getting AuthConfig cognito: authconfigs.management.cattle.io "cognito" not found
2025/12/23 15:35:56 [ERROR] failed to call leader func: authconfigs.management.cattle.io "genericoidc" not found
W1223 15:35:57.457554      43 gvks.go:80] Failed to read API for groups: map[ext.cattle.io/v1:stale GroupVersion discovery: ext.cattle.io/v1]
2025/12/23 15:35:57 [ERROR] Failed to read API for groups map[ext.cattle.io/v1:stale GroupVersion discovery: ext.cattle.io/v1]
I1223 15:35:59.248616      43 warnings.go:110] "Warning: v1 Endpoints is deprecated in v1.33+; use discovery.k8s.io/v1 EndpointSlice"
I1223 15:35:59.311957      43 warnings.go:110] "Warning: v1 Endpoints is deprecated in v1.33+; use discovery.k8s.io/v1 EndpointSlice"
W1223 15:36:00.386739      43 gvks.go:80] Failed to read API for groups: map[ext.cattle.io/v1:stale GroupVersion discovery: ext.cattle.io/v1]
I1223 15:36:02.356409      43 warnings.go:110] "Warning: v1 ComponentStatus is deprecated in v1.19+"
I1223 15:36:02.430705      43 warnings.go:110] "Warning: v1 Endpoints is deprecated in v1.33+; use discovery.k8s.io/v1 EndpointSlice"
I1223 15:36:02.671523      43 warnings.go:110] "Warning: v1 Endpoints is deprecated in v1.33+; use discovery.k8s.io/v1 EndpointSlice"
I1223 15:36:02.758856      43 warnings.go:110] "Warning: v1 Endpoints is deprecated in v1.33+; use discovery.k8s.io/v1 EndpointSlice"
W1223 15:36:04.565719      43 gvks.go:80] Failed to read API for groups: map[ext.cattle.io/v1:stale GroupVersion discovery: ext.cattle.io/v1]
I1223 15:36:07.049130      43 warnings.go:110] "Warning: v1 Endpoints is deprecated in v1.33+; use discovery.k8s.io/v1 EndpointSlice"
I1223 15:36:07.387869      43 warnings.go:110] "Warning: v1 ComponentStatus is deprecated in v1.19+"
W1223 15:36:07.711878      43 gvks.go:80] Failed to read API for groups: map[ext.cattle.io/v1:stale GroupVersion discovery: ext.cattle.io/v1]
W1223 15:36:08.172747      43 gvks.go:80] Failed to read API for groups: map[ext.cattle.io/v1:stale GroupVersion discovery: ext.cattle.io/v1]
2025/12/23 15:35:59 [ERROR] Failed to find system chart fleet will try again in 5 seconds: configmaps "" not found
2025/12/23 15:36:00 [ERROR] error syncing 'server-url': handler apiservice-settings: secrets "tls-rancher-internal-ca" not found, requeuing
2025/12/23 15:36:00 [ERROR] error syncing 'server-url': handler apiservice-settings: secrets "tls-rancher-internal-ca" not found, requeuing
2025/12/23 15:36:00 [ERROR] error syncing 'fleet-local/local': handler cluster-create: server url is missing, can't generate kubeconfig for fleet import cluster, requeuing
2025/12/23 15:36:00 [ERROR] error syncing 'fleet-local/local': handler cluster-create: server url is missing, can't generate kubeconfig for fleet import cluster, requeuing
2025/12/23 15:36:00 [ERROR] error syncing 'server-url': handler apiservice-settings: secrets "tls-rancher-internal-ca" not found, requeuing
2025/12/23 15:36:00 [ERROR] error syncing 'fleet-local/local': handler cluster-create: server url is missing, can't generate kubeconfig for fleet import cluster, requeuing
W1223 15:36:09.371555      43 gvks.go:80] Failed to read API for groups: map[ext.cattle.io/v1:stale GroupVersion discovery: ext.cattle.io/v1]
2025/12/23 15:36:00 [ERROR] error syncing 'fleet-local/local': handler cluster-create: server url is missing, can't generate kubeconfig for fleet import cluster, requeuing
2025/12/23 15:36:00 [ERROR] error syncing 'fleet-local/local': handler cluster-create: server url is missing, can't generate kubeconfig for fleet import cluster, requeuing
2025/12/23 15:36:00 [ERROR] error syncing 'server-url': handler apiservice-settings: secrets "tls-rancher-internal-ca" not found, requeuing
2025/12/23 15:36:00 [ERROR] error syncing 'fleet-local/local': handler cluster-create: server url is missing, can't generate kubeconfig for fleet import cluster, requeuing
2025/12/23 15:36:00 [ERROR] error syncing 'fleet-local/local': handler cluster-create: server url is missing, can't generate kubeconfig for fleet import cluster, requeuing
2025/12/23 15:36:00 [ERROR] error syncing 'server-url': handler apiservice-settings: secrets "tls-rancher-internal-ca" not found, requeuing
2025/12/23 15:36:00 [ERROR] error syncing 'fleet-local/local': handler cluster-create: server url is missing, can't generate kubeconfig for fleet import cluster, requeuing
W1223 15:36:10.199308      43 gvks.go:80] Failed to read API for groups: map[ext.cattle.io/v1:stale GroupVersion discovery: ext.cattle.io/v1]
2025/12/23 15:36:01 [ERROR] error syncing 'server-url': handler apiservice-settings: secrets "tls-rancher-internal-ca" not found, requeuing
2025/12/23 15:36:01 [ERROR] error syncing 'server-url': handler apiservice-settings: secrets "tls-rancher-internal-ca" not found, requeuing
2025/12/23 15:36:01 [ERROR] error syncing 'fleet-local/local': handler cluster-create: server url is missing, can't generate kubeconfig for fleet import cluster, requeuing
2025/12/23 15:36:01 [ERROR] error syncing 'server-url': handler apiservice-settings: secrets "tls-rancher-internal-ca" not found, requeuing
2025/12/23 15:36:02 [ERROR] error syncing 'server-url': handler apiservice-settings: secrets "tls-rancher-internal-ca" not found, requeuing
2025/12/23 15:36:02 [ERROR] error syncing 'fleet-local/local': handler cluster-create: server url is missing, can't generate kubeconfig for fleet import cluster, requeuing
2025/12/23 15:36:03 [ERROR] Failed to read API for groups map[ext.cattle.io/v1:stale GroupVersion discovery: ext.cattle.io/v1]
2025/12/23 15:36:04 [ERROR] error syncing 'fleet-local/local': handler cluster-create: server url is missing, can't generate kubeconfig for fleet import cluster, requeuing
2025/12/23 15:36:04 [ERROR] error syncing 'fleet-local/local': handler cluster-create: server url is missing, can't generate kubeconfig for fleet import cluster, requeuing
2025/12/23 15:36:04 [ERROR] Failed to find system chart fleet will try again in 5 seconds: configmaps "" not found
2025/12/23 15:36:05 [ERROR] error syncing 'server-url': handler apiservice-settings: secrets "tls-rancher-internal-ca" not found, requeuing
2025/12/23 15:36:05 [ERROR] error syncing 'server-url': handler apiservice-settings: secrets "tls-rancher-internal-ca" not found, requeuing
2025/12/23 15:36:05 [ERROR] error syncing 'fleet-local/local': handler cluster-create: server url is missing, can't generate kubeconfig for fleet import cluster, requeuing
W1223 15:36:10.859670      43 gvks.go:80] Failed to read API for groups: map[ext.cattle.io/v1:stale GroupVersion discovery: ext.cattle.io/v1]
2025/12/23 15:36:06 [ERROR] http: TLS handshake error from 124.79.210.145:7240: remote error: tls: unknown certificate
2025/12/23 15:36:06 [ERROR] http: TLS handshake error from 124.79.210.145:7241: remote error: tls: unknown certificate
2025/12/23 15:36:07 [ERROR] Failed to read API for groups map[ext.cattle.io/v1:stale GroupVersion discovery: ext.cattle.io/v1]
2025/12/23 15:36:09 [ERROR] Failed to find system chart fleet will try again in 5 seconds: configmaps "" not found
2025/12/23 15:36:10 [ERROR] error syncing 'local/p-5gcfh': handler project-namespace-auth: clusterroles.rbac.authorization.k8s.io "p-5gcfh-namespaces-edit" already exists, requeuing
2025/12/23 15:36:10 [ERROR] namespaceHandler: Sync: error adding project id label to namespace err=Operation cannot be fulfilled on namespaces "kube-node-lease": the object has been modified; please apply your changes to the latest version and try again
2025/12/23 15:36:10 [ERROR] defaultSvcAccountHandler: Sync: error handling default ServiceAccount of namespace key=fleet-local, err=Operation cannot be fulfilled on namespaces "fleet-local": the object has been modified; please apply your changes to the latest version and try again
2025/12/23 15:36:10 [ERROR] namespaceHandler: Sync: error adding project id label to namespace err=Operation cannot be fulfilled on namespaces "default": the object has been modified; please apply your changes to the latest version and try again
2025/12/23 15:36:10 [ERROR] defaultSvcAccountHandler: Sync: error handling default ServiceAccount of namespace key=kube-public, err=Operation cannot be fulfilled on namespaces "kube-public": the object has been modified; please apply your changes to the latest version and try again
2025/12/23 15:36:10 [ERROR] namespaceHandler: Sync: error adding project id label to namespace err=Operation cannot be fulfilled on namespaces "cattle-global-data": the object has been modified; please apply your changes to the latest version and try again
2025/12/23 15:36:10 [ERROR] namespaceHandler: Sync: error adding project id label to namespace err=Operation cannot be fulfilled on namespaces "default": the object has been modified; please apply your changes to the latest version and try again
2025/12/23 15:36:10 [ERROR] namespaceHandler: Sync: error adding project id label to namespace err=Operation cannot be fulfilled on namespaces "cattle-local-user-passwords": the object has been modified; please apply your changes to the latest version and try again
2025/12/23 15:36:10 [ERROR] namespaceHandler: Sync: error adding project id label to namespace err=Operation cannot be fulfilled on namespaces "kube-system": the object has been modified; please apply your changes to the latest version and try again
2025/12/23 15:36:11 [ERROR] namespaceHandler: Sync: error adding project id label to namespace err=Operation cannot be fulfilled on namespaces "fleet-default": the object has been modified; please apply your changes to the latest version and try again
2025/12/23 15:36:11 [ERROR] namespaceHandler: Sync: error adding project id label to namespace err=Operation cannot be fulfilled on namespaces "cattle-system": the object has been modified; please apply your changes to the latest version and try again
2025/12/23 15:36:11 [ERROR] namespaceHandler: Sync: error adding project id label to namespace err=Operation cannot be fulfilled on namespaces "kube-system": the object has been modified; please apply your changes to the latest version and try again
2025/12/23 15:36:11 [ERROR] defaultSvcAccountHandler: Sync: error handling default ServiceAccount of namespace key=kube-public, err=Operation cannot be fulfilled on namespaces "kube-public": the object has been modified; please apply your changes to the latest version and try again
I1223 15:36:12.160469      43 warnings.go:110] "Warning: v1 Endpoints is deprecated in v1.33+; use discovery.k8s.io/v1 EndpointSlice"
I1223 15:36:12.386110      43 warnings.go:110] "Warning: v1 ComponentStatus is deprecated in v1.19+"
2025/12/23 15:36:12 [ERROR] Failed to read API for groups map[ext.cattle.io/v1:stale GroupVersion discovery: ext.cattle.io/v1]
2025/12/23 15:36:12 [ERROR] namespaceHandler: Sync: error adding project id label to namespace err=Operation cannot be fulfilled on namespaces "cattle-impersonation-system": the object has been modified; please apply your changes to the latest version and try again
I1223 15:36:13.947990      43 warnings.go:110] "Warning: v1 ComponentStatus is deprecated in v1.19+"
2025/12/23 15:36:12 [ERROR] defaultSvcAccountHandler: Sync: error handling default ServiceAccount of namespace key=cattle-impersonation-system, err=Operation cannot be fulfilled on namespaces "cattle-impersonation-system": the object has been modified; please apply your changes to the latest version and try again
I1223 15:36:14.081522      43 warnings.go:110] "Warning: v1 Endpoints is deprecated in v1.33+; use discovery.k8s.io/v1 EndpointSlice"
2025/12/23 15:36:14 [ERROR] Failed to find system chart fleet will try again in 5 seconds: configmaps "" not found
2025/12/23 15:36:17 [ERROR] http: TLS handshake error from 124.79.210.145:7277: remote error: tls: unknown certificate
2025/12/23 15:36:17 [ERROR] http: TLS handshake error from 124.79.210.145:7278: remote error: tls: unknown certificate
2025/12/23 15:36:19 [ERROR] Failed to find system chart fleet will try again in 5 seconds: configmaps "" not found
2025/12/23 15:36:24 [ERROR] Failed to find system chart fleet will try again in 5 seconds: configmaps "" not found
2025/12/23 15:36:29 [ERROR] Failed to find system chart fleet will try again in 5 seconds: configmaps "" not found
2025/12/23 15:36:34 [ERROR] Failed to find system chart fleet will try again in 5 seconds: configmaps "" not found
2025/12/23 15:36:39 [ERROR] Failed to find system chart fleet will try again in 5 seconds: configmaps "" not found
2025/12/23 15:36:44 [ERROR] Failed to find system chart fleet will try again in 5 seconds: configmaps "" not found
2025/12/23 15:36:49 [ERROR] Failed to find system chart fleet will try again in 5 seconds: configmaps "" not found
2025/12/23 15:36:54 [ERROR] Failed to find system chart fleet will try again in 5 seconds: configmaps "" not found
2025/12/23 15:36:59 [ERROR] Failed to find system chart fleet will try again in 5 seconds: configmaps "" not found
2025/12/23 15:37:04 [ERROR] Failed to find system chart fleet will try again in 5 seconds: configmaps "" not found
2025/12/23 15:37:09 [ERROR] Failed to find system chart fleet will try again in 5 seconds: configmaps "" not found
2025/12/23 15:37:14 [ERROR] Failed to find system chart fleet will try again in 5 seconds: configmaps "" not found
2025/12/23 15:37:19 [ERROR] namespaceHandler: Sync: error adding project id label to namespace err=Operation cannot be fulfilled on namespaces "cattle-fleet-system": the object has been modified; please apply your changes to the latest version and try again
2025/12/23 15:38:21 [ERROR] Failed to install system chart fleet (release name: fleet): pod cattle-system/helm-operation-scfq2 failed, watch closed
2025/12/23 15:39:24 [ERROR] Failed to install system chart fleet-crd (release name: fleet-crd): pod cattle-system/helm-operation-r68db failed, watch closed
2

打开WEB UI提示 API Aggregation not ready

3

可参考:Docker run 启动 rancher,由于映射数据目录导致 rancher/mirrored-pause 无法拉取 - #2,来自 ksd

4

或者这样也可以:

docker run -d --restart=unless-stopped \
  -p 80:80 -p 443:443 \
  --privileged \
  -e CATTLE_SYSTEM_DEFAULT_REGISTRY=registry.cn-hangzhou.aliyuncs.com \
  -e CATTLE_SYSTEM_CATALOG=bundled \
  --name rancher \
  -v /opt/rancher/data:/var/lib/rancher \
  -v ./registries.yaml:/etc/rancher/k3s/registries.yaml \
  registry.cn-hangzhou.aliyuncs.com/rancher/rancher:v2.13.1


cat ./registries.yaml
mirrors:
  docker.io:
    endpoint:
      - "https://docker.1ms.run"
5

我现在改用helm安装,我设置了systemDefaultRegistry为阿里云的

但是,我查看到 kubectl describe pod rancher-clusterctl-configmap-cleanup-zzmk8 -n cattle-turtles-system 这里面依旧使用了 rancher/kuberlr-kubectl:v5.0.0

目前rancher没有起来,很多pod报错
kubectl logs -f helm-operation-5rwb2 -n cattle-system
Defaulted container “helm” out of: helm, proxy, init-kubeconfig-volume (init)
helm upgrade --history-max=5 --install=true --labels=catalog.cattle.io/cluster-repo-name=rancher-charts --namespace=cattle-turtles-system --reset-values=true --take-ownership=true --timeout=5m0s --values=/home/shell/helm/values-rancher-turtles-108.0.1-up0.25.1.yaml --version=108.0.1+up0.25.1 --wait=true rancher-turtles /home/shell/helm/rancher-turtles-108.0.1-up0.25.1.tgz
Error: UPGRADE FAILED: pre-upgrade hooks failed: 1 error occurred:
* timed out waiting for the condition

6

参考:Rancher Turtles 国内安装如何拉取镜像呢?

7

感觉国内安装rancher真的很复杂

我用docker安装后,不挂在任何东西,现在是这样

[root@iZ0jlhk6tsh51xu9wxyvipZ ~]# docker run -d --restart=unless-stopped -p 80:80 -p 443:443 --privileged -e CATTLE_SYSTEM_DEFAULT_REGISTRY=registry.cn-hangzhou.aliyuncs.com -e CATTLE_SYSTEM_CATALOG=bundled --name rancher registry.cn-hangzhou.aliyuncs.com/rancher/rancher:v2.13.1
acadd283fcdc41efec9a696ec1807f4b5c77d1d4b1523d99d6150feedda2f123
[root@iZ0jlhk6tsh51xu9wxyvipZ ~]# docker logs -f rancher
Restoring git repositories:

  • /var/lib/rancher-data/local-catalogs/v2/rancher-charts/4b40cac650031b74776e87c1a726b0484d0877c3ec137da0872547ff9b73a721/.git
    Your branch is up to date with ‘origin/release-v2.13’.
    /var/lib/rancher
  • /var/lib/rancher-data/local-catalogs/v2/rancher-rke2-charts/675f1b63a0a83905972dcab2794479ed599a6f41b86cd6193d69472d0fa889c9/.git
    Your branch is up to date with ‘origin/main’.
    /var/lib/rancher
  • /var/lib/rancher-data/local-catalogs/v2/rancher-partner-charts/8f17acdce9bffd6e05a58a3798840e408c4ea71783381ecd2e9af30baad65974/.git
    Your branch is up to date with ‘origin/main’.
    /var/lib/rancher
    2025/12/27 15:25:00 [INFO] Rancher version v2.13.1 (4c2e04b310799e106c48d7e36f544f5e33b22f0a) is starting
    2025/12/27 15:25:00 [INFO] Rancher arguments {ACMEDomains: AddLocal:true Embedded:false BindHost: HTTPListenPort:80 HTTPSListenPort:443 K8sMode:auto Debug:false Trace:false NoCACerts:false AuditLogPath:/var/log/auditlog/rancher-api-audit.log AuditLogMaxage:10 AuditLogMaxsize:100 AuditLogMaxbackup:10 AuditLogLevel:0 AuditLogEnabled:false Features: ClusterRegistry: AggregationRegistrationTimeout:5m0s}
    2025/12/27 15:25:00 [INFO] Listening on /tmp/log.sock
    2025/12/27 15:25:00 [INFO] Waiting for k3s to start
    2025/12/27 15:25:01 [INFO] Waiting for k3s to start
    2025/12/27 15:25:02 [INFO] Waiting for k3s to start
    2025/12/27 15:25:03 [INFO] Waiting for k3s to start
    2025/12/27 15:25:04 [INFO] Waiting for k3s to start
    2025/12/27 15:25:05 [INFO] Waiting for k3s to start
    2025/12/27 15:25:06 [INFO] Waiting for k3s to start
    2025/12/27 15:25:07 [INFO] Waiting for k3s to start
    2025/12/27 15:25:08 [INFO] Waiting for k3s to start
    2025/12/27 15:25:09 [INFO] Waiting for k3s to start
    2025/12/27 15:25:10 [INFO] Waiting for k3s to start
    2025/12/27 15:25:11 [INFO] Waiting for server to become available: the server is currently unable to handle the request
    2025/12/27 15:25:17 [FATAL] k3s exited with: exit status 1

内核相关的改动是这些
cat </etc/modules-load.d/modules.conf
iptable_nat
iptable_filter
EOF

modprobe br_netfilter

cat > /etc/sysctl.d/k8s.conf <<EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF

sysctl -p /etc/sysctl.d/k8s.conf

8

这个问题,十有八九是你使用了rancher 不支持的操作系统导致,要看具体的原因,你需要 exec 到 rancher 容器内,然后 查看 k3s.log,直到崩溃,看看最终 K3s 为什么会退出

9

离线安装也是真的难啊,每台机器报错都不一样,rancher2.13.0,centos7.9,k3s v1.34.2+k3s1,helm高可用安装,证书使用rancher自签名,始终无法安装

2026/01/22 03:11:00 [ERROR] Failed to read API for groups map[ext.cattle.io/v1:stale GroupVersion discovery: ext.cattle.io/v1]
2026/01/22 03:11:00 [ERROR] error syncing 'fleet-local/local': handler cluster-create: server url is missing, can't generate kubeconfig for fleet import cluster, requeuing
2026/01/22 03:11:00 [INFO] bindings cleanup needed, waiting 3 minutes before starting
2026/01/22 03:11:00 [INFO] [clean-orphan-bindings] cleaning up orphaned bindings
2026/01/22 03:11:00 [INFO] [mgmt-cluster-rbac-delete] Updating cluster local
2026/01/22 03:11:00 [INFO] Running in clustered mode with ID 10.42.0.18, monitoring endpoint cattle-system/rancher
2026/01/22 03:11:00 [INFO] [mgmt-project-rbac-create] Creating namespace p-7hfbv
2026/01/22 03:11:00 [INFO] [clean-orphan-bindings] checking for orphaned rolebindings
2026/01/22 03:11:00 [INFO] create kontainerdriver opentelekomcloudcontainerengine
2026/01/22 03:11:00 [INFO] Starting rke.cattle.io/v1, Kind=CustomMachine controller
2026/01/22 03:11:00 [INFO] Starting rke.cattle.io/v1, Kind=ETCDSnapshot controller
2026/01/22 03:11:00 [INFO] Starting rke.cattle.io/v1, Kind=RKEBootstrap controller
2026/01/22 03:11:00 [INFO] Starting provisioning.cattle.io/v1, Kind=Cluster controller
2026/01/22 03:11:00 [INFO] Starting rke.cattle.io/v1, Kind=RKEBootstrapTemplate controller
2026/01/22 03:11:00 [INFO] Starting rke.cattle.io/v1, Kind=RKECluster controller
2026/01/22 03:11:00 [INFO] Starting rke.cattle.io/v1, Kind=RKEControlPlane controller
2026/01/22 03:11:00 [INFO] [mgmt-auth-gr-controller] Creating clusterRole cattle-globalrole-admin for corresponding GlobalRole
2026/01/22 03:11:00 [INFO] create kontainerdriver oraclecontainerengine
2026/01/22 03:11:00 [INFO] [mgmt-auth-gr-controller] Creating clusterRole cattle-globalrole-users-manage for corresponding GlobalRole
2026/01/22 03:11:00 [WARNING] [mgmt-project-rbac-create] project p-7hfbv has no creatorId annotation. Cannot add creator as owner
2026/01/22 03:11:00 [INFO] [mgmt-project-rbac-create] Updating project p-7hfbv
2026/01/22 03:11:00 [INFO] [mgmt-auth-gr-controller] Creating clusterRole cattle-globalrole-view-rancher-metrics for corresponding GlobalRole
2026/01/22 03:11:00 [ERROR] error syncing 'fleet-local/local': handler cluster-create: server url is missing, can't generate kubeconfig for fleet import cluster, requeuing
2026/01/22 03:11:00 [INFO] [mgmt-auth-gr-controller] Creating clusterRole cattle-globalrole-roles-manage for corresponding GlobalRole
2026/01/22 03:11:00 [INFO] [mgmt-auth-gr-controller] Creating clusterRole cattle-globalrole-clusters-create for corresponding GlobalRole
2026/01/22 03:11:00 [INFO] Listening on :443
2026/01/22 03:11:00 [INFO] Listening on :80
2026/01/22 03:11:00 [INFO] certificate CN=dynamic,O=dynamic signed by CN=dynamiclistener-ca@1769051460,O=dynamiclistener-org: notBefore=2026-01-22 02:11:00 +0000 UTC notAfter=2027-01-22 02:11:00 +0000 UTC
2026/01/22 03:11:00 [WARNING] dynamiclistener [::]:443: no cached certificate available for preload - deferring certificate load until storage initialization or first client request
2026/01/22 03:11:00 [INFO] [mgmt-auth-gr-controller] Creating clusterRole cattle-globalrole-authn-manage for corresponding GlobalRole
2026/01/22 03:11:00 [INFO] update kontainerdriver oraclecontainerengine
2026/01/22 03:11:00 [WARNING] [mgmt-cluster-rbac-delete] cluster local has no creatorId annotation. Cannot add creator as owner
2026/01/22 03:11:00 [INFO] [mgmt-cluster-rbac-delete] Updating cluster local
2026/01/22 03:11:00 [INFO] [mgmt-auth-gr-controller] Creating clusterRole cattle-globalrole-user-base for corresponding GlobalRole
2026/01/22 03:11:00 [INFO] update kontainerdriver oraclecontainerengine
2026/01/22 03:11:00 [WARNING] Skipping save of TLS secret for cattle-system/serving-cert due to missing certificate data
2026/01/22 03:11:00 [INFO] Active TLS secret cattle-system/serving-cert (ver=) (count -1): map[]
2026/01/22 03:11:00 [INFO] [CleanupOrphanBindingsDone] successfully cleaned up orphan bindings
2026/01/22 03:11:00 [INFO] create kontainerdriver linodekubernetesengine
2026/01/22 03:11:00 [WARNING] [mgmt-cluster-rbac-delete] cluster local has no creatorId annotation. Cannot add creator as owner
2026/01/22 03:11:00 [INFO] [mgmt-cluster-rbac-delete] Updating cluster local
2026/01/22 03:11:00 [ERROR] error syncing 'server-url': handler apiservice-settings: secrets "tls-rancher-internal-ca" not found, requeuing
2026/01/22 03:11:00 [INFO] Creating new TLS secret for cattle-system/serving-cert (count: 4): map[listener.cattle.io/cn-10.42.0.18:10.42.0.18 listener.cattle.io/cn-127.0.0.1:127.0.0.1 listener.cattle.io/cn-localhost:localhost listener.cattle.io/cn-rancher.cattle-system:rancher.cattle-system listener.cattle.io/fingerprint:SHA1=D8749985A64BB4B53D1AFB579AB75C9E0380D584]
2026/01/22 03:11:00 [INFO] [mgmt-auth-gr-controller] Creating clusterRole cattle-globalrole-nodedrivers-manage for corresponding GlobalRole
2026/01/22 03:11:00 [INFO] [mgmt-auth-gr-controller] Creating clusterRole cattle-globalrole-user for corresponding GlobalRole
2026/01/22 03:11:00 [INFO] update kontainerdriver linodekubernetesengine
2026/01/22 03:11:00 [WARNING] Skipping save of TLS secret for cattle-system/tls-rancher-internal due to missing certificate data
2026/01/22 03:11:00 [INFO] Active TLS secret cattle-system/tls-rancher-internal (ver=) (count -1): map[]
2026/01/22 03:11:00 [INFO] Active TLS secret cattle-system/serving-cert (ver=2192) (count 4): map[listener.cattle.io/cn-10.42.0.18:10.42.0.18 listener.cattle.io/cn-127.0.0.1:127.0.0.1 listener.cattle.io/cn-localhost:localhost listener.cattle.io/cn-rancher.cattle-system:rancher.cattle-system listener.cattle.io/fingerprint:SHA1=D8749985A64BB4B53D1AFB579AB75C9E0380D584]
2026/01/22 03:11:00 [INFO] generated self-signed CA certificate CN=dynamiclistener-ca@1769051460,O=dynamiclistener-org: notBefore=2026-01-22 02:11:00.514154987 +0000 UTC notAfter=2036-01-20 02:11:00.514154987 +0000 UTC
2026/01/22 03:11:00 [INFO] update kontainerdriver linodekubernetesengine
2026/01/22 03:11:00 [INFO] create kontainerdriver opentelekomcloudcontainerengine
2026/01/22 03:11:00 [INFO] update kontainerdriver opentelekomcloudcontainerengine
2026/01/22 03:11:00 [INFO] update kontainerdriver opentelekomcloudcontainerengine
2026/01/22 03:11:01 [INFO] Refusing to reset the config and clean up resources of the auth provider activedirectory because its auth config annotation management.cattle.io/auth-provider-cleanup is set to rancher-locked.
2026/01/22 03:11:01 [INFO] Listening on :444
2026/01/22 03:11:01 [INFO] certificate CN=dynamic,O=dynamic signed by CN=dynamiclistener-ca@1769051460,O=dynamiclistener-org: notBefore=2026-01-22 02:11:01 +0000 UTC notAfter=2027-01-22 02:11:01 +0000 UTC
2026/01/22 03:11:01 [WARNING] dynamiclistener [::]:444: no cached certificate available for preload - deferring certificate load until storage initialization or first client request
2026/01/22 03:11:01 [INFO] Creating new TLS secret for cattle-system/tls-rancher-internal (count: 1): map[listener.cattle.io/cn-10.43.17.202:10.43.17.202 listener.cattle.io/fingerprint:SHA1=C8765A9E130F195132A50F861773776A61820D34]
I0122 03:11:01.201897      43 warnings.go:110] "Warning: v1 Endpoints is deprecated in v1.33+; use discovery.k8s.io/v1 EndpointSlice"
I0122 03:11:01.210365      43 warnings.go:110] "Warning: v1 ComponentStatus is deprecated in v1.19+"
2026/01/22 03:11:01 [INFO] Active TLS secret cattle-system/tls-rancher-internal (ver=2231) (count 1): map[listener.cattle.io/cn-10.43.17.202:10.43.17.202 listener.cattle.io/fingerprint:SHA1=C8765A9E130F195132A50F861773776A61820D34]
2026/01/22 03:11:01 [INFO] [mgmt-auth-gr-controller] Creating clusterRole cattle-globalrole-settings-manage for corresponding GlobalRole
2026/01/22 03:11:01 [INFO] Skipping handler for clusterrepo rancher-partner-charts because the resource version has changed from 1909 to 2233
2026/01/22 03:11:01 [INFO] Refusing to reset the config and clean up resources of the auth provider activedirectory because its auth config annotation management.cattle.io/auth-provider-cleanup is set to rancher-locked.
2026/01/22 03:11:01 [INFO] [migrate-ad-user] during unmigration, found that Active Directory is not enabled. nothing to do
2026/01/22 03:11:01 [INFO] Skipping handler for clusterrepo rancher-partner-charts. NumberOfRetries is 0, MaxRetry is 3, ClusterRepo Generation is 1, ObservedGeneration is 1, LastUpdated plus interval is 2026-01-22 04:11:01 +0000 UTC, now is 2026-01-22 03:11:01.764067531 +0000 UTC
2026/01/22 03:11:01 [INFO] Refusing to reset the config and clean up resources of the auth provider activedirectory because its auth config annotation management.cattle.io/auth-provider-cleanup is set to rancher-locked.
2026/01/22 03:11:01 [INFO] kube-apiserver connected to imperative api
2026/01/22 03:11:01 [ERROR] error syncing 'server-url': handler apiservice-settings: secrets "tls-rancher-internal-ca" not found, requeuing
2026/01/22 03:11:01 [WARNING] failed to update APIService annotation: failed to update APIService: Operation cannot be fulfilled on apiservices.apiregistration.k8s.io "v1.ext.cattle.io": the object has been modified; please apply your changes to the latest version and try again
2026/01/22 03:11:01 [INFO] [mgmt-auth-gr-controller] Creating clusterRole cattle-globalrole-features-manage for corresponding GlobalRole
2026/01/22 03:11:01 [INFO] [mgmt-auth-gr-controller] Creating clusterRole cattle-globalrole-kontainerdrivers-manage for corresponding GlobalRole
2026/01/22 03:11:02 [INFO] Starting cluster controllers for local
2026/01/22 03:11:02 [INFO] Starting ext.cattle.io/v1, Kind=Token controller
2026/01/22 03:11:02 [INFO] Starting management.cattle.io/v3, Kind=SamlToken controller
2026/01/22 03:11:02 [INFO] Starting /v1, Kind=ResourceQuota controller
2026/01/22 03:11:02 [INFO] Starting rbac.authorization.k8s.io/v1, Kind=ClusterRole controller
2026/01/22 03:11:02 [INFO] Starting rbac.authorization.k8s.io/v1, Kind=Role controller
2026/01/22 03:11:02 [INFO] Starting /v1, Kind=Namespace controller
2026/01/22 03:11:02 [INFO] Starting rbac.authorization.k8s.io/v1, Kind=RoleBinding controller
2026/01/22 03:11:02 [INFO] Starting apiregistration.k8s.io/v1, Kind=APIService controller
2026/01/22 03:11:02 [INFO] Starting rbac.authorization.k8s.io/v1, Kind=ClusterRoleBinding controller
2026/01/22 03:11:02 [INFO] Starting /v1, Kind=LimitRange controller
2026/01/22 03:11:02 [INFO] Starting /v1, Kind=Secret controller
2026/01/22 03:11:02 [INFO] Starting /v1, Kind=ServiceAccount controller
2026/01/22 03:11:02 [INFO] Starting cluster agent for local [owner=true]
2026/01/22 03:11:02 [INFO] [mgmt-auth-gr-controller] Creating clusterRole cattle-globalrole- for corresponding GlobalRole
2026/01/22 03:11:02 [INFO] namespaceHandler: addProjectIDLabelToNamespace: adding label field.cattle.io/projectId=p-k6k9h to namespace=default
2026/01/22 03:11:02 [INFO] imperative api APIService cert updated
2026/01/22 03:11:02 [INFO] namespaceHandler: addProjectIDLabelToNamespace: adding label field.cattle.io/projectId=p-7hfbv to namespace=cattle-global-data
2026/01/22 03:11:02 [INFO] [mgmt-auth-gr-controller] Creating clusterRole cattle-globalrole- for corresponding GlobalRole
2026/01/22 03:11:02 [INFO] namespaceHandler: addProjectIDLabelToNamespace: adding label field.cattle.io/projectId=p-7hfbv to namespace=fleet-default
2026/01/22 03:11:02 [INFO] namespaceHandler: addProjectIDLabelToNamespace: adding label field.cattle.io/projectId=p-7hfbv to namespace=cattle-local-user-passwords
2026/01/22 03:11:02 [INFO] namespaceHandler: addProjectIDLabelToNamespace: adding label field.cattle.io/projectId=p-7hfbv to namespace=kube-public
2026/01/22 03:11:02 [INFO] [mgmt-auth-gr-controller] Creating clusterRole cattle-globalrole- for corresponding GlobalRole
2026/01/22 03:11:02 [INFO] namespaceHandler: addProjectIDLabelToNamespace: adding label field.cattle.io/projectId=p-7hfbv to namespace=cert-manager
2026/01/22 03:11:02 [INFO] Active TLS secret cattle-system/serving-cert (ver=2352) (count 5): map[field.cattle.io/projectId:local:p-7hfbv listener.cattle.io/cn-10.42.0.18:10.42.0.18 listener.cattle.io/cn-127.0.0.1:127.0.0.1 listener.cattle.io/cn-localhost:localhost listener.cattle.io/cn-rancher.cattle-system:rancher.cattle-system listener.cattle.io/fingerprint:SHA1=D8749985A64BB4B53D1AFB579AB75C9E0380D584]
2026/01/22 03:11:02 [INFO] namespaceHandler: addProjectIDLabelToNamespace: adding label field.cattle.io/projectId=p-7hfbv to namespace=kube-node-lease
2026/01/22 03:11:02 [ERROR] Failed to find system chart fleet-crd will try again in 5 seconds: configmaps "" not found
2026/01/22 03:11:03 [INFO] [mgmt-auth-gr-controller] Creating clusterRole cattle-globalrole- for corresponding GlobalRole
2026/01/22 03:11:03 [INFO] namespaceHandler: addProjectIDLabelToNamespace: adding label field.cattle.io/projectId=p-7hfbv to namespace=cattle-system
2026/01/22 03:11:03 [INFO] Active TLS secret cattle-system/tls-rancher-internal (ver=2378) (count 2): map[field.cattle.io/projectId:local:p-7hfbv listener.cattle.io/cn-10.43.17.202:10.43.17.202 listener.cattle.io/fingerprint:SHA1=C8765A9E130F195132A50F861773776A61820D34]
2026/01/22 03:11:03 [ERROR] namespaceHandler: Sync: error adding project id label to namespace err=Operation cannot be fulfilled on namespaces "kube-public": the object has been modified; please apply your changes to the latest version and try again
2026/01/22 03:11:03 [INFO] [mgmt-auth-gr-controller] Creating clusterRole cattle-globalrole- for corresponding GlobalRole
2026/01/22 03:11:03 [INFO] namespaceHandler: addProjectIDLabelToNamespace: adding label field.cattle.io/projectId=p-7hfbv to namespace=kube-public
I0122 03:11:05.147680      43 warnings.go:110] "Warning: v1 Endpoints is deprecated in v1.33+; use discovery.k8s.io/v1 EndpointSlice"
I0122 03:11:05.309210      43 warnings.go:110] "Warning: v1 ComponentStatus is deprecated in v1.19+"
2026/01/22 03:11:05 [INFO] Watching metadata for ext.cattle.io/v1, Kind=Token
2026/01/22 03:11:05 [INFO] Watching metadata for ext.cattle.io/v1, Kind=Kubeconfig
2026/01/22 03:11:06 [ERROR] defaultSvcAccountHandler: Sync: error handling default ServiceAccount of namespace key=kube-node-lease, err=Operation cannot be fulfilled on namespaces "kube-node-lease": the object has been modified; please apply your changes to the latest version and try again
2026/01/22 03:11:06 [INFO] initializing required info for telemetry manager...
2026/01/22 03:11:06 [INFO] [mgmt-auth-crtb-controller] Creating role/clusterRole local-clusterowner
2026/01/22 03:11:06 [INFO] telemetry manager info not available yet, re-queing check...
2026/01/22 03:11:06 [ERROR] defaultSvcAccountHandler: Sync: error handling default ServiceAccount of namespace key=fleet-default, err=Operation cannot be fulfilled on namespaces "fleet-default": the object has been modified; please apply your changes to the latest version and try again
2026/01/22 03:11:07 [ERROR] defaultSvcAccountHandler: Sync: error handling default ServiceAccount of namespace key=cattle-local-user-passwords, err=Operation cannot be fulfilled on namespaces "cattle-local-user-passwords": the object has been modified; please apply your changes to the latest version and try again
2026/01/22 03:11:07 [ERROR] Failed to find system chart fleet-crd will try again in 5 seconds: configmaps "" not found
2026/01/22 03:11:08 [ERROR] defaultSvcAccountHandler: Sync: error handling default ServiceAccount of namespace key=p-7hfbv, err=Operation cannot be fulfilled on namespaces "p-7hfbv": the object has been modified; please apply your changes to the latest version and try again
2026/01/22 03:11:09 [ERROR] defaultSvcAccountHandler: Sync: error handling default ServiceAccount of namespace key=cattle-system, err=Operation cannot be fulfilled on namespaces "cattle-system": the object has been modified; please apply your changes to the latest version and try again
2026/01/22 03:11:10 [INFO] [mgmt-auth-gr-controller] Creating clusterRole cattle-globalrole- for corresponding GlobalRole
2026/01/22 03:11:10 [INFO] [mgmt-auth-gr-controller] Creating clusterRole cattle-globalrole- for corresponding GlobalRole
2026/01/22 03:11:11 [INFO] namespaceHandler: addProjectIDLabelToNamespace: adding label field.cattle.io/projectId=p-7hfbv to namespace=kube-system
2026/01/22 03:11:11 [ERROR] namespaceHandler: Sync: error adding project id label to namespace err=Operation cannot be fulfilled on namespaces "kube-system": the object has been modified; please apply your changes to the latest version and try again
2026/01/22 03:11:11 [ERROR] defaultSvcAccountHandler: Sync: error handling default ServiceAccount of namespace key=cattle-global-data, err=Operation cannot be fulfilled on namespaces "cattle-global-data": the object has been modified; please apply your changes to the latest version and try again
2026/01/22 03:11:11 [INFO] namespaceHandler: addProjectIDLabelToNamespace: adding label field.cattle.io/projectId=p-7hfbv to namespace=fleet-local
2026/01/22 03:11:11 [ERROR] namespaceHandler: Sync: error adding project id label to namespace err=Operation cannot be fulfilled on namespaces "fleet-local": the object has been modified; please apply your changes to the latest version and try again

看pods报错也是无法安装的错,但是明明已经完全按要求操作本地镜像配置命令了,官网那个教程是不是需要更新一下,完全无法按教程正常安装啊

[root@Rlink-product rancher]# kubectl logs -f helm-operation-968vc -ncattle-system
Defaulted container "helm" out of: helm, proxy, init-kubeconfig-volume (init)
Waiting for Kubernetes API to be available
helm upgrade --history-max=5 --install=true --labels=catalog.cattle.io/cluster-repo-name=rancher-charts --namespace=cattle-fleet-system --reset-values=true --take-ownership=true --timeout=5m0s --version=108.0.0+up0.14.0 --wait=true fleet-crd /home/shell/helm/fleet-crd-108.0.0-up0.14.0.tgz
Error: UPGRADE FAILED: another operation (install/upgrade/rollback) is in progress
[root@Rlink-product rancher]# kubectl logs -f helm-operation-p5rzg -ncattle-system
Defaulted container "helm" out of: helm, proxy, init-kubeconfig-volume (init)
helm upgrade --history-max=5 --install=true --labels=catalog.cattle.io/cluster-repo-name=rancher-charts --namespace=cattle-fleet-system --reset-values=true --take-ownership=true --timeout=5m0s --values=/home/shell/helm/values-fleet-108.0.0-up0.14.0.yaml --version=108.0.0+up0.14.0 --wait=true fleet /home/shell/helm/fleet-108.0.0-up0.14.0.tgz
Release "fleet" does not exist. Installing it now.
Error: release: already exists
10

Rockylinux 9.6 X64的支持吗

11

支持,参考:https://www.suse.com/suse-rancher/support-matrix/all-supported-versions/rancher-v2-13-1/