Rancher 自定义集群,节点注册报错

Rancher 2.x
,
1

Rancher Server 设置

  • Rancher 版本:v2.9
  • 安装选项 (Docker install/Helm Chart): Helm Chart
    • 如果是 Helm Chart 安装,需要提供 Local 集群的类型(RKE1, RKE2, k3s, EKS, 等)和版本:local集群类型为K3S,k3s版为:v1.27
  • 在线或离线部署:在线部署

主机操作系统:
centos 7.9
问题描述:
通过公有CA证书部署nginx负载均衡到rancher-serve后,通过rancher ui 创建自定义集群,节点注册是提示:“Aborting system-agent installation due to requested strict CA verification with no CA checksum provided”

重现步骤:
rancher安装步骤如下:
curl -sfL https://rancher-mirror.rancher.cn/k3s/k3s-install.sh | INSTALL_K3S_MIRROR=cn INSTALL_K3S_CHANNEL=v1.27 sh -s - --system-default-registry “registry.cn-hangzhou.aliyuncs.com

helm install rancher rancher-latest/rancher --namespace cattle-system --set hostname=test.demo.com --set replicas=1 --set bootstrapPassword=123456 --set rancherImage=registry.cn-hangzhou.aliyuncs.com/rancher/rancher --set systemDefaultRegistry=registry.cn-hangzhou.aliyuncs.com --set ingress.tls.source=secret

结果:

预期结果:

截图:

其他上下文信息:

日志 
节点注册报错信息如下:
[INFO]  Label: cattle.io/os=linux
[INFO]  Role requested: etcd
[INFO]  Role requested: controlplane
[INFO]  Role requested: worker
[INFO]  CA strict verification is set to true
[INFO]  Using default agent configuration directory /etc/rancher/agent
[INFO]  Using default agent var directory /var/lib/rancher/agent
[FATAL]  Aborting system-agent installation due to requested strict CA verification with no CA checksum provided
2

参考下 Rancher 高可用安装--使用外部 LB 终止 SSL/TLS 吧,应该需要加一个 tls=external

3

配置参数之后,节点注册时报错依然存在:
[INFO] Label: cattle.io/os=linux
[INFO] Role requested: etcd
[INFO] Role requested: controlplane
[INFO] Role requested: worker
[INFO] CA strict verification is set to true
[INFO] Using default agent configuration directory /etc/rancher/agent
[INFO] Using default agent var directory /var/lib/rancher/agent
[FATAL] Aborting system-agent installation due to requested strict CA verification with no CA checksum provided

4

将helm 的repo 仓库修改为helm repo add rancher-latest https://rancher-mirror.rancher.cn/server-charts/stable --force-update 即可,不知道是不是新版的bug

5

如果真是 chart 的问题,也不能算是 bug,只能说是你安装之前没更新到最新的 chart

6

helm repo latest 版本安装的rancher为2.9.0;stable安装的rancher版本为2.8.5

7

你好,我这边通过外部LB终止SSL/TLS的方法,在k3s v1.30.4集群里安装了rancher,证书是通过acme拿到的公有CA的可信证书,rancher ui 正常登录。
安装racher命令如下 (隐藏了域名)

helm install rancher rancher-stable/rancher   --create-namespace   --namespace cattle-system   --set hostname=r......g   --set bootstrapPassword=......   --set replicas=3   --set tls=external   --set rancherImage=registry.cn-hangzhou.aliyuncs.com/rancher/rancher   --set systemDefaultRegistry=registry.cn-hangzhou.aliyuncs.com

但是在rancher ui创建自定义k3s集群,在主机上执行的时候报错如下 (隐藏了域名)

[root@icp01 ~]# curl -fL https://r......g/system-agent-install.sh | sudo  sh -s - --server https://r......g --label 'cattle.io/os=linux' --token gkjhf46g5lqmnmntfsfcfrnc8ljt77h6h4g5dgwhw6b7pckt7sn4nh --etcd --controlplane --worker
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 33595    0 33595    0     0   125k      0 --:--:-- --:--:-- --:--:--  125k
[INFO]  Label: cattle.io/os=linux
[INFO]  Role requested: etcd
[INFO]  Role requested: controlplane
[INFO]  Role requested: worker
[INFO]  CA strict verification is set to true
[INFO]  Using default agent configuration directory /etc/rancher/agent
[INFO]  Using default agent var directory /var/lib/rancher/agent
[FATAL]  Aborting system-agent installation due to requested strict CA verification with no CA checksum provided

回去看了下rancher ui上生成的注册命令,确实没有–ca-checksum的参数

我需要怎么获得这个参数?或者是我哪一步操作有问题么

8

问题解决了吗?我也是一样的问题,就是无法解决……