Rancher2.9.3导入已有集群失败,提示unable to read CA file from /etc/kubernetes/ssl/certs/serverca

**Rancher Server 设置

  • Rancher 版本:2.9.3
  • 安装选项 (Docker install/Helm Chart):
    • 如果是 Helm Chart 安装,需要提供 Local 集群的类型(RKE1, RKE2, k3s, EKS, 等)和版本:
  • 在线或离线部署:

下游集群信息

  • Kubernetes 版本: v1.30.4+rke2r1
  • Cluster Type (Local/Downstream):
    • 如果 Downstream,是什么类型的集群?(自定义/导入或为托管 等):

用户信息

  • 登录用户的角色是什么? (管理员/集群所有者/集群成员/项目所有者/项目成员/自定义):
    • 如果自定义,自定义权限集:

主机操作系统:

问题描述:

重现步骤:

结果:

预期结果:

截图:

其他上下文信息:

日志
time="2024-11-17T14:20:18Z" level=info msg="Listening on /tmp/log.sock"
time="2024-11-17T14:20:18Z" level=info msg="Rancher agent version v2.9.3 is starting"
time="2024-11-17T14:20:18Z" level=error msg="unable to read CA file from /etc/kubernetes/ssl/certs/serverca: open /etc/kubernetes/ssl/certs/serverca: no such file or directory"
time="2024-11-17T14:20:18Z" level=error msg="Strict CA verification is enabled but encountered error finding root CA"
INFO: Environment: CATTLE_ADDRESS=10.42.0.25 CATTLE_CA_CHECKSUM= CATTLE_CLUSTER=true CATTLE_CLUSTER_AGENT_PORT=tcp://10.43.60.247:80 CATTLE_CLUSTER_AGENT_PORT_443_TCP=tcp://10.43.60.247:443 CATTLE_CLUSTER_AGENT_PORT_443_TCP_ADDR=10.43.60.247 CATTLE_CLUSTER_AGENT_PORT_443_TCP_PORT=443 CATTLE_CLUSTER_AGENT_PORT_443_TCP_PROTO=tcp CATTLE_CLUSTER_AGENT_PORT_80_TCP=tcp://10.43.60.247:80 CATTLE_CLUSTER_AGENT_PORT_80_TCP_ADDR=10.43.60.247 CATTLE_CLUSTER_AGENT_PORT_80_TCP_PORT=80 CATTLE_CLUSTER_AGENT_PORT_80_TCP_PROTO=tcp CATTLE_CLUSTER_AGENT_SERVICE_HOST=10.43.60.247 CATTLE_CLUSTER_AGENT_SERVICE_PORT=80 CATTLE_CLUSTER_AGENT_SERVICE_PORT_HTTP=80 CATTLE_CLUSTER_AGENT_SERVICE_PORT_HTTPS_INTERNAL=443 CATTLE_CLUSTER_REGISTRY= CATTLE_INGRESS_IP_DOMAIN=sslip.io CATTLE_INSTALL_UUID=0622682d-a0a7-425d-8a86-0954154133cf CATTLE_INTERNAL_ADDRESS= CATTLE_IS_RKE=false CATTLE_K8S_MANAGED=true CATTLE_NODE_NAME=cattle-cluster-agent-7d88ff7f7b-f5pmj CATTLE_RANCHER_PROVISIONING_CAPI_VERSION= CATTLE_RANCHER_WEBHOOK_VERSION=104.0.3+up0.5.3 CATTLE_SERVER=https://uat-rancher.anker-in.com CATTLE_SERVER_VERSION=v2.9.3
INFO: Using resolv.conf: search cattle-system.svc.cluster.local svc.cluster.local cluster.local localdomain nameserver 10.43.0.10 options ndots:5
INFO: https://uat-rancher.anker-in.com/ping is accessible
INFO: uat-rancher.anker-in.com resolves to 172.16.19.240
time="2024-11-17T14:23:07Z" level=info msg="Listening on /tmp/log.sock"
time="2024-11-17T14:23:07Z" level=info msg="Rancher agent version v2.9.3 is starting"
time="2024-11-17T14:23:07Z" level=error msg="unable to read CA file from /etc/kubernetes/ssl/certs/serverca: open /etc/kubernetes/ssl/certs/serverca: no such file or directory"
time="2024-11-17T14:23:07Z" level=error msg="Strict CA verification is enabled but encountered error finding root CA"

这边没太看懂链接里关于tls-agent-mode的信息,strict模式的值在哪里可以调整?如果不能调整,ca settings的配置入口在哪里,


这里的证书不支持修改,请问是否能在集群内那里可以配置这个值

老哥,这个问题解决了吗?

是在哪里设置,之前安装2.8.3 版本都正常,今天安装了一个2.9.3导入不了已有集群