Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

docs: backport known issue #4264

Merged
merged 1 commit into from
Oct 11, 2024
Merged

docs: backport known issue #4264

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions docs/docs-content/release-notes/known-issues.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ The following table lists all known issues that are currently active and affecti

| Description | Workaround | Publish Date | Product Component |
| ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------ | ---------------------------- |
| Upgrading the RKE2 version from 1.29 to 1.30 fails due to [an upstream issue](https://github.com/rancher/rancher/issues/46726) with RKE2 and Cilium. | Refer to the [Troubleshooting section](../troubleshooting/edge.md#scenario---clusters-with-cilium-and-rke2-experiences-kubernetes-upgrade-failure) for the workaround. | October 11, 2024 | Edge |
| <!-- prettier-ignore --> Clusters deployed with Microk8s cannot accept kubectl commands if the <VersionedLink text="Spectro Proxy" url="/integrations/packs/?pack=spectro-proxy" /> pack is added to the cluster's cluster profile. The reason behind these issues is Microk8s' lack of support for `certSANs` . This causes the Kubernetes API server to reject Spectro Proxy certificates. | Use the CLI flag [`--insecure-skip-tls-verify`](https://kubernetes.io/docs/reference/kubectl/kubectl/) with kubectl commands or use the [admin kubeconfig file](../clusters/cluster-management/kubeconfig.md#kubeconfig-files) to access the cluster API, as it does not use the Spectro Proxy server. This option may be limited to environments where you can access the cluster directly from a network perspective. | October 1, 2024 | Clusters, Pack |
| Deploying new [Nutanix clusters](../clusters/data-center/nutanix/nutanix.md) fails for self-hosted Palette or VerteX users on version 4.4.18 or newer. | No workaround is available. | September 26, 2024 | Clusters |
| OCI Helm registries added to Palette or VerteX before support for OCI Helm registries hosted in AWS ECR was available in Palette have an invalid API payload that is causing cluster imports to fail if the OCI Helm Registry is referenced in the cluster profile. | Log in to Palette as a tenant administrator and navigate to the left **Main Menu** . Select **Registries** and click on the **OCI Registries** tab. For each OCI registry of the Helm type, click on the **three-dot Menu** at the end of the row. Select **Edit**. To fix the invalid API payload, click on **Confirm**. Palette will automatically add the correct provider type behind the scenes to address the issue. | September 25, 2024 | Helm Registries |
Expand Down
28 changes: 28 additions & 0 deletions docs/docs-content/troubleshooting/edge.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -233,3 +233,31 @@ are no longer in use and can be erased internally. To enable TRIM operations, us

7. Use the updated profile to create a [new Edge cluster](../clusters/edge/site-deployment/cluster-deployment.md) or
update an existing Edge cluster.

## Scenario - Clusters with Cilium and RKE2 Experiences Kubernetes Upgrade Failure

When you upgrade your cluster from RKE2 1.29 to 1.30 and your cluster uses the Cilium CNI, the upgrade could fail with
error messages similar to the following. This is due to an
[upstream issue](https://github.com/rancher/rancher/issues/46726). You can fix this issue by adding a few annotations to
the Cilium DaemonSet.

### Debug Steps

1. Connect to your cluster using kubectl. For more information, refer to
[Access Cluster with kubectl](../clusters/cluster-management/palette-webctl.md).
2. Issue the following command from the terminal edit the Cilium DaemonSet.
```bash
kubectl edit ds cilium --namespace kube-system
```
3. Under `metadata.annotations`, add the following annotations.
```yaml
metadata:
annotations:
deprecated.daemonset.template.generation: "1"
meta.helm.sh/release-name: cilium-cilium
meta.helm.sh/release-namespace: kube-system
container.apparmor.security.beta.kubernetes.io/cilium-agent: "unconfined"
container.apparmor.security.beta.kubernetes.io/clean-cilium-state: "unconfined"
container.apparmor.security.beta.kubernetes.io/mount-cgroup: "unconfined"
container.apparmor.security.beta.kubernetes.io/apply-sysctl-overwrites: "unconfined"
```