Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Deploying on Rancher

See original GitHub issue

Issue:

When deploying Reana-Cluster onto a Rancher Kubernetes Cluster, I’m running into some certificate issues. Kubectl, on the other hand, still works without problems.

...
HTTPSConnectionPool(host='192.168.1.10', port=8443): Max retries exceeded with url: 
/k8s/clusters/c-rqbzb/api/v1/namespaces/default/secrets?includeUninitialized=false
(Caused by SSLError(CertificateError("hostname '192.168.1.10' doesn't match '192.168.1.10'",),))

Rancher is using port 8443, k8s API is available at (https://192.168.1.10:8443/k8s/clusters/c-rqbzb). I am able to access the url https://192.168.1.10:8443/k8s/clusters/c-rqbzb/api/v1/namespaces/default/secrets in my browser. The certificate for rancher is auto-generated (self-signed). Could this be the problem? Btw. my kube-config file contains the certificate-authority-data section. Kubectl is not complaining about any ssl issues.

I’m trying to start my Reana-Cluster with the following command:

openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
    -keyout /tmp/tls.key -out /tmp/tls.crt \
    -subj "/CN=192.168.1.10"

./kubectl delete secrets reana-ssl-secrets
./kubectl create secret tls reana-ssl-secrets \
      --key /tmp/tls.key --cert /tmp/tls.crt

reana-cluster init # <-- exception occurs here

Steps to reproduce:

Run Rancher-UI

# run rancher
docker run -d --name=rancher --restart=unless-stopped -p 8080:80 -p 8443:443 rancher/rancher:v2.0.8

login (https://localhost:8443), create a new cluster (“custom”) --> leave default settings, just click on “next”
make sure to check “etcd”, “Control Plane” and “Worker”
copy generated output command into cli
wait until cluster is initialized, click on “Kubeconfig file” and place the content into ~/.kube/config
run commands shown in the issue section

Issue Analytics

State:
Created 5 years ago
Comments:10 (5 by maintainers)

Top GitHub Comments

1reaction

diegodelemoscommented, Oct 18, 2018

Something important to notice which I have forgotten before, you should use reana-cluster in this version if you are using REANA 0.3.0.

Regarding fully running REANA inside Rancher, as a workaround for the issue of not being able to access services from outside the cluster and to make sure that things are working I have run the reana-client inside the cluster as follows:

$ kubectl exec -ti server-657b47685b-ltm8d bash
>

Install reana-client and configure it, to retrieve the access token you can use reana-cluster env --include-admin-token.

> pip install reana-client
> export REANA_SERVER_URL=http://localhost:5000
> export REANA_ACCESS_TOKEN=FIXME

And then clone locally the hello world example and run it.

> cd /tmp/
> git clone https://github.com/reanahub/reana-demo-helloworld
> cd reana-demo-helloworld/
> reana-client create
> export REANA_WORKON=workflow.2
> reana-client upload
> reana-client start
> reana-client status
> reana-client download
> cat results/greetings.txt

1reaction

diegodelemoscommented, Oct 18, 2018

Hello @David-Development, first of all, sorry for the late reply… I have managed to deploy REANA on Rancher following your steps. I’ve taken the Kubernetes configuration from Rancher UI and copied it over to ~/.kube/config.

screenshot 2018-10-18 at 15 22 27

And it looks more or less like this:

apiVersion: v1
kind: Config
clusters:
- name: "reana"
  cluster:
    server: "https://localhost:8443/k8s/clusters/c-x77qs"
    api-version: v1
    certificate-authority-data: "~~~~~~~"

users:
- name: "user-~~~~"
  user:
    token: "~~~~~~~~~~~~"

contexts:
- name: "reana"
  context:
    user: "user-~~~~"
    cluster: "reana"

current-context: "reana"

Right after I just run reana-cluster init and all components are initialised correctly.

screenshot 2018-10-18 at 15 05 39

Regarding accessing the services from outside the cluster, I have tried getting the address reserved for the reana-server component from the UI and curl but I get a timeout:

$ curl http://192.168.65.3:32121/
curl: (7) Failed to connect to 192.168.65.3 port 32121: Operation timed out

This seems to be a problem that could be solved with some Rancher experience, did you manage to have it working?

Top Results From Across the Web

Rancher Deployment Quick Start Guides

Rancher Deployment Quick Start Guides · Deploying Rancher Server: Get started running Rancher using the method most convenient for you.

Deploying Rancher Server | Rancher Manager

Use one of the following guides to deploy and provision Rancher and a Kubernetes cluster in the provider of your choice.

How to Deploy Apps with Rancher - Linode

This guide shows how to use the open source Rancher platform to deploy applications and containers to remote hosts.

Deploying Kubernetes Applications with Rancher - BoxBoat

In this post, we'll take our exploration of Rancher one step further and see how we can deploy our own Kubernetes applications into...

Rancher for Amazon EKS on AWS—Partner Solution

Rancher deployment using AWS Systems Manager automation. Amazon EKS service for the EKS cluster, which provides the Kubernetes control plane.*; An Amazon Route ......