You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I've deployed the airgapped-docs chart to an RKE2 cluster that was not created by Rancher, but is managed by it. The pods appear to be healthy, and when I visit any of the links created for them, I see the following message
{
"kind": "Status",
"apiVersion": "v1",
"metadata": {},
"status": "Failure",
"message": "error trying to reach service: proxy error from 127.0.0.1:9345 while dialing 10.42.0.23:80, code 503: 503 Service Unavailable",
"reason": "ServiceUnavailable",
"code": 503
}
Looking at the pod logs, I see a constant stream of
nginx: [warn] the "user" directive makes sense only if the master process runs with super-user privileges, ignored in /etc/nginx/nginx.conf:1
nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied)
There's only one pod with this error that doesn't report as healthy, and its the neuvector-offline-docs pod, which is in a CrashLoopBackoff because of the above error.
Some background on the cluster:
Cloud env: AWS
Version: v1.25.8+rke2r1
CIS profile: cis-1.23
Image registry: ECR (manually added imagePullSecrets to grab these images, quicker than rolling nodes)
I also had to manually update the carbide-docs-system namespace with the labels
I've deployed the airgapped-docs chart to an RKE2 cluster that was not created by Rancher, but is managed by it. The pods appear to be healthy, and when I visit any of the links created for them, I see the following message
Looking at the pod logs, I see a constant stream of
There's only one pod with this error that doesn't report as healthy, and its the
neuvector-offline-docs
pod, which is in a CrashLoopBackoff because of the above error.Some background on the cluster:
I also had to manually update the
carbide-docs-system
namespace with the labelsWhich is odd because I would've expected the deployment manifest to set the necessary security permissions if it's only serving docs.
The text was updated successfully, but these errors were encountered: