I tried to add user privileges to a cluster, but fail to add, received the following error message:
Internal error occurred: failed calling webhook "rancherauth.cattle.io":
Post https://rancher-webhook.cattle-system.svc:443/v1/webhook/validation?timeout=10s:
dial tcp 10.43.48.11:443: connect: connection refused.
I searched elsewhere but got no answer. Does anyone know the cause and the solution?
I too came across this issue deploying Rancher, found a workaround for now. Error message by Rancher is not helpful.
All of cluster nodes are Rocky-Linux-8 with firewalld enabled, Checked firewalld logs for dropped packages and found out some requests are being dropped for port 6443 saying kernel: STATE_INVALID_DROP.
Here is a great tutorial on firewalld logging
My workaround was to add all nodes to trusted-zone of firewalld, so that every single node in cluster trusts each other.
firewall-cmd --zone=trusted --permanent --add-source=192.168.0.0/16
systemctl restart firewalld
systemctl restart docker
You may also simply stop and disable firewalld as recommended by Rancher
systemctl stop firewalld
systemctl disable firewalld
systemctl restart docker
