[BUG] Trailing /
in Rancher server URL makes Harvester clusters registration fail
#45403
Labels
kind/bug
Issues that are defects reported by users or that we know have reached a real release
Rancher Server Setup
Information about the Cluster
User Information
Describe the bug
When the Rancher server is deployed behind an Nginx ingress proxy and initialized with a server URL with a trailing
/
, the Rancher agent fails to register downstream clusters.To Reproduce
/
Result
The Rancher agent will be deployed, but the cluster will remain in "Waiting for API" state forever
Expected Result
The cluster registration should complete without errors and the Harvester cluster should be in "Active" state in Rancher
Additional context
If the Rancher server URL is configured with a trailing
/
, e.g.https://rancher.example.com/
, the rancher agent will be deployed with that same URL as value in its environment variableCATTLE_SERVER
. During initialization, the Rancher agent will use the value of this environment variable to generate the secretstv-aggregation
, which contains a keyurl
. The value in the secret for the keyurl
is the string concatenation of the value of theCATTLE_SERVER
environment variable and the fixed string/v3/connect
, resulting in e.g.https://rancher.example.com//v3/connect
. This is the URL the agent will try to use to finalize the registration process with the Rancher server.However, if Rancher is deployed behind an Nginx ingress proxy, any HTTP request to this URL will be answered by the proxy with a HTTP status code 301, redirecting to
/v3/connect
(i.e. without the double/
in the path). This response is ignored by the Rancher agent and thus the registration will never complete.There are several problems in the Rancher agent connected to this bug:
/
) without enforcing or even verifying them. If a server URL with a trailing/
is invalid, it should be impossible to set it and an appropriate message should be displayed to the user. Any assumptions about the format of this URL should be asserted through checks before the configuration is applied.The text was updated successfully, but these errors were encountered: