Skip to content

How to resolve a TLS handshake timeout error when adding an app repository on a downstream cluster

Article Number: 000021019

Situation

When adding repositories to a downstream cluster under Apps > Repositories in the Rancher UI, they appear in a Downloading state with an error that says Get "https://<chart_URL>/index.yaml": net/http: TLS handshake timeout

Other behavior which may be seen as a result of this is performance problems when browsing the Apps > Charts section and charts in that section not loading.

Cause

This can happen when Rancher is behind a proxy, and the proxy configuration has not been defined on the agents in a downstream cluster.

Resolution

The following environment variables should be defined in the Agent Environment Variables in the downstream cluster's configuration:
HTTP_PROXY
HTTPS_PROXY
NO_PROXY

This can be done in the Rancher UI for both RKE1 and RKE2 clusters with the following steps:
RKE1

  1. In the Rancher UI go to Cluster Management
  2. Select the 3-dot menu for the downstream cluster in question and click Edit Config
  3. Scroll down to the end of Advanced Options section and click the Add Environment Variable button and add to add variables and values for HTTP_PROXY, HTTPS_PROXY, and NO_PROXY

RKE2

  1. In the Rancher UI go to Cluster Management
  2. Select the 3-dot menu for the downstream cluster in question and click Edit Config
  3. Scroll down to the Cluster Configuration > Agent Environment Vars section and click the Add button and add to add variables and values for HTTP_PROXY, HTTPS_PROXY, and NO_PROXY