Rancher 2.4.5 当节点部署与证书轮换
2021-10-13 08:47 ︶ㄣ木べ头 阅读(283) 评论(0) 编辑 收藏 举报#单节点部署 mkdir -p /data/rancher && \ mkdir -p /data/rancher/k3s && \ mkdir -p /data/rancher/auditlog && \ docker run --name rancher2x -d --restart=unless-stopped \ -p 80:80 -p 443:443 \ --name rancher2x \ -v /etc/localtime:/etc/localtime \ -v /data/rancher:/var/lib/rancher/ \ -v /data/rancher/auditlog:/var/log/auditlog \ -v /data/rancher/k3s:/etc/rancher/k3s \ -e CATTLE_SYSTEM_CATALOG=bundled \ -e AUDIT_LEVEL=3 \ rancher/rancher:latest && \ docker logs -f rancher
官方文档地址 https://docs.rancher.cn/docs/rancher2/cluster-admin/certificate-rotation/_index/
#证书到期更换
docker exec -it rancher /bin/bash kubectl --insecure-skip-tls-verify -n kube-system delete secrets k3s-serving kubectl --insecure-skip-tls-verify delete secret serving-cert -n cattle-system rm -f /var/lib/rancher/k3s/server/tls/dynamic-cert.json #退出容器后执行 docker restart rancher curl --insecure -sfL https://server-url/v3
若未能成功,执行以下代码
rm -rf /data/rancher/k3s/server/tls/client-admin.crt && \ rm -rf /data/rancher/k3s/server/tls/client-admin.key && \ rm -rf /data/rancher/k3s/server/tls/client-auth-proxy.crt && \ rm -rf /data/rancher/k3s/server/tls/client-auth-proxy.key && \ rm -rf /data/rancher/k3s/server/tls/client-ca.crt && \ rm -rf /data/rancher/k3s/server/tls/client-ca.key && \ rm -rf /data/rancher/k3s/server/tls/client-cloud-controller.crt && \ rm -rf /data/rancher/k3s/server/tls/client-cloud-controller.key && \ rm -rf /data/rancher/k3s/server/tls/client-controller.crt && \ rm -rf /data/rancher/k3s/server/tls/client-controller.key && \ rm -rf /data/rancher/k3s/server/tls/client-k3s-controller.crt && \ rm -rf /data/rancher/k3s/server/tls/client-k3s-controller.key && \ rm -rf /data/rancher/k3s/server/tls/client-kube-apiserver.crt && \ rm -rf /data/rancher/k3s/server/tls/client-kube-apiserver.key && \ rm -rf /data/rancher/k3s/server/tls/client-kubelet.key && \ rm -rf /data/rancher/k3s/server/tls/client-kube-proxy.crt && \ rm -rf /data/rancher/k3s/server/tls/client-kube-proxy.key && \ rm -rf /data/rancher/k3s/server/tls/client-scheduler.crt && \ rm -rf /data/rancher/k3s/server/tls/client-scheduler.key && \ rm -rf /data/rancher/k3s/server/tls/request-header-ca.crt && \ rm -rf /data/rancher/k3s/server/tls/request-header-ca.key && \ rm -rf /data/rancher/k3s/server/tls/server-ca.crt && \ rm -rf /data/rancher/k3s/server/tls/server-ca.key && \ rm -rf /data/rancher/k3s/server/tls/service.key && \ rm -rf /data/rancher/k3s/server/tls/serving-kube-apiserver.crt && \ rm -rf /data/rancher/k3s/server/tls/serving-kube-apiserver.key && \ rm -rf /data/rancher/k3s/server/tls/serving-kubelet.key && \ rm -rf /data/rancher/k3s/server/tls/dynamic-cert.json rm -rf /data/rancher/k3s/k3s.yaml && \ docker exec -it rancher /usr/bin/etcdctl --endpoints=127.0.0.1:2379 del /registry/secrets/kube-system/k3s-serving && \ docker restart rancher && docker logs -f rancher
