【工作相关】替换Rancher证书
- 登录到Rnacher Server 和Master Server 中,备份 SSL
[~]$ ssh -p xx xx~$ sudo -s -H ~$ cp –r /etc/kubernetes/ssl /home/ubuntu/ssl-prod-backup-mar-20 [~]$ ssh -p xx xxxxx:~$ sudo -s -H xx:~$ cp –r /etc/kubernetes/ssl /home/ubuntu/ssl-prod-backup-mar-20 [~]$ ssh -p xx xxxxx:~$ sudo -s -H xx:~$ cp –r /etc/kubernetes/ssl /home/ubuntu/ssl-prod-backup-mar-20 [~]$ ssh -p xx xxxxx:~$ sudo -s -H xx:~$ cp –r /etc/kubernetes/ssl /home/ubuntu/ssl-prod-backup-mar-20 [~]$ ssh -p xx xxxxx:~$ sudo -s -H xx:~$ cp –r /etc/kubernetes/ssl /home/ubuntu/ssl-prod-backup-mar-20 [~]$ ssh -p xx xxxxxx:~$ sudo -s -H xx:~$ cp –r /etc/kubernetes/ssl /home/ubuntu/ssl-prod-backup-mar-20
- 升级Rancher
- 登录到Rancher Trigger Server,下载rke 1.0.9 版本
[~]$ ssh -p xx xxxxx:~$ sudo -s -H :~$ wget https://github.com/rancher/rke/releases/download/v1.0.4/rke_linux-amd64 :~$ chmod +x rke_linux-amd64 :~$ mv rke_linux-amd64 rke_linux-amd64-1.0.4
- Rotate the rancher server certificates
@xx:~$ ./rke_linux-amd64-1.0.4 cert rotate --config rancher-cluster.yml
- Once the rotation is successful check if the rancher certificates are updated using openssl command in one of the rancher server.
@xx:~$ openssl x509 -text -n kube-apiserver-requestheader-ca.pem | grep -A 2 Validity @xx:~$ curl https://localhost:6443 -v -k @xx:~$ openssl x509 -text -n kube-apiserver-requestheader-ca.pem | grep -A 2 Validity @xx:~$ curl https://localhost:6443 -v -k @xx:~$ openssl x509 -text -n kube-apiserver-requestheader-ca.pem | grep -A 2 Validity @xx:~$ curl https://localhost:6443 -v -k
- Upgrade rancher to 2.2.8. using the below command
xx:~$ helm upgrade rancher rancher-stable/rancher --version 2.2.8 --namespace cattle-system --set hostname=rancher.xx.com
- Go to rancher UI and check if the version is updated to 2.2.8 on the bottom of the UI as shown below.
Once the rotation is successful and the cluster turns active check all the servers and validate the applications.
- 登录到Rancher Trigger Server,下载rke 1.0.9 版本
