【工作相关】替换Rancher证书

  • 登录到Rnacher Server 和Master Server 中,备份 SSL 

 

复制代码
[~]$ ssh -p xx xx~$ sudo -s -H
~$ cp –r /etc/kubernetes/ssl  /home/ubuntu/ssl-prod-backup-mar-20
 
[~]$ ssh -p xx xxxxx:~$ sudo -s -H
xx:~$ cp –r /etc/kubernetes/ssl  /home/ubuntu/ssl-prod-backup-mar-20
 
[~]$ ssh -p xx xxxxx:~$ sudo -s -H
xx:~$ cp –r /etc/kubernetes/ssl  /home/ubuntu/ssl-prod-backup-mar-20
 
[~]$ ssh -p xx xxxxx:~$ sudo -s -H
xx:~$ cp –r /etc/kubernetes/ssl  /home/ubuntu/ssl-prod-backup-mar-20
 
[~]$ ssh -p xx xxxxx:~$ sudo -s -H
xx:~$ cp –r /etc/kubernetes/ssl  /home/ubuntu/ssl-prod-backup-mar-20
 
[~]$ ssh -p xx xxxxxx:~$ sudo -s -H
xx:~$ cp –r /etc/kubernetes/ssl  /home/ubuntu/ssl-prod-backup-mar-20
复制代码

 

  • 升级Rancher
    • 登录到Rancher Trigger Server,下载rke 1.0.9 版本 
      [~]$ ssh -p xx xxxxx:~$ sudo -s -H
:~$ wget https://github.com/rancher/rke/releases/download/v1.0.4/rke_linux-amd64
:~$ chmod +x rke_linux-amd64
:~$ mv rke_linux-amd64 rke_linux-amd64-1.0.4
    • Rotate the rancher server certificates 
      @xx:~$ ./rke_linux-amd64-1.0.4 cert rotate --config rancher-cluster.yml
    • Once the rotation is successful check if the rancher certificates are updated using openssl command in one of the rancher server. 
      @xx:~$ openssl x509 -text -n kube-apiserver-requestheader-ca.pem | grep -A 2 Validity
@xx:~$ curl https://localhost:6443 -v -k 
 
@xx:~$ openssl x509 -text -n kube-apiserver-requestheader-ca.pem | grep -A 2 Validity
@xx:~$ curl https://localhost:6443 -v -k 
 
@xx:~$ openssl x509 -text -n kube-apiserver-requestheader-ca.pem | grep -A 2 Validity
@xx:~$ curl https://localhost:6443 -v -k
    • Upgrade rancher to 2.2.8. using the below command 
      xx:~$ helm upgrade rancher rancher-stable/rancher  --version 2.2.8 --namespace cattle-system --set hostname=rancher.xx.com
    • Go to rancher UI and check if the version is updated to 2.2.8 on the bottom of the UI as shown below. 

    •  

       

       

       Once the rotation is successful and the cluster turns active check all the servers and validate the applications.

posted @   TonyBen2018  阅读(1284)  评论(0编辑  收藏  举报
编辑推荐:
· 开发者必知的日志记录最佳实践
· SQL Server 2025 AI相关能力初探
· Linux系列:如何用 C#调用 C方法造成内存泄露
· AI与.NET技术实操系列(二):开始使用ML.NET
· 记一次.NET内存居高不下排查解决与启示
阅读排行:
· 阿里最新开源QwQ-32B,效果媲美deepseek-r1满血版,部署成本又又又降低了!
· 开源Multi-agent AI智能体框架aevatar.ai,欢迎大家贡献代码
· Manus重磅发布:全球首款通用AI代理技术深度解析与实战指南
· 被坑几百块钱后,我竟然真的恢复了删除的微信聊天记录!
· 没有Manus邀请码?试试免邀请码的MGX或者开源的OpenManus吧
点击右上角即可分享
微信分享提示