【工作相关】替换Rancher证书
- 登录到Rnacher Server 和Master Server 中,备份 SSL
[~]$ ssh -p xx xx~$ sudo -s -H ~$ cp –r /etc/kubernetes/ssl /home/ubuntu/ssl-prod-backup-mar-20 [~]$ ssh -p xx xxxxx:~$ sudo -s -H xx:~$ cp –r /etc/kubernetes/ssl /home/ubuntu/ssl-prod-backup-mar-20 [~]$ ssh -p xx xxxxx:~$ sudo -s -H xx:~$ cp –r /etc/kubernetes/ssl /home/ubuntu/ssl-prod-backup-mar-20 [~]$ ssh -p xx xxxxx:~$ sudo -s -H xx:~$ cp –r /etc/kubernetes/ssl /home/ubuntu/ssl-prod-backup-mar-20 [~]$ ssh -p xx xxxxx:~$ sudo -s -H xx:~$ cp –r /etc/kubernetes/ssl /home/ubuntu/ssl-prod-backup-mar-20 [~]$ ssh -p xx xxxxxx:~$ sudo -s -H xx:~$ cp –r /etc/kubernetes/ssl /home/ubuntu/ssl-prod-backup-mar-20
- 升级Rancher
- 登录到Rancher Trigger Server,下载rke 1.0.9 版本
[~]$ ssh -p xx xxxxx:~$ sudo -s -H :~$ wget https://github.com/rancher/rke/releases/download/v1.0.4/rke_linux-amd64 :~$ chmod +x rke_linux-amd64 :~$ mv rke_linux-amd64 rke_linux-amd64-1.0.4
- Rotate the rancher server certificates
@xx:~$ ./rke_linux-amd64-1.0.4 cert rotate --config rancher-cluster.yml
- Once the rotation is successful check if the rancher certificates are updated using openssl command in one of the rancher server.
@xx:~$ openssl x509 -text -n kube-apiserver-requestheader-ca.pem | grep -A 2 Validity @xx:~$ curl https://localhost:6443 -v -k @xx:~$ openssl x509 -text -n kube-apiserver-requestheader-ca.pem | grep -A 2 Validity @xx:~$ curl https://localhost:6443 -v -k @xx:~$ openssl x509 -text -n kube-apiserver-requestheader-ca.pem | grep -A 2 Validity @xx:~$ curl https://localhost:6443 -v -k
- Upgrade rancher to 2.2.8. using the below command
xx:~$ helm upgrade rancher rancher-stable/rancher --version 2.2.8 --namespace cattle-system --set hostname=rancher.xx.com
- Go to rancher UI and check if the version is updated to 2.2.8 on the bottom of the UI as shown below.
![]()
![]()
Once the rotation is successful and the cluster turns active check all the servers and validate the applications.
- 登录到Rancher Trigger Server,下载rke 1.0.9 版本
浙公网安备 33010602011771号