rancher证书到期
作者:互联网
只在rancher-server和apiserver的宿主服务器上执行。
关闭ntp同步
timedatectl set-ntp false
修改节点时间
timedatectl set-time '2019-01-01 00:00:00'
rancher-server上执行备份
rancher_server_id=xxx
docker exec -ti ${rancher_server_id} mv /var/lib/rancher/management-state/tls/localhost.crt /var/lib/rancher/management-state/tls/localhost.crt-bak
docker exec -ti ${rancher_server_id} mv /var/lib/rancher/management-state/tls/localhost.key /var/lib/rancher/management-state/tls/localhost.key-bak
docker restart ${rancher_server_id}
检查证书过期时间
docker exec -ti ${rancher_server_id} openssl x509 -in /var/lib/rancher/management-state/tls/ca.crt -noout -dates
docker exec -ti ${rancher_server_id} openssl x509 -in /var/lib/rancher/management-state/tls/localhost.crt -noout -dates
按版本对应处理
2.0 或 2.1 版本
docker exec -ti <rancher_server_id> mv /var/lib/rancher/management-state/certs/bundle.json /var/lib/rancher/management-state/certs/bundle.json-bak
2.2 +
docker exec -ti <rancher_server_id> mv /var/lib/rancher/management-state/tls/localhost.crt /var/lib/rancher/management-state/tls/localhost.crt-bak
2.3 +
docker exec -ti <rancher_server_id> mv /var/lib/rancher/k3s/server/tls /var/lib/rancher/k3s/server/tlsbak
执行两侧,第一次用于申请证书,第二次用于加载证书并启动
docker restart <rancher_server_id>
2.4 +
exec 到 rancher server
kubectl --insecure-skip-tls-verify -n kube-system delete secrets k3s-serving
kubectl --insecure-skip-tls-verify delete secret serving-cert -n cattle-system
rm -f /var/lib/rancher/k3s/server/tls/dynamic-cert.json
重启 rancher-server
docker restart <rancher_server_id>
执行以下命令刷新参数
curl --insecure -sfL https://server-url/v3
重启 Rancher Server 容器
docker restart <rancher_server_id>
如无ntp同步手动修改时间同步
timedatectl set-time '2019-01-01 00:00:00'
开启ntp同步
timedatectl set-ntp true
标签:tls,lib,证书,到期,server,var,rancher,docker 来源: https://www.cnblogs.com/wes1502/p/rancher-zheng-shu-dao-qi.html