其他分享
首页 > 其他分享> > rancher证书到期

rancher证书到期

作者:互联网

只在rancher-server和apiserver的宿主服务器上执行。

关闭ntp同步

timedatectl set-ntp false

修改节点时间

timedatectl set-time '2019-01-01 00:00:00'

rancher-server上执行备份

rancher_server_id=xxx

docker exec -ti ${rancher_server_id} mv /var/lib/rancher/management-state/tls/localhost.crt /var/lib/rancher/management-state/tls/localhost.crt-bak
docker exec -ti ${rancher_server_id} mv /var/lib/rancher/management-state/tls/localhost.key /var/lib/rancher/management-state/tls/localhost.key-bak
docker restart ${rancher_server_id}

检查证书过期时间

docker exec -ti ${rancher_server_id} openssl x509 -in /var/lib/rancher/management-state/tls/ca.crt -noout -dates
docker exec -ti ${rancher_server_id} openssl x509 -in /var/lib/rancher/management-state/tls/localhost.crt -noout -dates

按版本对应处理

2.0 或 2.1 版本

docker exec -ti <rancher_server_id> mv /var/lib/rancher/management-state/certs/bundle.json /var/lib/rancher/management-state/certs/bundle.json-bak

2.2 +

docker exec -ti <rancher_server_id> mv /var/lib/rancher/management-state/tls/localhost.crt /var/lib/rancher/management-state/tls/localhost.crt-bak

2.3 +

docker exec -ti <rancher_server_id> mv /var/lib/rancher/k3s/server/tls /var/lib/rancher/k3s/server/tlsbak

执行两侧,第一次用于申请证书,第二次用于加载证书并启动

docker restart <rancher_server_id>

2.4 +

exec 到 rancher server

kubectl --insecure-skip-tls-verify -n kube-system delete secrets k3s-serving
kubectl --insecure-skip-tls-verify delete secret serving-cert -n cattle-system
rm -f /var/lib/rancher/k3s/server/tls/dynamic-cert.json

重启 rancher-server

docker restart <rancher_server_id>

执行以下命令刷新参数

curl --insecure -sfL https://server-url/v3

重启 Rancher Server 容器

docker restart <rancher_server_id>

如无ntp同步手动修改时间同步

timedatectl set-time '2019-01-01 00:00:00'

开启ntp同步

timedatectl set-ntp true

标签:tls,lib,证书,到期,server,var,rancher,docker
来源: https://www.cnblogs.com/wes1502/p/rancher-zheng-shu-dao-qi.html