#单节点部署 mkdir -p /data/rancher && mkdir -p /data/rancher/k3s && mkdir -p /data/rancher/auditlog && docker run --name rancher2x -d --restart=unless-stopped -p 80:80 -p 443:443 --name rancher2x -v /etc/localtime:/etc/localtime -v /data/rancher:/var/lib/rancher/ -v /data/rancher/auditlog:/var/log/auditlog -v /data/rancher/k3s:/etc/rancher/k3s -e CATTLE_SYSTEM_CATALOG=bundled -e AUDIT_LEVEL=3 rancher/rancher:latest && docker logs -f rancher
官方文档地址 https://docs.rancher.cn/docs/rancher2/cluster-admin/certificate-rotation/_index/
#证书到期更换
docker exec -it rancher /bin/bash kubectl --insecure-skip-tls-verify -n kube-system delete secrets k3s-serving kubectl --insecure-skip-tls-verify delete secret serving-cert -n cattle-system rm -f /var/lib/rancher/k3s/server/tls/dynamic-cert.json #退出容器后执行 docker restart rancher curl --insecure -sfL https://server-url/v3
若未能成功,执行以下代码
rm -rf /data/rancher/k3s/server/tls/client-admin.crt && rm -rf /data/rancher/k3s/server/tls/client-admin.key && rm -rf /data/rancher/k3s/server/tls/client-auth-proxy.crt && rm -rf /data/rancher/k3s/server/tls/client-auth-proxy.key && rm -rf /data/rancher/k3s/server/tls/client-ca.crt && rm -rf /data/rancher/k3s/server/tls/client-ca.key && rm -rf /data/rancher/k3s/server/tls/client-cloud-controller.crt && rm -rf /data/rancher/k3s/server/tls/client-cloud-controller.key && rm -rf /data/rancher/k3s/server/tls/client-controller.crt && rm -rf /data/rancher/k3s/server/tls/client-controller.key && rm -rf /data/rancher/k3s/server/tls/client-k3s-controller.crt && rm -rf /data/rancher/k3s/server/tls/client-k3s-controller.key && rm -rf /data/rancher/k3s/server/tls/client-kube-apiserver.crt && rm -rf /data/rancher/k3s/server/tls/client-kube-apiserver.key && rm -rf /data/rancher/k3s/server/tls/client-kubelet.key && rm -rf /data/rancher/k3s/server/tls/client-kube-proxy.crt && rm -rf /data/rancher/k3s/server/tls/client-kube-proxy.key && rm -rf /data/rancher/k3s/server/tls/client-scheduler.crt && rm -rf /data/rancher/k3s/server/tls/client-scheduler.key && rm -rf /data/rancher/k3s/server/tls/request-header-ca.crt && rm -rf /data/rancher/k3s/server/tls/request-header-ca.key && rm -rf /data/rancher/k3s/server/tls/server-ca.crt && rm -rf /data/rancher/k3s/server/tls/server-ca.key && rm -rf /data/rancher/k3s/server/tls/service.key && rm -rf /data/rancher/k3s/server/tls/serving-kube-apiserver.crt && rm -rf /data/rancher/k3s/server/tls/serving-kube-apiserver.key && rm -rf /data/rancher/k3s/server/tls/serving-kubelet.key && rm -rf /data/rancher/k3s/server/tls/dynamic-cert.json rm -rf /data/rancher/k3s/k3s.yaml && docker exec -it rancher /usr/bin/etcdctl --endpoints=127.0.0.1:2379 del /registry/secrets/kube-system/k3s-serving && docker restart rancher && docker logs -f rancher