zoukankan      html  css  js  c++  java

  • Rancher 2.4.5 当节点部署与证书轮换

    #单节点部署
mkdir -p /data/rancher && \
mkdir -p /data/rancher/k3s && \
mkdir -p /data/rancher/auditlog && \
docker run --name rancher2x -d --restart=unless-stopped \
-p 80:80 -p 443:443 \
--name rancher2x \
-v /etc/localtime:/etc/localtime \
-v /data/rancher:/var/lib/rancher/ \
-v /data/rancher/auditlog:/var/log/auditlog \
-v /data/rancher/k3s:/etc/rancher/k3s \
-e CATTLE_SYSTEM_CATALOG=bundled \
-e AUDIT_LEVEL=3 \
rancher/rancher:latest && \
docker logs -f rancher

      

    官方文档地址   https://docs.rancher.cn/docs/rancher2/cluster-admin/certificate-rotation/_index/ 
    #证书到期更换
    docker exec -it rancher /bin/bash

kubectl --insecure-skip-tls-verify -n kube-system delete secrets k3s-serving
kubectl --insecure-skip-tls-verify delete secret serving-cert -n cattle-system
rm -f /var/lib/rancher/k3s/server/tls/dynamic-cert.json


#退出容器后执行
docker restart rancher
curl --insecure -sfL https://server-url/v3

      若未能成功,执行以下代码

    rm -rf /data/rancher/k3s/server/tls/client-admin.crt && \
rm -rf /data/rancher/k3s/server/tls/client-admin.key && \
rm -rf /data/rancher/k3s/server/tls/client-auth-proxy.crt && \
rm -rf /data/rancher/k3s/server/tls/client-auth-proxy.key && \
rm -rf /data/rancher/k3s/server/tls/client-ca.crt && \
rm -rf /data/rancher/k3s/server/tls/client-ca.key && \
rm -rf /data/rancher/k3s/server/tls/client-cloud-controller.crt && \
rm -rf /data/rancher/k3s/server/tls/client-cloud-controller.key && \
rm -rf /data/rancher/k3s/server/tls/client-controller.crt && \
rm -rf /data/rancher/k3s/server/tls/client-controller.key && \
rm -rf /data/rancher/k3s/server/tls/client-k3s-controller.crt && \
rm -rf /data/rancher/k3s/server/tls/client-k3s-controller.key && \
rm -rf /data/rancher/k3s/server/tls/client-kube-apiserver.crt && \
rm -rf /data/rancher/k3s/server/tls/client-kube-apiserver.key && \
rm -rf /data/rancher/k3s/server/tls/client-kubelet.key && \
rm -rf /data/rancher/k3s/server/tls/client-kube-proxy.crt && \
rm -rf /data/rancher/k3s/server/tls/client-kube-proxy.key && \
rm -rf /data/rancher/k3s/server/tls/client-scheduler.crt && \
rm -rf /data/rancher/k3s/server/tls/client-scheduler.key && \
rm -rf /data/rancher/k3s/server/tls/request-header-ca.crt && \
rm -rf /data/rancher/k3s/server/tls/request-header-ca.key && \
rm -rf /data/rancher/k3s/server/tls/server-ca.crt && \
rm -rf /data/rancher/k3s/server/tls/server-ca.key && \
rm -rf /data/rancher/k3s/server/tls/service.key && \
rm -rf /data/rancher/k3s/server/tls/serving-kube-apiserver.crt && \
rm -rf /data/rancher/k3s/server/tls/serving-kube-apiserver.key && \
rm -rf /data/rancher/k3s/server/tls/serving-kubelet.key && \
rm -rf /data/rancher/k3s/server/tls/dynamic-cert.json
rm -rf /data/rancher/k3s/k3s.yaml && \
docker exec -it rancher /usr/bin/etcdctl --endpoints=127.0.0.1:2379 del /registry/secrets/kube-system/k3s-serving && \
docker restart rancher && docker logs -f rancher

      

    来源于:http://gaby.cnblogs.com/

    作者:Luce,昵称:木头

    简介:主要专注于.net程序开发
  • 相关阅读:
    Percona Toolkit安装、使用
    Mysql 5.6主从搭建
    AngularJs 抓狂系列索引
    AngularJs 抓狂之: $q promise 自动unwarp功能被禁用了
    AngularJs 的 好文章
    AngularJs 抓狂之:Angular的元素是驼峰命名法,但是HTML属性是用-分隔的,两者不一致!
    Ajax请求永远是304的解决方案
    Java 7 Pocket Guide 读书笔记
    MFC中获取App,MainFrame,Doc和View类等指针的方法
    Thrift实践:(一)安装 -- 未完待续
  • 原文地址:https://www.cnblogs.com/luce/p/15400485.html
Copyright © 2011-2022 走看看