zoukankan      html  css  js  c++  java

  • Rancher 2.4.5 当节点部署与证书轮换

    #单节点部署
mkdir -p /data/rancher && \
mkdir -p /data/rancher/k3s && \
mkdir -p /data/rancher/auditlog && \
docker run --name rancher2x -d --restart=unless-stopped \
-p 80:80 -p 443:443 \
--name rancher2x \
-v /etc/localtime:/etc/localtime \
-v /data/rancher:/var/lib/rancher/ \
-v /data/rancher/auditlog:/var/log/auditlog \
-v /data/rancher/k3s:/etc/rancher/k3s \
-e CATTLE_SYSTEM_CATALOG=bundled \
-e AUDIT_LEVEL=3 \
rancher/rancher:latest && \
docker logs -f rancher

      

    官方文档地址   https://docs.rancher.cn/docs/rancher2/cluster-admin/certificate-rotation/_index/ 
    #证书到期更换
    docker exec -it rancher /bin/bash

kubectl --insecure-skip-tls-verify -n kube-system delete secrets k3s-serving
kubectl --insecure-skip-tls-verify delete secret serving-cert -n cattle-system
rm -f /var/lib/rancher/k3s/server/tls/dynamic-cert.json


#退出容器后执行
docker restart rancher
curl --insecure -sfL https://server-url/v3

      若未能成功,执行以下代码

    rm -rf /data/rancher/k3s/server/tls/client-admin.crt && \
rm -rf /data/rancher/k3s/server/tls/client-admin.key && \
rm -rf /data/rancher/k3s/server/tls/client-auth-proxy.crt && \
rm -rf /data/rancher/k3s/server/tls/client-auth-proxy.key && \
rm -rf /data/rancher/k3s/server/tls/client-ca.crt && \
rm -rf /data/rancher/k3s/server/tls/client-ca.key && \
rm -rf /data/rancher/k3s/server/tls/client-cloud-controller.crt && \
rm -rf /data/rancher/k3s/server/tls/client-cloud-controller.key && \
rm -rf /data/rancher/k3s/server/tls/client-controller.crt && \
rm -rf /data/rancher/k3s/server/tls/client-controller.key && \
rm -rf /data/rancher/k3s/server/tls/client-k3s-controller.crt && \
rm -rf /data/rancher/k3s/server/tls/client-k3s-controller.key && \
rm -rf /data/rancher/k3s/server/tls/client-kube-apiserver.crt && \
rm -rf /data/rancher/k3s/server/tls/client-kube-apiserver.key && \
rm -rf /data/rancher/k3s/server/tls/client-kubelet.key && \
rm -rf /data/rancher/k3s/server/tls/client-kube-proxy.crt && \
rm -rf /data/rancher/k3s/server/tls/client-kube-proxy.key && \
rm -rf /data/rancher/k3s/server/tls/client-scheduler.crt && \
rm -rf /data/rancher/k3s/server/tls/client-scheduler.key && \
rm -rf /data/rancher/k3s/server/tls/request-header-ca.crt && \
rm -rf /data/rancher/k3s/server/tls/request-header-ca.key && \
rm -rf /data/rancher/k3s/server/tls/server-ca.crt && \
rm -rf /data/rancher/k3s/server/tls/server-ca.key && \
rm -rf /data/rancher/k3s/server/tls/service.key && \
rm -rf /data/rancher/k3s/server/tls/serving-kube-apiserver.crt && \
rm -rf /data/rancher/k3s/server/tls/serving-kube-apiserver.key && \
rm -rf /data/rancher/k3s/server/tls/serving-kubelet.key && \
rm -rf /data/rancher/k3s/server/tls/dynamic-cert.json
rm -rf /data/rancher/k3s/k3s.yaml && \
docker exec -it rancher /usr/bin/etcdctl --endpoints=127.0.0.1:2379 del /registry/secrets/kube-system/k3s-serving && \
docker restart rancher && docker logs -f rancher

      

    来源于:http://gaby.cnblogs.com/

    作者:Luce,昵称:木头

    简介:主要专注于.net程序开发
  • 相关阅读:
    Sublime Text3 无法调出package controll问题
    Python标准库-enumerate用法
    设计模式学习-简单工厂模式(python3)
    【IO流】java中文件路径(相对路径、绝对路径)相关类及方法
    nginx安装教程(详细)
    nginx -stream(tcp连接)反向代理配置 实现代理mysql以及文件上传
    【单例模式】懒汉式的线程安全问题 volatile的作用
    jsonp协议 java服务端、JQuery客户端 简单实现原理
    MyBatis原理,Spring、SpringBoot整合MyBatis
    【JavaSE】运行时类型信息(RTTI、反射)
  • 原文地址:https://www.cnblogs.com/luce/p/15400485.html
Copyright © 2011-2022 走看看