zoukankan      html  css  js  c++  java
  • Rancher 2.4.5 当节点部署与证书轮换

    #单节点部署
    mkdir -p /data/rancher && \
    mkdir -p /data/rancher/k3s && \
    mkdir -p /data/rancher/auditlog && \
    docker run --name rancher2x -d --restart=unless-stopped \
    -p 80:80 -p 443:443 \
    --name rancher2x \
    -v /etc/localtime:/etc/localtime \
    -v /data/rancher:/var/lib/rancher/ \
    -v /data/rancher/auditlog:/var/log/auditlog \
    -v /data/rancher/k3s:/etc/rancher/k3s \
    -e CATTLE_SYSTEM_CATALOG=bundled \
    -e AUDIT_LEVEL=3 \
    rancher/rancher:latest && \
    docker logs -f rancher
    

      

    官方文档地址   https://docs.rancher.cn/docs/rancher2/cluster-admin/certificate-rotation/_index/ 
    #证书到期更换
    docker exec -it rancher /bin/bash
    
    kubectl --insecure-skip-tls-verify -n kube-system delete secrets k3s-serving
    kubectl --insecure-skip-tls-verify delete secret serving-cert -n cattle-system
    rm -f /var/lib/rancher/k3s/server/tls/dynamic-cert.json
    
    
    #退出容器后执行
    docker restart rancher
    curl --insecure -sfL https://server-url/v3
    

      若未能成功,执行以下代码

    rm -rf /data/rancher/k3s/server/tls/client-admin.crt && \
    rm -rf /data/rancher/k3s/server/tls/client-admin.key && \
    rm -rf /data/rancher/k3s/server/tls/client-auth-proxy.crt && \
    rm -rf /data/rancher/k3s/server/tls/client-auth-proxy.key && \
    rm -rf /data/rancher/k3s/server/tls/client-ca.crt && \
    rm -rf /data/rancher/k3s/server/tls/client-ca.key && \
    rm -rf /data/rancher/k3s/server/tls/client-cloud-controller.crt && \
    rm -rf /data/rancher/k3s/server/tls/client-cloud-controller.key && \
    rm -rf /data/rancher/k3s/server/tls/client-controller.crt && \
    rm -rf /data/rancher/k3s/server/tls/client-controller.key && \
    rm -rf /data/rancher/k3s/server/tls/client-k3s-controller.crt && \
    rm -rf /data/rancher/k3s/server/tls/client-k3s-controller.key && \
    rm -rf /data/rancher/k3s/server/tls/client-kube-apiserver.crt && \
    rm -rf /data/rancher/k3s/server/tls/client-kube-apiserver.key && \
    rm -rf /data/rancher/k3s/server/tls/client-kubelet.key && \
    rm -rf /data/rancher/k3s/server/tls/client-kube-proxy.crt && \
    rm -rf /data/rancher/k3s/server/tls/client-kube-proxy.key && \
    rm -rf /data/rancher/k3s/server/tls/client-scheduler.crt && \
    rm -rf /data/rancher/k3s/server/tls/client-scheduler.key && \
    rm -rf /data/rancher/k3s/server/tls/request-header-ca.crt && \
    rm -rf /data/rancher/k3s/server/tls/request-header-ca.key && \
    rm -rf /data/rancher/k3s/server/tls/server-ca.crt && \
    rm -rf /data/rancher/k3s/server/tls/server-ca.key && \
    rm -rf /data/rancher/k3s/server/tls/service.key && \
    rm -rf /data/rancher/k3s/server/tls/serving-kube-apiserver.crt && \
    rm -rf /data/rancher/k3s/server/tls/serving-kube-apiserver.key && \
    rm -rf /data/rancher/k3s/server/tls/serving-kubelet.key && \
    rm -rf /data/rancher/k3s/server/tls/dynamic-cert.json
    rm -rf /data/rancher/k3s/k3s.yaml && \
    docker exec -it rancher /usr/bin/etcdctl --endpoints=127.0.0.1:2379 del /registry/secrets/kube-system/k3s-serving && \
    docker restart rancher && docker logs -f rancher
    

      

    来源于:http://gaby.cnblogs.com/

    作者:Luce,昵称:木头

    简介:主要专注于.net程序开发

  • 相关阅读:
    Sublime Text3 无法调出package controll问题
    Python标准库-enumerate用法
    设计模式学习-简单工厂模式(python3)
    【IO流】java中文件路径(相对路径、绝对路径)相关类及方法
    nginx安装教程(详细)
    nginx -stream(tcp连接)反向代理配置 实现代理mysql以及文件上传
    【单例模式】懒汉式的线程安全问题 volatile的作用
    jsonp协议 java服务端、JQuery客户端 简单实现原理
    MyBatis原理,Spring、SpringBoot整合MyBatis
    【JavaSE】运行时类型信息(RTTI、反射)
  • 原文地址:https://www.cnblogs.com/luce/p/15400485.html
Copyright © 2011-2022 走看看