【工作相关】替换Rancher证书

• 登录到Rnacher Server 和Master Server 中，备份 SSL 

[~]$ ssh -p 1035 10.2.41.197~$ sudo -s -H
~$ cp –r /etc/kubernetes/ssl  /home/ubuntu/ssl-prod-backup-mar-20
 
[~]$ ssh -p 1035 10.2.42.68
@ip-10-2-42-68:~$ sudo -s -H
@ip-10-2-42-68:~$ cp –r /etc/kubernetes/ssl  /home/ubuntu/ssl-prod-backup-mar-20
 
[~]$ ssh -p 1035 10.2.40.253
@ip-10-2-40-253:~$ sudo -s -H
@ip-10-2-40-253:~$ cp –r /etc/kubernetes/ssl  /home/ubuntu/ssl-prod-backup-mar-20
 
[~]$ ssh -p 1035 10.2.41.49 
@ip-10-2-41-49:~$ sudo -s -H
@ip-10-2-41-49:~$ cp –r /etc/kubernetes/ssl  /home/ubuntu/ssl-prod-backup-mar-20
 
[~]$ ssh -p 1035 10.2.42.19 
@ip-10-2-42-19:~$ sudo -s -H
@ip-10-2-42-19:~$ cp –r /etc/kubernetes/ssl  /home/ubuntu/ssl-prod-backup-mar-20
 
[~]$ ssh -p 1035 10.2.40.158
@ip-10-2-40-158:~$ sudo -s -H
@ip-10-2-40-158:~$ cp –r /etc/kubernetes/ssl  /home/ubuntu/ssl-prod-backup-mar-20

• 升级Rancher
  • 登录到Rancher Trigger Server，下载rke 1.0.9 版本

    [~]$ ssh -p 1035 10.2.33.92
    @ip-10-2-33-92:~$ sudo -s -H
    @ip-10-2-33-92:~$ wget https://github.com/rancher/rke/releases/download/v1.0.4/rke_linux-amd64
    @ip-10-2-33-92:~$ chmod +x rke_linux-amd64
    @ip-10-2-33-92:~$ mv rke_linux-amd64 rke_linux-amd64-1.0.4

  • Rotate the rancher server certificates

    @ip-10-2-33-92:~$ ./rke_linux-amd64-1.0.4 cert rotate --config rancher-cluster.yml

  • Once the rotation is successful check if the rancher certificates are updated using openssl command in one of the rancher server.

    @ip-10-2-41-197:~$ openssl x509 -text -n kube-apiserver-requestheader-ca.pem | grep -A 2 Validity
    @ip-10-2-41-197:~$ curl https://localhost:6443 -v -k 
     
    @ip-10-2-42-68:~$ openssl x509 -text -n kube-apiserver-requestheader-ca.pem | grep -A 2 Validity
    @ip-10-2-42-68:~$ curl https://localhost:6443 -v -k 
     
    @ip-10-2-40-253:~$ openssl x509 -text -n kube-apiserver-requestheader-ca.pem | grep -A 2 Validity
    @ip-10-2-40-253:~$ curl https://localhost:6443 -v -k 

  • Upgrade rancher to 2.2.8. using the below command

    @ip-10-2-33-92:~$ helm upgrade rancher rancher-stable/rancher  --version 2.2.8 --namespace cattle-system --set hostname=rancher.xx.com

  • Go to rancher UI and check if the version is updated to 2.2.8 on the bottom of the UI as shown below. 
  • 

     

     Once the rotation is successful and the cluster turns active check all the servers and validate the applications.