zoukankan      html  css  js  c++  java
  • 【工作相关】替换Rancher证书

    • 登录到Rnacher Server 和Master Server 中,备份 SSL 
    [~]$ ssh -p 1035 10.2.41.197~$ sudo -s -H
    ~$ cp –r /etc/kubernetes/ssl  /home/ubuntu/ssl-prod-backup-mar-20
     
    [~]$ ssh -p 1035 10.2.42.68
    @ip-10-2-42-68:~$ sudo -s -H
    @ip-10-2-42-68:~$ cp –r /etc/kubernetes/ssl  /home/ubuntu/ssl-prod-backup-mar-20
     
    [~]$ ssh -p 1035 10.2.40.253
    @ip-10-2-40-253:~$ sudo -s -H
    @ip-10-2-40-253:~$ cp –r /etc/kubernetes/ssl  /home/ubuntu/ssl-prod-backup-mar-20
     
    [~]$ ssh -p 1035 10.2.41.49 
    @ip-10-2-41-49:~$ sudo -s -H
    @ip-10-2-41-49:~$ cp –r /etc/kubernetes/ssl  /home/ubuntu/ssl-prod-backup-mar-20
     
    [~]$ ssh -p 1035 10.2.42.19 
    @ip-10-2-42-19:~$ sudo -s -H
    @ip-10-2-42-19:~$ cp –r /etc/kubernetes/ssl  /home/ubuntu/ssl-prod-backup-mar-20
     
    [~]$ ssh -p 1035 10.2.40.158
    @ip-10-2-40-158:~$ sudo -s -H
    @ip-10-2-40-158:~$ cp –r /etc/kubernetes/ssl  /home/ubuntu/ssl-prod-backup-mar-20
    • 升级Rancher
      • 登录到Rancher Trigger Server,下载rke 1.0.9 版本
        [~]$ ssh -p 1035 10.2.33.92
        @ip-10-2-33-92:~$ sudo -s -H
        @ip-10-2-33-92:~$ wget https://github.com/rancher/rke/releases/download/v1.0.4/rke_linux-amd64
        @ip-10-2-33-92:~$ chmod +x rke_linux-amd64
        @ip-10-2-33-92:~$ mv rke_linux-amd64 rke_linux-amd64-1.0.4
      • Rotate the rancher server certificates
        @ip-10-2-33-92:~$ ./rke_linux-amd64-1.0.4 cert rotate --config rancher-cluster.yml
      • Once the rotation is successful check if the rancher certificates are updated using openssl command in one of the rancher server.
        @ip-10-2-41-197:~$ openssl x509 -text -n kube-apiserver-requestheader-ca.pem | grep -A 2 Validity
        @ip-10-2-41-197:~$ curl https://localhost:6443 -v -k 
         
        @ip-10-2-42-68:~$ openssl x509 -text -n kube-apiserver-requestheader-ca.pem | grep -A 2 Validity
        @ip-10-2-42-68:~$ curl https://localhost:6443 -v -k 
         
        @ip-10-2-40-253:~$ openssl x509 -text -n kube-apiserver-requestheader-ca.pem | grep -A 2 Validity
        @ip-10-2-40-253:~$ curl https://localhost:6443 -v -k 
      • Upgrade rancher to 2.2.8. using the below command
        @ip-10-2-33-92:~$ helm upgrade rancher rancher-stable/rancher  --version 2.2.8 --namespace cattle-system --set hostname=rancher.xx.com
      • Go to rancher UI and check if the version is updated to 2.2.8 on the bottom of the UI as shown below. 
      •  

         Once the rotation is successful and the cluster turns active check all the servers and validate the applications.

  • 相关阅读:
    DSP 知识点
    JVM中的垃圾收集
    MyBatis中的命名空间namespace的作用
    Gradle各版本下载地址
    redis学习笔记
    Mybaties 的缓存
    zookeeper配置集群报错Mode: standalone
    ZooKeeper 典型应用场景
    Linux下搭建mongDB环境
    关系型数据库三范式
  • 原文地址:https://www.cnblogs.com/tben/p/12667406.html
Copyright © 2011-2022 走看看