独立容器Rancher Server证书更新
原创
©著作权归作者所有:来自51CTO博客作者zyy123的原创作品,请联系作者获取转载授权,否则将追究法律责任
// 进入Rancher Server容器
# docker exec -it 31 /bin/bash
# kubectl --insecure-skip-tls-verify -n kube-system delete secrets k3s-serving
secret "k3s-serving" deleted
#kubectl --insecure-skip-tls-verify delete secret serving-cert -n cattle-system
secret "serving-cert" deleted
# rm -f /var/lib/rancher/k3s/server/tls/dynamic-cert.json
// 退出Rancher Server容器
# exit
exit
// 刷新参数
curl --insecure -sfL https://172.16.216.11/v3
// 重启Rancher Server容器
docker restart 31
因为证书改变,相应的 token 也会变化,在集群证书更新完成后,需要对连接 API SERVER 的 Pod 进行重建,以获取新的 token
- cattle-system/cattle-cluster-agent
- cattle-system/cattle-node-agent
- cattle-system/kube-api-auth
- ingress-nginx/nginx-ingress-controller
- kube-system/canal
- kube-system/kube-dns
- kube-system/kube-dns-autoscaler
- 其他应用 Pod