rancher证书过期轮换
执行以下命令:
2.0 或 2.1 版本
docker exec -ti <rancher_server_id> mv /var/lib/rancher/management-state/certs/bundle.json /var/lib/rancher/management-state/certs/bundle.json-bak
2.2 +
docker exec -ti <rancher_server_id> mv /var/lib/rancher/management-state/tls/localhost.crt /var/lib/rancher/management-state/tls/localhost.crt-bak
2.3 +
docker exec -ti <rancher_server_id> mv /var/lib/rancher/k3s/server/tls /var/lib/rancher/k3s/server/tlsbak # 执行两侧,第一次用于申请证书,第二次用于加载证书并启动 docker restart <rancher_server_id>
2.4/2.5 +
1.exec 到 rancher serverkubectl --insecure-skip-tls-verify -n kube-system delete secrets k3s-serving kubectl --insecure-skip-tls-verify delete secret serving-cert -n cattle-system rm -f /var/lib/rancher/k3s/server/tls/dynamic-cert.json
2.重启 rancher-server 3.执行以下命令刷新参数
curl --insecure -sfL https://<server-url>/v3 # 请将 <server-url> 替换为 Rancher Server 的访问地址
标签:tls,management,lib,证书,过期,server,var,Rancher,rancher From: https://www.cnblogs.com/qinghe123/p/17036478.html