0. 背景
rancher证书每年过期一次,目前没有好的解决方案,有的老哥,欢迎留言
进入rancher server 宿主机
1. 删除老证书
其中docker_volume/rancher_home
是我rancher启动挂载的目录,具体使用看自己的挂载目录。
参考个人启动命令
docker run -d --restart=unless-stopped -p 19893:80 -p 443:443 \
-v /docker_volume/rancher_home/rancher:/var/lib/rancher \
-v /docker_volume/rancher_home/auditlog:/var/log/auditlog \
--name rancher rancher/rancher
执行第 1 条命令:
rm -rf /docker_volume/rancher_home/rancher/k3s/server/tls/client-admin.crt && \
rm -rf /docker_volume/rancher_home/rancher/k3s/server/tls/client-admin.key && \
rm -rf /docker_volume/rancher_home/rancher/k3s/server/tls/client-auth-proxy.crt && \
rm -rf /docker_volume/rancher_home/rancher/k3s/server/tls/client-auth-proxy.key && \
rm -rf /docker_volume/rancher_home/rancher/k3s/server/tls/client-ca.crt && \
rm -rf /docker_volume/rancher_home/rancher/k3s/server/tls/client-ca.key && \
rm -rf /docker_volume/rancher_home/rancher/k3s/server/tls/client-controller.crt && \
rm -rf /docker_volume/rancher_home/rancher/k3s/server/tls/client-controller.key && \
rm -rf /docker_volume/rancher_home/rancher/k3s/server/tls/client-kube-apiserver.crt && \
rm -rf /docker_volume/rancher_home/rancher/k3s/server/tls/client-kube-apiserver.key && \
rm -rf /docker_volume/rancher_home/rancher/k3s/server/tls/client-kubelet.key && \
rm -rf /docker_volume/rancher_home/rancher/k3s/server/tls/client-kube-proxy.crt && \
rm -rf /docker_volume/rancher_home/rancher/k3s/server/tls/client-kube-proxy.key && \
rm -rf /docker_volume/rancher_home/rancher/k3s/server/tls/client-scheduler.crt && \
rm -rf /docker_volume/rancher_home/rancher/k3s/server/tls/client-scheduler.key && \
rm -rf /docker_volume/rancher_home/rancher/k3s/server/tls/request-header-ca.crt && \
rm -rf /docker_volume/rancher_home/rancher/k3s/server/tls/request-header-ca.key && \
rm -rf /docker_volume/rancher_home/rancher/k3s/server/tls/server-ca.crt && \
rm -rf /docker_volume/rancher_home/rancher/k3s/server/tls/server-ca.key && \
rm -rf /docker_volume/rancher_home/rancher/k3s/server/tls/service.key && \
rm -rf /docker_volume/rancher_home/rancher/k3s/server/tls/serving-kube-apiserver.crt && \
rm -rf /docker_volume/rancher_home/rancher/k3s/server/tls/serving-kube-apiserver.key && \
rm -rf /docker_volume/rancher_home/rancher/k3s/server/tls/serving-kubelet.key
2. 重启docker服务
执行第 2 条命令:
systemctl restart docker
TIPS:
简单重启rancher server容器是没有用的,起来之后查看日志会有很多报错
网友评论