域名ssl证书到期，需要更换

jamesli · 2023 年4 月 12 日 08:58

RKE 版本: RKE

Docker 版本: 20.10.21

操作系统和内核: Ubuntu 20.04 LTS (Focal Fossa)

主机类型和供应商: 腾讯云主机

cluster.yml 文件:

apiVersion: management.cattle.io/v3
kind: Cluster
metadata:
  annotations:
    authz.management.cattle.io/creator-role-bindings: '{"created":["cluster-owner"],"required":["cluster-owner"]}'
    field.cattle.io/creatorId: user-kk95f
    lifecycle.cattle.io/create.cluster-agent-controller-cleanup: "true"
    lifecycle.cattle.io/create.cluster-provisioner-controller: "true"
    lifecycle.cattle.io/create.cluster-scoped-gc: "true"
    lifecycle.cattle.io/create.mgmt-cluster-rbac-remove: "true"
    provisioner.cattle.io/ke-driver-update: updated
  creationTimestamp: "2022-11-30T06:36:11Z"
  finalizers:
  - controller.cattle.io/cluster-agent-controller-cleanup
  - controller.cattle.io/cluster-scoped-gc
  - controller.cattle.io/cluster-provisioner-controller
  - controller.cattle.io/mgmt-cluster-rbac-remove
  - wrangler.cattle.io/mgmt-cluster-remove
  generateName: c-
  generation: 776
  labels:
    cattle.io/creator: norman
    provider.cattle.io: rke
  managedFields:
  - apiVersion: management.cattle.io/v3
    fieldsType: FieldsV1
    fieldsV1:
      f:metadata:
        f:annotations:
          .: {}
          f:field.cattle.io/creatorId: {}
        f:generateName: {}
        f:labels:
          .: {}
          f:cattle.io/creator: {}
      f:spec:
        .: {}
        f:displayName: {}
        f:dockerRootDir: {}
        f:enableClusterAlerting: {}
        f:enableClusterMonitoring: {}
        f:enableNetworkPolicy: {}
        f:internal: {}
        f:localClusterAuthEndpoint:
          .: {}
          f:enabled: {}
        f:rancherKubernetesEngineConfig:
          .: {}
          f:addonJobTimeout: {}
          f:authentication: {}
          f:authorization: {}
          f:bastionHost: {}
          f:cloudProvider: {}
          f:dns:
            .: {}
            f:nodelocal: {}
          f:enableCriDockerd: {}
          f:ignoreDockerVersion: {}
          f:ingress:
            .: {}
            f:defaultBackend: {}
            f:defaultIngressClass: {}
            f:provider: {}
          f:kubernetesVersion: {}
          f:monitoring:
            .: {}
            f:provider: {}
            f:replicas: {}
          f:network:
            .: {}
            f:options:
              .: {}
              f:flannel_backend_type: {}
            f:plugin: {}
          f:restore: {}
          f:rotateEncryptionKey: {}
          f:services:
            .: {}
            f:etcd:
              .: {}
              f:backupConfig:
                .: {}
                f:enabled: {}
                f:intervalHours: {}
                f:retention: {}
                f:s3BackupConfig: {}
                f:timeout: {}
              f:creation: {}
              f:extraArgs:
                .: {}
                f:election-timeout: {}
                f:heartbeat-interval: {}
              f:retention: {}
              f:snapshot: {}
            f:kubeApi:
              .: {}
              f:secretsEncryptionConfig: {}
              f:serviceNodePortRange: {}
            f:kubeController: {}
            f:kubelet: {}
            f:kubeproxy: {}
            f:scheduler: {}
          f:sshAgentAuth: {}
          f:systemImages: {}
          f:upgradeStrategy:
            .: {}
            f:drain: {}
            f:maxUnavailableControlplane: {}
            f:maxUnavailableWorker: {}
            f:nodeDrainInput:
              .: {}
              f:gracePeriod: {}
              f:ignoreDaemonSets: {}
              f:timeout: {}
        f:scheduledClusterScan: {}
        f:windowsPreferedCluster: {}
      f:status:
        .: {}
        f:appliedEnableNetworkPolicy: {}
    manager: Go-http-client
    operation: Update
    time: "2022-11-30T06:36:11Z"
  - apiVersion: management.cattle.io/v3
    fieldsType: FieldsV1
    fieldsV1:
      f:metadata:
        f:annotations:
          f:authz.management.cattle.io/creator-role-bindings: {}
          f:lifecycle.cattle.io/create.cluster-agent-controller-cleanup: {}
          f:lifecycle.cattle.io/create.cluster-provisioner-controller: {}
          f:lifecycle.cattle.io/create.cluster-scoped-gc: {}
          f:lifecycle.cattle.io/create.mgmt-cluster-rbac-remove: {}
          f:provisioner.cattle.io/ke-driver-update: {}
        f:finalizers:
          .: {}
          v:"controller.cattle.io/cluster-agent-controller-cleanup": {}
          v:"controller.cattle.io/cluster-provisioner-controller": {}
          v:"controller.cattle.io/cluster-scoped-gc": {}
          v:"controller.cattle.io/mgmt-cluster-rbac-remove": {}
          v:"wrangler.cattle.io/mgmt-cluster-remove": {}
        f:labels:
          f:provider.cattle.io: {}
      f:spec:
        f:agentImageOverride: {}
        f:answers: {}
        f:clusterSecrets: {}
        f:description: {}
        f:desiredAgentImage: {}
        f:desiredAuthImage: {}
        f:fleetWorkspaceName: {}
        f:rancherKubernetesEngineConfig:
          f:authentication:
            f:strategy: {}
      f:status:
        f:agentFeatures:
          .: {}
          f:embedded-cluster-api: {}
          f:fleet: {}
          f:monitoringv1: {}
          f:multi-cluster-management: {}
          f:multi-cluster-management-agent: {}
          f:provisioningv2: {}
          f:rke2: {}
        f:agentImage: {}
        f:aksStatus:
          .: {}
          f:privateRequiresTunnel: {}
          f:rbacEnabled: {}
          f:upstreamSpec: {}
        f:allocatable:
          .: {}
          f:cpu: {}
          f:memory: {}
          f:pods: {}
        f:apiEndpoint: {}
        f:appliedAgentEnvVars: {}
        f:appliedPodSecurityPolicyTemplateId: {}
        f:appliedSpec:
          .: {}
          f:agentImageOverride: {}
          f:answers: {}
          f:clusterSecrets: {}
          f:description: {}
          f:desiredAgentImage: {}
          f:desiredAuthImage: {}
          f:displayName: {}
          f:dockerRootDir: {}
          f:enableClusterAlerting: {}
          f:enableClusterMonitoring: {}
          f:enableNetworkPolicy: {}
          f:fleetWorkspaceName: {}
          f:internal: {}
          f:localClusterAuthEndpoint:
            .: {}
            f:enabled: {}
          f:rancherKubernetesEngineConfig:
            .: {}
            f:addonJobTimeout: {}
            f:authentication:
              .: {}
              f:strategy: {}
            f:authorization: {}
            f:bastionHost: {}
            f:cloudProvider: {}
            f:dns:
              .: {}
              f:nodelocal: {}
            f:enableCriDockerd: {}
            f:ignoreDockerVersion: {}
            f:ingress:
              .: {}
              f:defaultBackend: {}
              f:defaultIngressClass: {}
              f:provider: {}
            f:kubernetesVersion: {}
            f:monitoring:
              .: {}
              f:provider: {}
              f:replicas: {}
            f:network:
              .: {}
              f:options:
                .: {}
                f:flannel_backend_type: {}
              f:plugin: {}
            f:nodes: {}
            f:restore: {}
            f:rotateEncryptionKey: {}
            f:services:
              .: {}
              f:etcd:
                .: {}
                f:backupConfig:
                  .: {}
                  f:enabled: {}
                  f:intervalHours: {}
                  f:retention: {}
                  f:s3BackupConfig: {}
                  f:timeout: {}
                f:creation: {}
                f:extraArgs:
                  .: {}
                  f:election-timeout: {}
                  f:heartbeat-interval: {}
                f:retention: {}
                f:snapshot: {}
              f:kubeApi:
                .: {}
                f:secretsEncryptionConfig: {}
                f:serviceNodePortRange: {}
              f:kubeController: {}
              f:kubelet: {}
              f:kubeproxy: {}
              f:scheduler: {}
            f:sshAgentAuth: {}
            f:systemImages:
              .: {}
              f:aciCniDeployContainer: {}
              f:aciControllerContainer: {}
              f:aciGbpServerContainer: {}
              f:aciHostContainer: {}
              f:aciMcastContainer: {}
              f:aciOpflexContainer: {}
              f:aciOpflexServerContainer: {}
              f:aciOvsContainer: {}
              f:alpine: {}
              f:calicoCni: {}
              f:calicoControllers: {}
              f:calicoCtl: {}
              f:calicoFlexVol: {}
              f:calicoNode: {}
              f:canalCni: {}
              f:canalControllers: {}
              f:canalFlannel: {}
              f:canalFlexVol: {}
              f:canalNode: {}
              f:certDownloader: {}
              f:coredns: {}
              f:corednsAutoscaler: {}
              f:dnsmasq: {}
              f:etcd: {}
              f:flannel: {}
              f:flannelCni: {}
              f:ingress: {}
              f:ingressBackend: {}
              f:ingressWebhook: {}
              f:kubedns: {}
              f:kubednsAutoscaler: {}
              f:kubednsSidecar: {}
              f:kubernetes: {}
              f:kubernetesServicesSidecar: {}
              f:metricsServer: {}
              f:nginxProxy: {}
              f:nodelocal: {}
              f:podInfraContainer: {}
              f:weaveCni: {}
              f:weaveNode: {}
              f:windowsPodInfraContainer: {}
            f:upgradeStrategy:
              .: {}
              f:drain: {}
              f:maxUnavailableControlplane: {}
              f:maxUnavailableWorker: {}
              f:nodeDrainInput:
                .: {}
                f:gracePeriod: {}
                f:ignoreDaemonSets: {}
                f:timeout: {}
          f:scheduledClusterScan: {}
          f:windowsPreferedCluster: {}
        f:authImage: {}
        f:caCert: {}
        f:capabilities:
          .: {}
          f:ingressCapabilities: {}
          f:loadBalancerCapabilities: {}
          f:nodePortRange: {}
          f:taintSupport: {}
        f:capacity:
          .: {}
          f:cpu: {}
          f:memory: {}
          f:pods: {}
        f:certificatesExpiration:
          .: {}
          f:kube-apiserver:
            .: {}
            f:expirationDate: {}
          f:kube-apiserver-proxy-client:
            .: {}
            f:expirationDate: {}
          f:kube-ca:
            .: {}
            f:expirationDate: {}
          f:kube-controller-manager:
            .: {}
            f:expirationDate: {}
          f:kube-etcd-172-17-0-9:
            .: {}
            f:expirationDate: {}
          f:kube-etcd-172-17-0-16:
            .: {}
            f:expirationDate: {}
          f:kube-node:
            .: {}
            f:expirationDate: {}
          f:kube-proxy:
            .: {}
            f:expirationDate: {}
          f:kube-scheduler:
            .: {}
            f:expirationDate: {}
        f:conditions: {}
        f:driver: {}
        f:eksStatus:
          .: {}
          f:managedLaunchTemplateID: {}
          f:managedLaunchTemplateVersions: {}
          f:privateRequiresTunnel: {}
          f:securityGroups: {}
          f:subnets: {}
          f:upstreamSpec: {}
          f:virtualNetwork: {}
        f:gkeStatus:
          .: {}
          f:privateRequiresTunnel: {}
          f:upstreamSpec: {}
        f:limits:
          .: {}
          f:cpu: {}
          f:memory: {}
          f:pods: {}
        f:linuxWorkerCount: {}
        f:nodeCount: {}
        f:nodeVersion: {}
        f:provider: {}
        f:requested:
          .: {}
          f:cpu: {}
          f:memory: {}
          f:pods: {}
        f:serviceAccountTokenSecret: {}
        f:version:
          .: {}
          f:buildDate: {}
          f:compiler: {}
          f:gitCommit: {}
          f:gitTreeState: {}
          f:gitVersion: {}
          f:goVersion: {}
          f:major: {}
          f:minor: {}
          f:platform: {}
    manager: rancher
    operation: Update
    time: "2023-04-12T06:37:42Z"
  name: c-25kfv
  resourceVersion: "76870448"
  uid: 66548300-b0d3-4936-a44e-7d054ea3c429
spec:
  agentImageOverride: ""
  answers: {}
  clusterSecrets: {}
  description: ""
  desiredAgentImage: ""
  desiredAuthImage: ""
  displayName: vlab
  dockerRootDir: /var/lib/docker
  enableClusterAlerting: false
  enableClusterMonitoring: false
  enableNetworkPolicy: false
  fleetWorkspaceName: fleet-default
  internal: false
  localClusterAuthEndpoint:
    enabled: true
  rancherKubernetesEngineConfig:
    addonJobTimeout: 45
    authentication:
      strategy: x509|webhook
    authorization: {}
    bastionHost: {}
    cloudProvider: {}
    dns:
      nodelocal: {}
    enableCriDockerd: true
    ignoreDockerVersion: true
    ingress:
      defaultBackend: false
      defaultIngressClass: true
      provider: nginx
    kubernetesVersion: v1.24.8-rancher1-1
    monitoring:
      provider: metrics-server
      replicas: 1
    network:
      options:
        flannel_backend_type: vxlan
      plugin: canal
    restore: {}
    rotateEncryptionKey: false
    services:
      etcd:
        backupConfig:
          enabled: true
          intervalHours: 12
          retention: 6
          s3BackupConfig: null
          timeout: 300
        creation: 12h
        extraArgs:
          election-timeout: "5000"
          heartbeat-interval: "500"
        retention: 72h
        snapshot: false
      kubeApi:
        secretsEncryptionConfig: {}
        serviceNodePortRange: 30000-32767
      kubeController: {}
      kubelet: {}
      kubeproxy: {}
      scheduler: {}
    sshAgentAuth: false
    systemImages: {}
    upgradeStrategy:
      drain: false
      maxUnavailableControlplane: "1"
      maxUnavailableWorker: 10%
      nodeDrainInput:
        gracePeriod: -1
        ignoreDaemonSets: true
        timeout: 120
  scheduledClusterScan: {}
  windowsPreferedCluster: false
status:
  agentFeatures:
    embedded-cluster-api: false
    fleet: false
    monitoringv1: false
    multi-cluster-management: false
    multi-cluster-management-agent: true
    provisioningv2: false
    rke2: false
  agentImage: rancher/rancher-agent:v2.6.9
  aksStatus:
    privateRequiresTunnel: null
    rbacEnabled: null
    upstreamSpec: null
  allocatable:
    cpu: "32"
    memory: 64081288Ki
    pods: "220"
  apiEndpoint: https://101.34.88.207:6443
  appliedAgentEnvVars:
  - name: CATTLE_SERVER_VERSION
    value: v2.6.9
  - name: CATTLE_INSTALL_UUID
    value: 661b46e2-57af-4467-9474-c725e613492f
  - name: CATTLE_INGRESS_IP_DOMAIN
    value: sslip.io
  appliedEnableNetworkPolicy: false
  appliedPodSecurityPolicyTemplateId: ""
  appliedSpec:
    agentImageOverride: ""
    answers: {}
    clusterSecrets: {}
    description: ""
    desiredAgentImage: ""
    desiredAuthImage: ""
    displayName: vlab
    dockerRootDir: /var/lib/docker
    enableClusterAlerting: false
    enableClusterMonitoring: false
    enableNetworkPolicy: false
    fleetWorkspaceName: fleet-default
    internal: false
    localClusterAuthEndpoint:
      enabled: true
    rancherKubernetesEngineConfig:
      addonJobTimeout: 45
      authentication:
        strategy: x509|webhook
      authorization: {}
      bastionHost: {}
      cloudProvider: {}
      dns:
        nodelocal: {}
      enableCriDockerd: true
      ignoreDockerVersion: true
      ingress:
        defaultBackend: false
        defaultIngressClass: true
        provider: nginx
      kubernetesVersion: v1.24.8-rancher1-1
      monitoring:
        provider: metrics-server
        replicas: 1
      network:
        options:
          flannel_backend_type: vxlan
        plugin: canal
      nodes:
      - address: 101.34.88.207
        hostnameOverride: VM-0-9-ubuntu
        internalAddress: 172.17.0.9
        nodeName: c-25kfv:m-138a2bbb9372
        port: "22"
        role:
        - etcd
        - controlplane
        - worker
        user: root
      - address: 81.68.118.51
        hostnameOverride: VM-0-16-ubuntu
        internalAddress: 172.17.0.16
        nodeName: c-25kfv:m-32fc65883076
        port: "22"
        role:
        - etcd
        - controlplane
        - worker
        user: root
      restore: {}
      rotateEncryptionKey: false
      services:
        etcd:
          backupConfig:
            enabled: true
            intervalHours: 12
            retention: 6
            s3BackupConfig: null
            timeout: 300
          creation: 12h
          extraArgs:
            election-timeout: "5000"
            heartbeat-interval: "500"
          retention: 72h
          snapshot: false
        kubeApi:
          secretsEncryptionConfig: {}
          serviceNodePortRange: 30000-32767
        kubeController: {}
        kubelet: {}
        kubeproxy: {}
        scheduler: {}
      sshAgentAuth: false
      systemImages:
        aciCniDeployContainer: noiro/cnideploy:5.2.3.4.1d150da
        aciControllerContainer: noiro/aci-containers-controller:5.2.3.4.1d150da
        aciGbpServerContainer: noiro/gbp-server:5.2.3.4.1d150da
        aciHostContainer: noiro/aci-containers-host:5.2.3.4.1d150da
        aciMcastContainer: noiro/opflex:5.2.3.4.1d150da
        aciOpflexContainer: noiro/opflex:5.2.3.4.1d150da
        aciOpflexServerContainer: noiro/opflex-server:5.2.3.4.1d150da
        aciOvsContainer: noiro/openvswitch:5.2.3.4.1d150da
        alpine: rancher/rke-tools:v0.1.88
        calicoCni: rancher/calico-cni:v3.22.0-rancher1
        calicoControllers: rancher/mirrored-calico-kube-controllers:v3.22.0
        calicoCtl: rancher/mirrored-calico-ctl:v3.22.0
        calicoFlexVol: rancher/mirrored-calico-pod2daemon-flexvol:v3.22.0
        calicoNode: rancher/mirrored-calico-node:v3.22.0
        canalCni: rancher/calico-cni:v3.22.0-rancher1
        canalControllers: rancher/mirrored-calico-kube-controllers:v3.22.0
        canalFlannel: rancher/mirrored-flannelcni-flannel:v0.17.0
        canalFlexVol: rancher/mirrored-calico-pod2daemon-flexvol:v3.22.0
        canalNode: rancher/mirrored-calico-node:v3.22.0
        certDownloader: rancher/rke-tools:v0.1.88
        coredns: rancher/mirrored-coredns-coredns:1.9.3
        corednsAutoscaler: rancher/mirrored-cluster-proportional-autoscaler:1.8.5
        dnsmasq: rancher/mirrored-k8s-dns-dnsmasq-nanny:1.21.1
        etcd: rancher/mirrored-coreos-etcd:v3.5.4
        flannel: rancher/mirrored-coreos-flannel:v0.15.1
        flannelCni: rancher/flannel-cni:v0.3.0-rancher6
        ingress: rancher/nginx-ingress-controller:nginx-1.2.1-rancher1
        ingressBackend: rancher/mirrored-nginx-ingress-controller-defaultbackend:1.5-rancher1
        ingressWebhook: rancher/mirrored-ingress-nginx-kube-webhook-certgen:v1.1.1
        kubedns: rancher/mirrored-k8s-dns-kube-dns:1.21.1
        kubednsAutoscaler: rancher/mirrored-cluster-proportional-autoscaler:1.8.5
        kubednsSidecar: rancher/mirrored-k8s-dns-sidecar:1.21.1
        kubernetes: rancher/hyperkube:v1.24.8-rancher1
        kubernetesServicesSidecar: rancher/rke-tools:v0.1.88
        metricsServer: rancher/mirrored-metrics-server:v0.6.1
        nginxProxy: rancher/rke-tools:v0.1.88
        nodelocal: rancher/mirrored-k8s-dns-node-cache:1.21.1
        podInfraContainer: rancher/mirrored-pause:3.6
        weaveCni: weaveworks/weave-npc:2.8.1
        weaveNode: weaveworks/weave-kube:2.8.1
        windowsPodInfraContainer: rancher/mirrored-pause:3.6
      upgradeStrategy:
        drain: false
        maxUnavailableControlplane: "1"
        maxUnavailableWorker: 10%
        nodeDrainInput:
          gracePeriod: -1
          ignoreDaemonSets: true
          timeout: 120
    scheduledClusterScan: {}
    windowsPreferedCluster: false
  authImage: rancher/kube-api-auth:v0.1.8
  caCert: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM0VENDQWNtZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFTTVJBd0RnWURWUVFERXdkcmRXSmwKTFdOaE1CNFhEVEl5TVRFek1EQTJNemN4TkZvWERUTXlNVEV5TnpBMk16Y3hORm93RWpFUU1BNEdBMVVFQXhNSAphM1ZpWlMxallUQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQUtnR01aN1lJbVkrCndYekJPa2lPOGpJWWhQNzh4aXNFYXZtdFQyWjZLbFpiclBaRTdzbFkyR2ExR1VyNUl0TEpBMUFGTGJZcWJsUU8KRlh6cXpHRnRJNFgyellxazVLMVU4ZWs2NWQ1UzdYZHRaejEwbXYxbFR4YWVEYVFCT1VGWEpheHZjR3ZXeGJycwpxVnJ5MFlNbHNhNUlaaUs2TU1YWXZTMGZPb2lHZjhmdk5zcmRQOEdwcis0alQ3dnBnS0V2bk9JY3hMbDhmTG5MCjZ3MW9LV0FMdkwvT29qWUZYM0tMd0FENjE4aEJ1MktBdWI0Ym1xbWxnSS9sSStzUjVLLzBtSXVRSTRVTVNhcnoKenZEY1BJSVBiVmpVVEVvek5lT080MERWK0VQSGw4bnh5YlgrKzVZMVNRS3lHd3BFRDRqbVdwSUhJOWpuYVBXUQpXeFp6eW5PRDExOENBd0VBQWFOQ01FQXdEZ1lEVlIwUEFRSC9CQVFEQWdLa01BOEdBMVVkRXdFQi93UUZNQU1CCkFmOHdIUVlEVlIwT0JCWUVGTWVsSDljT2NjZkF4clpRT1kyM0dnaGFuU3ZtTUEwR0NTcUdTSWIzRFFFQkN3VUEKQTRJQkFRQlhYR2dBN3lOY3pCUTBMWjNiT0pKMXJFTGNOQkZpNWk3NGl6Tlc1WjBQd2pCdG0xaXUyZ3l3ci91NwoxdkVMVGdqdGgwNXZnbUZiMktERGlrWUU2L3U0dGEvbU53T09NeEpyVmhJSUtvSmRQcjZXcEp5RVdGTjkzQlluCnRZWjNqNGJOL2F0ZGZpdHNTb1piMmxhQzF3U0RUbUN2c0tiOW95ZEhlNWNiVU1pMTJMM3BMNklLR2p2WWhPcnEKcHN1MnJqS2ZVenU3K2tRL1doVU4wbFZDd2lDQWZxMlJVTmJEbGt6TTVFOUI3aFE3UUFKSS9qZHBaNkxYUzVxdApSV29COHhkOVVKTVFGajFYQnhCaXpER1ZOekpBcWZmc3llUUhjWlBFZ09mNkdvV25YaFBET054NUg2UlkzR2JxCkRuOVBMMURUaEI2LysvN0tsVDB3NlJGbVN2QVcKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
  capabilities:
    ingressCapabilities:
    - customDefaultBackend: false
      ingressProvider: nginx
    loadBalancerCapabilities: {}
    nodePortRange: 30000-32767
    taintSupport: true
  capacity:
    cpu: "32"
    memory: 64286088Ki
    pods: "220"
  certificatesExpiration:
    kube-apiserver:
      expirationDate: "2033-04-09T06:37:47Z"
    kube-apiserver-proxy-client:
      expirationDate: "2033-04-09T06:37:49Z"
    kube-ca:
      expirationDate: "2032-11-27T06:37:14Z"
    kube-controller-manager:
      expirationDate: "2033-04-09T06:37:48Z"
    kube-etcd-172-17-0-9:
      expirationDate: "2033-04-09T06:37:49Z"
    kube-etcd-172-17-0-16:
      expirationDate: "2033-04-09T06:37:49Z"
    kube-node:
      expirationDate: "2033-04-09T06:37:48Z"
    kube-proxy:
      expirationDate: "2033-04-09T06:37:48Z"
    kube-scheduler:
      expirationDate: "2033-04-09T06:37:48Z"
  conditions:
  - status: "True"
    type: Pending
  - lastUpdateTime: "2022-11-30T06:46:12Z"
    status: "True"
    type: Provisioned
  - lastUpdateTime: "2022-11-30T06:48:27Z"
    status: "True"
    type: Waiting
  - lastUpdateTime: "2022-11-30T06:36:11Z"
    status: "True"
    type: BackingNamespaceCreated
  - lastUpdateTime: "2022-11-30T06:36:11Z"
    status: "True"
    type: DefaultProjectCreated
  - lastUpdateTime: "2022-11-30T06:36:11Z"
    status: "True"
    type: SystemProjectCreated
  - lastUpdateTime: "2022-11-30T06:36:11Z"
    status: "True"
    type: InitialRolesPopulated
  - lastUpdateTime: "2022-11-30T06:36:11Z"
    status: "True"
    type: CreatorMadeOwner
  - lastUpdateTime: "2022-11-30T06:36:12Z"
    status: "True"
    type: NoDiskPressure
  - lastUpdateTime: "2022-11-30T06:36:12Z"
    status: "True"
    type: NoMemoryPressure
  - lastUpdateTime: "2022-11-30T06:36:12Z"
    status: "True"
    type: SecretsMigrated
  - lastUpdateTime: "2022-11-30T06:36:12Z"
    status: "True"
    type: ServiceAccountSecretsMigrated
  - lastUpdateTime: "2023-01-30T03:20:56Z"
    status: "True"
    type: Connected
  - lastUpdateTime: "2022-11-30T06:46:12Z"
    status: "True"
    type: SystemAccountCreated
  - lastUpdateTime: "2022-11-30T06:46:20Z"
    status: "True"
    type: AgentDeployed
  - lastUpdateTime: "2023-04-11T05:22:12Z"
    status: "True"
    type: Ready
  - lastUpdateTime: "2022-12-01T02:47:14Z"
    status: "True"
    type: Updated
  - lastUpdateTime: "2022-11-30T06:46:31Z"
    status: "True"
    type: ServiceAccountMigrated
  - lastUpdateTime: "2022-11-30T06:46:36Z"
    status: "True"
    type: GlobalAdminsSynced
  driver: rancherKubernetesEngine
  eksStatus:
    managedLaunchTemplateID: ""
    managedLaunchTemplateVersions: null
    privateRequiresTunnel: null
    securityGroups: null
    subnets: null
    upstreamSpec: null
    virtualNetwork: ""
  gkeStatus:
    privateRequiresTunnel: null
    upstreamSpec: null
  limits:
    cpu: "23"
    memory: 43348Mi
    pods: "0"
  linuxWorkerCount: 2
  nodeCount: 2
  nodeVersion: 1
  provider: rke
  requested:
    cpu: 6920m
    memory: 21854Mi
    pods: "38"
  serviceAccountTokenSecret: cluster-serviceaccounttoken-2gg2c
  version:
    buildDate: "2022-11-09T13:31:40Z"
    compiler: gc
    gitCommit: fdc77503e954d1ee641c0e350481f7528e8d068b
    gitTreeState: clean
    gitVersion: v1.24.8
    goVersion: go1.18.8
    major: "1"
    minor: "24"
    platform: linux/amd64

问题描述:
1- 我使用了Docker方式安装了Rancher 2.6.9。使用的命令如下：

docker run -d --privileged --restart=unless-stopped -p 80:80 -p 443:443 -e AUDIT_LEVEL=3 -v /usr/local/ssl/:/etc/rancher/ssl/ rancher/rancher:stable --no-cacerts

2- 域名SSL证书是为域名购买的DV证书。域名：https://rancher.training-china.com/
3- 当前域名的SSL证书将于4月18日到期，我需要更换续费后的新的域名SSL证书。
请问该怎么操作？有没有相关文档？

ksd · 2023 年4 月 13 日 05:45

只需要将原来的证书文件替换为新的证书文件，并放在相同的文件位置，然后重启 rancher 的容器就可以了

jamesli · 2023 年4 月 13 日 05:51

在重启rancher容器前，需要备份ETCD等吗？

ksd · 2023 年4 月 13 日 07:28

都可以，备份好证书就行，如果出问题，再替换回来呗

songxx911 · 2023 年8 月 23 日 09:13

更新了证书之后，fleet-agent没有报错x509。浏览器证书正常，但是cattle-cluster-agent无法正常启动，报x509。查看deploymnet的nnotations域名为旧域名，并没有从全局设置里获取。版本是2.7.5.这种情况下需要导出新的命令注册agent吗

ksd · 2023 年8 月 23 日 09:42

你是更新证书还是域名和证书都替换掉了？

songxx911 · 2023 年8 月 23 日 09:42

都换了

songxx911 · 2023 年8 月 23 日 09:43

目前没有报错，但是下游集群也注册不上

ksd · 2023 年8 月 23 日 09:48

rancher 什么版本？

songxx911 · 2023 年8 月 23 日 09:48

2.7.5

songxx911 · 2023 年8 月 23 日 09:49

单域名证书，要换只能全换

songxx911 · 2023 年8 月 23 日 09:50

有点事，有需要稍后回复

ksd · 2023 年8 月 23 日 09:51

可以参考：https://mp.weixin.qq.com/s/qeE1LxtIgepA9nFgyKoXBA

换域名和修改 IP 应该是一个流程

songxx911 · 2023 年8 月 23 日 09:57

按https://mp.weixin.qq.com/s/qeE1LxtIgepA9nFgyKoXBA这个方法我在集群管理界面的注册那里可以看到注册命令，浏览器url看不到集群ID。不确定是不是版本2.7.5导致的。我多试几次

songxx911 · 2023 年8 月 24 日 02:48

我测试了三次，目前还在继续测试。
按已有的2.6修改rancher server文档进行。
比如获取新的agent命令执行失败，集群ID在v2.7.5版本不显示。使用注册命令中的c_后面的集群ID报错time=“2023-08-24T02:44:13Z” level=error msg=“Failed to connect to proxy. Response status: 400 - 400 Bad Request. Response body: cluster not found” error=“websocket: bad handshake”。
有什么建议吗

ksd · 2023 年8 月 24 日 02:57

你新建一个帖子，然后把你 每一步 的操作都写进去，我看看能否重现。

songxx911 · 2023 年8 月 24 日 02:58

[ERROR] Failed to handle tunnel request from remote address 3.29.26.222:59246: response 400: cluster not found

更新域名证书之后，在v2.7.5版本中找不到集群。这个集群ID应该如何获取

songxx911 · 2023 年8 月 24 日 03:01

稍等

songxx911 · 2023 年8 月 24 日 03:08

Rancherv2.7.5更换域名证书 Rancher 2.x

Rancher Server 设置 Rancher 版本： DOCKER离线部署，v2.7.5 下游集群信息 Kubernetes 版本: -EKS 1.25 用户信息 ADMIN 主机操作系统：问题描述：架构为AWSNLB----->DOCKERRANCHER，），分别cname到AWSNLB 重现步骤： 1，修改DOCKER的挂载证书，更新DOCKER挂载证书 2，修改全局设置的SERVER URL 3，按文档准备重新创建CLUSTER AGENT，但是集群ID找不到 4，尝试按集群管理注册界面的集群ID，URL中的fleet-agent后面显示的集群名字去重新创建AGENT。，连接失败，查看RANCHER容器日志，提示集群找不到结果：预期结果：截图：其他上下文信息：
日志
eVersion=1930516": cluster agent disconnected 2023/08/24 02:55:53 [ERROR] Failed to handle tunnel request from remote addres…