This message was deleted Rancher Users #general

Join Slack

This message was deleted.

# general

adamant-kite-43734

10/08/2024, 4:57 PM

This message was deleted.

powerful-librarian-10572

10/08/2024, 5:05 PM

https://ranchermanager.docs.rancher.com/getting-started/installation-and-upgrade/resources/update-rancher-certificate

powerful-librarian-10572

10/08/2024, 5:05 PM

you should still be able to access the local cluster

best-address-42882

10/08/2024, 5:07 PM

I guess its for Rancher installed using the Helm

best-address-42882

10/08/2024, 5:07 PM

I use docker container

powerful-librarian-10572

10/08/2024, 5:08 PM

It doesnt matter

best-address-42882

10/08/2024, 5:20 PM

ok, I can't reach cluster using kubeconfig. So how I can upgrade certs then?

Unable to connect to the server: x509: certificate has expired or is not yet valid: current time 2024-10-08T13:16:37-04:00 is after 2024-10-04T17:49:46Z

chilly-art-66797

10/09/2024, 5:48 AM

Can you connect with the browser on Rancher?

chilly-art-66797

10/09/2024, 5:51 AM

Yes you can, I saw the screenshot

chilly-art-66797

10/09/2024, 5:57 AM

There are a number of certificates that can expire: • The Rancher SSL certificate you use to connect. The browser can bypass this. • The cluster's certificates may expire. These need rotation and it is cluster specific how this happens. Now if

kubectl --insecure-skip-tls-verify

is not working for you, when you try to connect to a cluster via Rancher (which means the

server:

section in your config file has the rancher address) you might try to launch an nginx proxy with a proper SSL in front of the docker container you already run in a docker-compose. There are instructions in Rancher documentation how to backup and restore the docker container and even how to start it with externally provided certificates. Unfortunately I do not have them handy. I can suggest what the documentation says:

Copy code

The Rancher backup operator can be used to migrate Rancher from the single Docker container install to an installation on a high-availability Kubernetes cluster. For details, refer to the documentation on migrating Rancher to a new cluster.

and migrate to a single node Kubernetes cluster instead. Example of how I do this https://managing.blue/2024/06/11/how-i-setup-rancher-these-days/

💚 1

chilly-art-66797

10/09/2024, 5:59 AM

Also keep in mind that

Copy code

For test and demonstration purposes, Rancher can be installed with Docker on a single node. A local Kubernetes cluster is installed in the single Docker container, and Rancher is installed on the local cluster.

which means that if you

docker exec

in the container you most likely have access to helm and stuff and can do what @powerful-librarian-10572 suggested

chilly-art-66797

10/09/2024, 6:15 AM

I mean here is what happens when you run a docker container

Copy code

% docker run --privileged -d --restart=unless-stopped -p 80:80 -p 443:443 rancher/rancher
:
: container with name clever_carson is created
:
% docker exec -it clever_carson bash
bash-4.4# kubectl get pod -n cattle-system
NAME                               READY   STATUS      RESTARTS   AGE
helm-operation-9w7bb               0/2     Completed   0          2m13s
helm-operation-g2p5d               0/2     Completed   0          93s
helm-operation-jlvgg               0/2     Completed   0          87s
helm-operation-rwrj2               0/2     Completed   0          78s
helm-operation-wr9qd               0/2     Completed   0          47s
rancher-webhook-79f9f75864-vm8rc   1/1     Running     0          75s

2 Views

Open in Slack

Previous Next