so two questions, 1) do i have to do this for both? 2) what's the "upgrade" process?

and it's my understanding the restart also happens if you reboot the node correct? if yes, should i just reboot each node once a month or something?

Automatic renewal happens whenever the service starts, so it’s up to you if you want to reboot the node, or just restart the service.

thanks!

i'll see if i can do some of this to revive the nodes that are having issues, see if that fixes it. can you do this after the cert is already expired? or is it too late then?

sorry, running harvester and k3s and rancher and rke2. it's like inception for services. 😄

(fyi my k3s setup is on proxmox, not harvester)

got it. thanks!

so basically reboot all my master nodes, then agent nodes.

i setup a customer rke2 cluster with Rancher. it's v1.30.4. on my prior cluster i used v1.26.8 using the default ingress, before i could go to the masternodes ip and get an ssl cert (https://{ip}) but now, i'm not getting a page, i just get a time out. nodes for both clusters have the same taints, the helmchartconfig is the same for ingress. not understanding how before i could go to the ip, and now i cant. this is mainly an issue because on the cluster i used to run, i had kube-vip which had a floating / vip between the master nodes. i could then use that as my endpoint for ingress, kubeconfig etc and if a node was down, i was still able to access resources on the cluster.