Channels
academy
amazon
arm
azure
cabpr
chinese
ci-cd
danish
deutsch
developer
elemental
epinio
espanol
events
extensions
fleet
français
gcp
general
harvester
harvester-dev
hobbyfarm
hypper
japanese
k3d
k3os
k3s
k3s-contributor
kim
kubernetes
kubewarden
lima
logging
longhorn-dev
longhorn-storage
masterclass
mesos
mexico
nederlands
neuvector-security
office-hours
one-point-x
onlinemeetup
onlinetraining
opni
os
ozt
phillydotnet
portugues
rancher-desktop
rancher-extensions
rancher-setup
rancher-wrangler
random
rfed_ara
rio
rke
rke2
russian
s3gw
service-mesh
storage
submariner
supermicro-sixsq
swarm
terraform-controller
terraform-provider-rancher2
terraform-provider-rke
theranchcast
training-0110
training-0124
training-0131
training-0207
training-0214
training-1220
ukranian
v16-v21-migration
vsphere
windows
Title
s
steep-teacher-68650
09/07/2022, 11:09 AMHi everyone, are there any docs on how to renew the self-signed harvester certificate for a single node harvester deployment? Unable to launch any VMs as the initial cert has expired.
The node in question is a harvester 1.0.2 upgraded to 1.0.3, TLS secrets are now 110d old:
kubectl get secrets -A | grep tls
cattle-system cattle-webhook-ca <http://kubernetes.io/tls|kubernetes.io/tls> 2 110d
cattle-system cattle-webhook-tls <http://kubernetes.io/tls|kubernetes.io/tls> 2 106s
cattle-system rancher-webhook-tls <http://kubernetes.io/tls|kubernetes.io/tls> 2 110d
cattle-system serving-cert <http://kubernetes.io/tls|kubernetes.io/tls> 2 110d
cattle-system tls-ingress Opaque 2 110d
cattle-system tls-rancher <http://kubernetes.io/tls|kubernetes.io/tls> 2 110d
cattle-system tls-rancher-internal <http://kubernetes.io/tls|kubernetes.io/tls> 2 110d
cattle-system tls-rancher-internal-ca <http://kubernetes.io/tls|kubernetes.io/tls> 2 110d
harvester-system harvester-webhook-ca <http://kubernetes.io/tls|kubernetes.io/tls> 2 110d
harvester-system harvester-webhook-tls <http://kubernetes.io/tls|kubernetes.io/tls> 2 110d
harvester-system kubevirt-ca <http://kubernetes.io/tls|kubernetes.io/tls> 2 110d
harvester-system kubevirt-controller-certs <http://kubernetes.io/tls|kubernetes.io/tls> 2 110d
harvester-system kubevirt-operator-certs <http://kubernetes.io/tls|kubernetes.io/tls> 2 110d
harvester-system kubevirt-virt-api-certs <http://kubernetes.io/tls|kubernetes.io/tls> 2 110d
harvester-system kubevirt-virt-handler-certs <http://kubernetes.io/tls|kubernetes.io/tls> 2 110d
harvester-system kubevirt-virt-handler-server-certs <http://kubernetes.io/tls|kubernetes.io/tls> 2 110d
kube-system rke2-serving <http://kubernetes.io/tls|kubernetes.io/tls> 2 110d
kube-system serving-ca <http://kubernetes.io/tls|kubernetes.io/tls> 2 110dkubectl -n cattle-system exec deploy/rancher -- bash -c "openssl s_client -showcerts -connect virt-api.harvester-system.svc:443 2>/dev/null| openssl x509 -noout -dates && echo current: $(date)"
notBefore=Sep 3 19:28:56 2022 GMT
notAfter=Sep 6 09:52:56 2022 GMT
current: Wed Sep 7 11:15:02 UTC 2022f
full-football-64901
09/08/2022, 3:25 AMIt might be a bug. in 1.0.3
That will be fixed in 1.1.0
1.1.0 is scheduled in the end of Oct.
👍 2
s
steep-teacher-68650
09/08/2022, 4:56 PMI decided to reprovision the node instead and currently importing the VM backups instead. Hopefully this is fixed in the next release 🙂
👍 2