https://rancher.com/ logo
#harvester
Title
# harvester
s

steep-teacher-68650

09/07/2022, 11:09 AM
Hi everyone, are there any docs on how to renew the self-signed harvester certificate for a single node harvester deployment? Unable to launch any VMs as the initial cert has expired.
The node in question is a harvester 1.0.2 upgraded to 1.0.3, TLS secrets are now 110d old:
Copy code
kubectl get secrets -A | grep tls
cattle-system                            cattle-webhook-ca                                                     <http://kubernetes.io/tls|kubernetes.io/tls>                     2      110d
cattle-system                            cattle-webhook-tls                                                    <http://kubernetes.io/tls|kubernetes.io/tls>                     2      106s
cattle-system                            rancher-webhook-tls                                                   <http://kubernetes.io/tls|kubernetes.io/tls>                     2      110d
cattle-system                            serving-cert                                                          <http://kubernetes.io/tls|kubernetes.io/tls>                     2      110d
cattle-system                            tls-ingress                                                           Opaque                                2      110d
cattle-system                            tls-rancher                                                           <http://kubernetes.io/tls|kubernetes.io/tls>                     2      110d
cattle-system                            tls-rancher-internal                                                  <http://kubernetes.io/tls|kubernetes.io/tls>                     2      110d
cattle-system                            tls-rancher-internal-ca                                               <http://kubernetes.io/tls|kubernetes.io/tls>                     2      110d
harvester-system                         harvester-webhook-ca                                                  <http://kubernetes.io/tls|kubernetes.io/tls>                     2      110d
harvester-system                         harvester-webhook-tls                                                 <http://kubernetes.io/tls|kubernetes.io/tls>                     2      110d
harvester-system                         kubevirt-ca                                                           <http://kubernetes.io/tls|kubernetes.io/tls>                     2      110d
harvester-system                         kubevirt-controller-certs                                             <http://kubernetes.io/tls|kubernetes.io/tls>                     2      110d
harvester-system                         kubevirt-operator-certs                                               <http://kubernetes.io/tls|kubernetes.io/tls>                     2      110d
harvester-system                         kubevirt-virt-api-certs                                               <http://kubernetes.io/tls|kubernetes.io/tls>                     2      110d
harvester-system                         kubevirt-virt-handler-certs                                           <http://kubernetes.io/tls|kubernetes.io/tls>                     2      110d
harvester-system                         kubevirt-virt-handler-server-certs                                    <http://kubernetes.io/tls|kubernetes.io/tls>                     2      110d
kube-system                              rke2-serving                                                          <http://kubernetes.io/tls|kubernetes.io/tls>                     2      110d
kube-system                              serving-ca                                                            <http://kubernetes.io/tls|kubernetes.io/tls>                     2      110d
Copy code
kubectl -n cattle-system exec deploy/rancher -- bash -c "openssl s_client -showcerts -connect  virt-api.harvester-system.svc:443 2>/dev/null| openssl x509 -noout -dates && echo current: $(date)"
notBefore=Sep  3 19:28:56 2022 GMT
notAfter=Sep  6 09:52:56 2022 GMT
current: Wed Sep 7 11:15:02 UTC 2022
f

full-football-64901

09/08/2022, 3:25 AM
It might be a bug. in 1.0.3 That will be fixed in 1.1.0 1.1.0 is scheduled in the end of Oct.
👍 2
s

steep-teacher-68650

09/08/2022, 4:56 PM
I decided to reprovision the node instead and currently importing the VM backups instead. Hopefully this is fixed in the next release 🙂
👍 2
13 Views