crooked-flag-77848
05/26/2025, 1:04 PMk3s-server:
command:
- server
- --advertise-address=172.20.0.1
- --advertise-port=6443
- --tls-san=k3s-server
- --tls-san=172.20.0.1
- --agent-token=dGJldHJhbmM=
- --disable=coredns
- --disable=traefik
- --disable=metrics-server
- --disable=servicelb
- --node-taint=<http://node-role.kubernetes.io/master:NoSchedule|node-role.kubernetes.io/master:NoSchedule>
- --node-taint=<http://node-role.kubernetes.io/control-plane:NoSchedule|node-role.kubernetes.io/control-plane:NoSchedule>
- --kubelet-arg=allowed-unsafe-sysctls=net.*
- --kube-apiserver-arg=feature-gates=LegacyServiceAccountTokenNoAutoGeneration=false
- --kube-apiserver-arg=enable-aggregator-routing=false
- --egress-selector-mode=disabled
deploy:
resources:
limits:
memory: 2GiB
reservations: {}
healthcheck:
interval: 1s
retries: 100
test:
- CMD
- kubectl
- get
- nodes
timeout: 1s
hostname: k3s-server
image: rancher/k3s:v1.26.8-k3s1
ports:
- 172.20.0.1:6443:6443
- 172.20.0.1:8443:8443
privileged: true
restart: unless-stopped
volumes:
- /home/foo/server/meminfo:/proc/meminfo:ro
- k3s-server-conf:/etc/rancher
- k3s-server-data:/var/lib/rancher
When I delete the container and re-create it, I'm expecting to keep the TLS certificates but they are lost and generated.
If I'm right, they are stored in /var/lib/rancher/k3s/server/tls and this path should be in the k3s-server-data volume, no?crooked-flag-77848
05/26/2025, 2:12 PM