Hello, I'm running a k3s-server with docker using ...
# k3s
c
Hello, I'm running a k3s-server with docker using this docker-compose file:
Copy code
k3s-server:
    command:
    - server
    - --advertise-address=172.20.0.1
    - --advertise-port=6443
    - --tls-san=k3s-server
    - --tls-san=172.20.0.1
    - --agent-token=dGJldHJhbmM=
    - --disable=coredns
    - --disable=traefik
    - --disable=metrics-server
    - --disable=servicelb
    - --node-taint=<http://node-role.kubernetes.io/master:NoSchedule|node-role.kubernetes.io/master:NoSchedule>
    - --node-taint=<http://node-role.kubernetes.io/control-plane:NoSchedule|node-role.kubernetes.io/control-plane:NoSchedule>
    - --kubelet-arg=allowed-unsafe-sysctls=net.*
    - --kube-apiserver-arg=feature-gates=LegacyServiceAccountTokenNoAutoGeneration=false
    - --kube-apiserver-arg=enable-aggregator-routing=false
    - --egress-selector-mode=disabled
    deploy:
      resources:
        limits:
          memory: 2GiB
        reservations: {}
    healthcheck:
      interval: 1s
      retries: 100
      test:
      - CMD
      - kubectl
      - get
      - nodes
      timeout: 1s
    hostname: k3s-server
    image: rancher/k3s:v1.26.8-k3s1
    ports:
    - 172.20.0.1:6443:6443
    - 172.20.0.1:8443:8443
    privileged: true
    restart: unless-stopped
    volumes:
    - /home/foo/server/meminfo:/proc/meminfo:ro
    - k3s-server-conf:/etc/rancher
    - k3s-server-data:/var/lib/rancher
When I delete the container and re-create it, I'm expecting to keep the TLS certificates but they are lost and generated. If I'm right, they are stored in /var/lib/rancher/k3s/server/tls and this path should be in the k3s-server-data volume, no?
1
OK, I had to mount /var/lib/rancher/k3s instead of mounting /var/lib/rancher