1、修改系统时间,停止时间滚动更新。
# 关闭ntp同步,防止时间自动更新回来
timedatectl set-ntp false
# 修改节点时间
timedatectl set-time '2020-07-01 00:00:00'
2、重启容器。
#获取容器ID
rancher_server_id=`docker ps -a|grep -v CONTAINER|awk '{print $1}'`
#重启容器
docker restart ${rancher_server_id}
#进入容器内部,查看证书到期时间,并删除证书(已完成容器自签正式强制更新事宜)
[root@ahhx-yf-192-168-220-132 ~]# docker exec -ti ${rancher_server_id} bash
root@75af45caffba:/var/lib/rancher# cd k3s/
data/ server/
root@75af45caffba:/var/lib/rancher# cd k3s/
data/ server/
root@75af45caffba:/var/lib/rancher# cd k3s/server/
root@75af45caffba:/var/lib/rancher/k3s/server# ls
cred manifests node-token static tls
root@75af45caffba:/var/lib/rancher/k3s/server# cd tls/
root@75af45caffba:/var/lib/rancher/k3s/server/tls# ls
client-admin.crt client-ca.crt client-kube-apiserver.crt client-kubelet.key request-header-ca.key serving-kube-apiserver.crt
client-admin.key client-ca.key client-kube-apiserver.key client-scheduler.crt server-ca.crt serving-kube-apiserver.key
client-auth-proxy.crt client-controller.crt client-kube-proxy.crt client-scheduler.key server-ca.key serving-kubelet.key
client-auth-proxy.key client-controller.key client-kube-proxy.key request-header-ca.crt service.key temporary-certs
root@75af45caffba:/var/lib/rancher/k3s/server/tls# pwd
/var/lib/rancher/k3s/server/tls
root@75af45caffba:/var/lib/rancher/k3s/server/tls# for i in `ls /var/lib/rancher/k3s/server/tls/*.crt`; do echo $i; openssl x509 -enddate -noout -in $i; done
/var/lib/rancher/k3s/server/tls/client-admin.crt
notAfter=Mar 31 13:33:19 2022 GMT
/var/lib/rancher/k3s/server/tls/client-auth-proxy.crt
notAfter=Mar 31 13:33:19 2022 GMT
/var/lib/rancher/k3s/server/tls/client-ca.crt
notAfter=Mar 29 13:33:19 2031 GMT
/var/lib/rancher/k3s/server/tls/client-controller.crt
notAfter=Mar 31 13:33:19 2022 GMT
/var/lib/rancher/k3s/server/tls/client-kube-apiserver.crt
notAfter=Mar 31 13:33:19 2022 GMT
/var/lib/rancher/k3s/server/tls/client-kube-proxy.crt
notAfter=Mar 31 13:33:19 2022 GMT
/var/lib/rancher/k3s/server/tls/client-scheduler.crt
notAfter=Mar 31 13:33:19 2022 GMT
/var/lib/rancher/k3s/server/tls/request-header-ca.crt
notAfter=Mar 29 13:33:19 2031 GMT
/var/lib/rancher/k3s/server/tls/server-ca.crt
notAfter=Mar 29 13:33:19 2031 GMT
/var/lib/rancher/k3s/server/tls/serving-kube-apiserver.crt
notAfter=Mar 31 13:33:19 2022 GMT
root@75af45caffba:/var/lib/rancher/k3s/server/tls#
root@75af45caffba:/var/lib/rancher/k3s/server/tls# rm -rf *.crt
root@75af45caffba:/var/lib/rancher/k3s/server/tls# exit
exit
#再次重启容器
docker restart ${rancher_server_id}
#再次进入容器内部,观察证书是否已经更新到期时间及查看平台是否能正常访问。
#注意:如上教程仅仅适用于Rancher版本>=2.3.x
#Rancher版本<=2.2,证书存储位置在:/var/lib/rancher/management-state/tls/ 下,操作方法一致。
