Skip to content

Commit

Permalink
Add rke2-agent restart step to Certificate Rotation
Browse files Browse the repository at this point in the history 
If a worker node was created by rke2-agent, we need to restart it as well to
rotate it's own certificates. I confirmed certificates at
/var/lib/rancher/rke2/agent/ were rotated by restart rke2-agent.

Signed-off-by: Masashi Honma <[email protected]>
  • Loading branch information
@masap
masap committed Sep 27, 2023
1 parent 1501650 commit ecfbb4f
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions docs/advanced.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,10 @@ systemctl stop rke2-server
rke2 certificate rotate
systemctl start rke2-server
```
After certificate rotation of server, restart rke2-agent as well to rotate kubelet certificates in worker nodes.
```sh
systemctl restart rke2-agent
```
It is also possible to rotate an individual service by passing the `--service` flag, for example: `rke2 certificate rotate --service api-server`. See the [certificate subcommand](./reference/subcommands.md#certificate) for more details.

## Auto-Deploying Manifests
Expand Down

0 comments on commit ecfbb4f

Please sign in to comment.