Add rke2-agent restart step to Certificate Rotation
#107
Conversation
docs/advanced.md
Outdated
| @@ -18,6 +18,10 @@ systemctl stop rke2-server | |||
| rke2 certificate rotate | |||
| systemctl start rke2-server | |||
| ``` | |||
| After certificate rotation of server, restart rke2-agent as well to rotate kubelet certificates in worker nodes. | |||
There was a problem hiding this comment.
I'm not sure this actually belongs here. Agent certificates are renewed every time the agent starts, so this command can actually be done at any time, independent from server certificate rotation.
We should also make it clear that this service should be restarted on agent nodes only, to avoid having users try to restart the agent service on servers.
There was a problem hiding this comment.
@brandond Thank you for comment.
I'm not sure this actually belongs here. Agent certificates are renewed every time the agent starts, so this command can actually be done at any time, independent from server certificate rotation.
Right, only restarting rke2-agent is needed. I fixed document.
We should also make it clear that this service should be restarted on agent nodes only, to avoid having users try to restart the agent service on servers.
I also added the statement to run on agent node and confirmed restarting rke2-agent renewed certificates at /var/lib/rancher/rke2/agent/.
We need to restart rke2-agent to rotate certificates of agent nodes. Signed-off-by: Masashi Honma <[email protected]>
masap
force-pushed
the
fix-cert-rotation
branch
from
ecfbb4f to
32624d2
Compare
We need to restart
rke2-agentto rotate certificates of agent nodes.