Once your Rancher deployment is back up and running you need to login to a single controlplane node for each of the downstream clusters and run the cluster-agent-tool.
kubectl -n cattle-system rollout status deploy/rancher
CONTROLPLANE BACKUP UPGRADE
Run the upgrade command then wait for rollout to complete. helm upgrade rancher-stable/rancher -name rancher -namespace cattle-system -set hostname= -set rancherImageTag=v2.3.5 You will need your local Rancher cluster kubeconfig, ensure that it is set to the default config by either placing it in ~/.kube/config or by setting your KUBECONFIG environment variable.Ĭheck current helm chart options: helm get values rancher -n cattle-systemĬraft an upgrade command based on the values provided in the previous step and then modify the hostname to match the new server hostname/url. Log into a box where you have helm and kubectl installed. Please see Įnsure that you have current etcd backups for your local rancher cluster. Once your Rancher container is backup and running you need to login to a single controlplane node for each of the downstream clusters and run the cluster-agent-tool. bash rancher-single-tool.sh -t'upgrade' -d'-d -p 443:443 -p 80:80 -restart=unless-stopped -volume=/etc/rancherssl/certs/cert.pem:/etc/rancher/ssl/cert.pem -volume=/etc/rancherssl/certs/key.pem:/etc/rancher/ssl/key.pem -volume=/etc/rancherssl/certs/ca.pem:/etc/rancher/ssl/cacerts.pem' If the filenames have not changed you don't need to upgrade, you can just restart the container. Below is an example of how you would do that. If you were using certificates signed by a private CA or you want to use your own self signed certifiactes (certificates not created by rancher-single-tool option -s). bash rancher-single-tool.sh -t'upgrade' -d'-d -p 443:443 -p 80:80 -restart=unless-stopped -volume=/etc/rancherssl/certs/cert.pem:/etc/rancher/ssl/cert.pem -volume=/etc/rancherssl/certs/key.pem:/etc/rancher/ssl/key.pem'ĭ. However if the filenames did change, I'm providing the example below of how you would do upgrade the container to see this change. Keep in mind that if you just replaced the cert files on the host path and the filenames didn't change, you can just restart the docker container. If you were using certificates signed by a recognized CA before and just need to replace them, you should modify the docker options to reflect this change. bash rancher-single-tool.sh -t'upgrade' -r'-acme-domain 'Ĭ. You could do this with the following command. To generate a new Let's Encrypt certificate you will need to change the Rancher server options to reflect this. bash rancher-single-tool.sh -t'upgrade' -s''ī. Follow the prompts to finish the upgrade. To generate a new self signed certificate for your new URL use the following upgrade command. This is required in most cases with the exception of already using a wildcard that also encompasses the new server-url.Ī. Now we need to upgrade your Rancher container to reflect new certs. From the settings page, change the server-url to match your new server url. Then click "settings" in the middle of the top bar. Login to the Rancher web interface, navigate to the Global view by clicking the dropdown in the top left corner of the screen and selecting "Global". curl -LO īackup your Rancher installation. As a result this guide will be based on using that tool.ĭownload the rancher-single-tool to the node that is running your rancher server container. It isn't required but it makes the process much easier. cluster-agent-tool for both HA and Single Server Rancher Installtionsĭuring this tutorial it is recommended to use the rancher-single-tool for Rancher single server installations.rancher-single-tool for Single Server Rancher Installations.
0 kommentar(er)
