rancher控制台突然无法访问
1、查看rancher容器id,命令:docker ps |grep rancher/rancher
2、检查rancher运行日志,命令:docker logs [CONTAINER ID]
3、日志窗口显示(注意红色文字,关键内容):
time="2023-08-23T12:07:26.499063283Z" level=info msg="Waiting for master node startup: resource name may not be empty"
2023-08-23 12:07:26.707693 I | http: TLS handshake error from 127.0.0.1:46968: remote error: tls: bad certificate
2023-08-23 12:07:26.708888 I | http: TLS handshake error from 127.0.0.1:46970: remote error: tls: bad certificate
time="2023-08-23T12:07:26.708909410Z" level=error msg="server https://127.0.0.1:6443/cacerts is not trusted: Get https://127.0.0.1:6443/cacerts: x509: certificate has expired or is not yet valid"
4、进入rancher容器内部:
命令:docker exec -it rancher容器id /bin/bash
5、按顺序执行删除命令:
(1)、kubectl --insecure-skip-tls-verify -n kube-system delete secrets k3s-serving secret "k3s-serving" deleted
(2)、kubectl --insecure-skip-tls-verify delete secret serving-cert -n cattle-system secret "serving-cert" deleted
(3)、rm -f /var/lib/rancher/k3s/server/tls/dynamic-cert.json
6、加载重启rancher证书:
(1)、docker restart rancher容器ID
(2)、curl --insecure -sfL rancher访问路径/v3:例如:https://192.168.1.1:9443/v3
(3)、docker restart rancher容器ID
搞定
参考链接:Rancher证书更新