Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Release-1.27] - k3s certificate rotate fails on agents #9901

Closed
brandond opened this issue Apr 9, 2024 · 1 comment
Closed

[Release-1.27] - k3s certificate rotate fails on agents #9901

brandond opened this issue Apr 9, 2024 · 1 comment
Assignees
@brandond @ShylajaDevadiga
Milestone
v1.27.13+k3s1

Comments

@brandond
Copy link
Member

brandond commented Apr 9, 2024

Backport fix for k3s certificate rotate fails on agents
@brandond brandond self-assigned this Apr 9, 2024
@brandond brandond moved this from New to Working in K3s Development Apr 10, 2024
@brandond brandond mentioned this issue Apr 10, 2024
Merged
@brandond brandond moved this from Working to To Test in K3s Development Apr 11, 2024
@brandond brandond added this to the v1.27.13+k3s1 milestone Apr 11, 2024
@ShylajaDevadiga
Copy link
Contributor

Validated using latest commit id 2d48b19 on release-1.27 branch

Environment Details

Infrastructure
Cloud EC2 instance

Node(s) CPU architecture, OS, and Version:

> cat /etc/os-release
NAME="SLES"
VERSION="15-SP5"
VERSION_ID="15.5"
PRETTY_NAME="SUSE Linux Enterprise Server 15 SP5"

Cluster Configuration:
Two node, 1 server 1 agent

Config.yaml:

cat /etc/rancher/k3s/config,yaml
write-kubeconfig-mode: "0644"
tls-san:
  - fake.fqdn.value
cluster-init: true
secrets-encryption: true

Steps to reproduce the issue and validate

  1. Copy config.yaml
  2. Install k3s
  3. Validate k3s certificate rotate on agent node

Validation results:
On server

> sudo /usr/local/bin/k3s certificate rotate
INFO[0000] Server detected, rotating agent and server certificates 
INFO[0000] Rotating dynamic listener certificate        
INFO[0000] Rotating certificates for supervisor         
INFO[0000] Rotating certificates for kube-proxy         
INFO[0000] Rotating certificates for k3s-controller     
INFO[0000] Rotating certificates for api-server         
INFO[0000] Rotating certificates for admin              
INFO[0000] Rotating certificates for auth-proxy         
INFO[0000] Rotating certificates for controller-manager 
INFO[0000] Rotating certificates for cloud-controller   
INFO[0000] Rotating certificates for etcd               
INFO[0000] Rotating certificates for scheduler          
INFO[0000] Rotating certificates for kubelet            
INFO[0000] Successfully backed up certificates to /var/lib/rancher/k3s/server/tls-1712958657, please restart k3s server or agent to rotate certificates 
ec2-user@ip-172-31-6-177:~>

On Agent

> sudo /usr/local/bin/k3s certificate rotate
INFO[0000] Agent detected, rotating agent certificates  
INFO[0000] Rotating certificates for kube-proxy         
INFO[0000] Rotating certificates for kubelet            
INFO[0000] Rotating certificates for k3s-controller     
INFO[0000] Successfully backed up certificates to /var/lib/rancher/k3s/agent/tls-1712958671, please restart k3s server or agent to rotate certificates 
ec2-user@ip-172-31-11-205:~>

@github-project-automation github-project-automation bot moved this from To Test to Done Issue in K3s Development Apr 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@brandond brandond

@ShylajaDevadiga ShylajaDevadiga

Labels
None yet
Projects
K3s Development
Archived in project
Milestone
v1.27.13+k3s1
Development

No branches or pull requests
2 participants
@brandond @ShylajaDevadiga