AlexisDucastel · June 17, 2024 15:14
diff --git a/rancher-fix-waiting-for-probes-controller-manager-cert.sh b/rancher-fix-waiting-for-probes-controller-manager-cert.sh
 export CRI_CONFIG_FILE=/var/lib/rancher/rke2/agent/etc/crictl.yaml
 export CONTAINERD_ADDRESS=unix:///run/k3s/containerd/containerd.sock
 export PATH=$PATH:/var/lib/rancher/rke2/bin

 echo "=== CHECK BEFORE ==="
 (
 curl  --cacert /var/lib/rancher/rke2/server/tls/kube-controller-manager/kube-controller-manager.crt \
  https://127.0.0.1:10257/healthz >/dev/null 2>&1 \
  && echo "[OK] Kube Controller probe" \
  || echo "[FAIL] Kube Controller probe";

 curl --cacert /var/lib/rancher/rke2/server/tls/kube-scheduler/kube-scheduler.crt \
  https://127.0.0.1:10259/healthz >/dev/null 2>&1  \
  && echo "[OK] Scheduler probe" \
  || echo "[FAIL] Scheduler probe";
 )
 echo "=== ROTATIONS ==="
 echo "Rotating kube-controller-manager certificate"
 rm /var/lib/rancher/rke2/server/tls/kube-controller-manager/kube-controller-manager.{crt,key}
 crictl rm -f $(crictl ps -q --name kube-controller-manager)

 echo "Rotating kube-scheduler certificate"
 rm /var/lib/rancher/rke2/server/tls/kube-scheduler/kube-scheduler.{crt,key}
 crictl rm -f $(crictl ps -q --name kube-scheduler)

 echo "Waiting for pods to restart"
 sleep 5

 echo "=== CHECK AFTER ==="

 (
 curl  --cacert /var/lib/rancher/rke2/server/tls/kube-controller-manager/kube-controller-manager.crt \
  https://127.0.0.1:10257/healthz >/dev/null 2>&1 \
  && echo "[OK] Kube Controller probe" \
  || echo "[FAIL] Kube Controller probe";

 curl --cacert /var/lib/rancher/rke2/server/tls/kube-scheduler/kube-scheduler.crt \
  https://127.0.0.1:10259/healthz >/dev/null 2>&1  \
  && echo "[OK] Scheduler probe" \
  || echo "[FAIL] Scheduler probe";
 )
	export CRI_CONFIG_FILE=/var/lib/rancher/rke2/agent/etc/crictl.yaml
	export CONTAINERD_ADDRESS=unix:///run/k3s/containerd/containerd.sock
	export PATH=$PATH:/var/lib/rancher/rke2/bin

	echo "=== CHECK BEFORE ==="
	(
	curl --cacert /var/lib/rancher/rke2/server/tls/kube-controller-manager/kube-controller-manager.crt \
	https://127.0.0.1:10257/healthz >/dev/null 2>&1 \
	&& echo "[OK] Kube Controller probe" \
	\|\| echo "[FAIL] Kube Controller probe";

	curl --cacert /var/lib/rancher/rke2/server/tls/kube-scheduler/kube-scheduler.crt \
	https://127.0.0.1:10259/healthz >/dev/null 2>&1 \
	&& echo "[OK] Scheduler probe" \
	\|\| echo "[FAIL] Scheduler probe";
	)
	echo "=== ROTATIONS ==="
	echo "Rotating kube-controller-manager certificate"
	rm /var/lib/rancher/rke2/server/tls/kube-controller-manager/kube-controller-manager.{crt,key}
	crictl rm -f $(crictl ps -q --name kube-controller-manager)

	echo "Rotating kube-scheduler certificate"
	rm /var/lib/rancher/rke2/server/tls/kube-scheduler/kube-scheduler.{crt,key}
	crictl rm -f $(crictl ps -q --name kube-scheduler)

	echo "Waiting for pods to restart"
	sleep 5

	echo "=== CHECK AFTER ==="

	(
	curl --cacert /var/lib/rancher/rke2/server/tls/kube-controller-manager/kube-controller-manager.crt \
	https://127.0.0.1:10257/healthz >/dev/null 2>&1 \
	&& echo "[OK] Kube Controller probe" \
	\|\| echo "[FAIL] Kube Controller probe";

	curl --cacert /var/lib/rancher/rke2/server/tls/kube-scheduler/kube-scheduler.crt \
	https://127.0.0.1:10259/healthz >/dev/null 2>&1 \
	&& echo "[OK] Scheduler probe" \
	\|\| echo "[FAIL] Scheduler probe";
	)