Skip to content

Instantly share code, notes, and snippets.

@davidliyutong

davidliyutong/rancher-url-change.md

Forked from janeczku/rancher-url-change.md
Created August 22, 2022 14:36
Show Gist options
  • Save davidliyutong/6250e9eeb57c7bfcc9d909c1650d94ae to your computer and use it in GitHub Desktop.
Save davidliyutong/6250e9eeb57c7bfcc9d909c1650d94ae to your computer and use it in GitHub Desktop.
Download ZIP
Change the hostname/URL and certificate of an existing Rancher installation
Raw
rancher-url-change.md

Steps to change the URL of Rancher installation and switch from a self-signed certificate to a certificate signed by recognized CA.

  1. Change the Rancher server-url setting to the new URL:

    • Navigate to https://<old_rancher_hostname>/g/settings/advanced
    • Edit server-url to https://<new_rancher_hostname>

  2. Clear the private CA certificate for the old certificate

    • Navigate to https://<old_rancher_hostname>/g/settings/advanced
    • Next to cacerts click context menu -> View in API
    • Click Edit
    • Clear the content of the value field
    • Click Show Request then Send Request

  3. Trigger a re-deployment of the cluster-agent and node-agent for each cluster:

    • Configure kubectl to point at the RKE cluster where Rancher server is running
    • Note down the IDs of the managed clusters: $ kubectl get clusters
    • For each cluster (including local) run:
    $ kubectl patch cluster <CLUSTER_ID> -p '{"status":{"agentImage":"dummy"}}' --type merge

  4. Note that this will disconnect all clusters from Rancher until the installation is upgraded with the new hostname / ingress configuration.

  5. Update the certificate for Rancher from private to public signed one:

  6. Upgrade Rancher installation using the helm upgrade command following the steps here: https://rancher.com/docs/rancher/v2.x/en/upgrades/upgrades/ha-server-upgrade-helm/#upgrade-rancher

    • Specify the currently installed Rancher version to prevent software upgrade
    • Pass all the values (--set) that were originally specified during installation
    • Pass the new Rancher hostname in the hostname variable
    • Ensure you specify --set privateCA=false to clear out the old private CA certificate

    Example:

    helm upgrade rancher rancher-stable/rancher --version v2.1.6 \
--set hostname=rancher-new.example.com \
--set ingress.tls.source=secret \
--set privateCA=false \
--set ...other...options
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment