You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@@ -80,11 +80,11 @@ If previous RKE2 version need to be uninstalled before defining the CA root, exe
See [RKE2 security certificates](https://docs.rke2.io/security/certificates) documentation for help.
- Create `/var/lib/rancher/rke2/server/tls` folder and copy into:
- custom domain certificate (e.g STAR_cybnity_tech.crt defining the SSL certificate for domain and/or sub-domains) as `root-ca.pem` renamed file
- private key of the custom domain (e.g private.key file of custom domain SSL certificate) as `root-ca.key` renamed file
- private key of the custom domain (e.g private.key file of custom domain SSL certificate) as `root-ca.key` renamed file.
- Generate custom CA certs and keys via command `curl -sL https://github.com/k3s-io/k3s/raw/master/contrib/util/generate-custom-ca-certs.sh | PRODUCT=rke2 bash -` and check text shown regarding the database updates applied with success (e.g new entries made) about CA certificate generation completed.
- As recommended by command result, store in a secure area the root and intermediate certificate files (.pem, .crt, .key) and remove them from __/var/lib/rancher/rke2/server/tls__ folder
- As recommended by command result, store in a secure area the root and intermediate certificate files (.pem, .crt, .key) and remove them from __/var/lib/rancher/rke2/server/tls__ folder.
- Create folder `mkdir -p /opt/rke2/server/tls`
- Copy current service-account signing key considerated like current via `cp /var/lib/rancher/rke2/server/tls/service.key /opt/rke2/server/tls`, to avoid token lost during future custom CA certificate rotation
- Copy current service-account signing key considerated like current via `cp /var/lib/rancher/rke2/server/tls/service.key /opt/rke2/server/tls`, to avoid token lost during future custom CA certificate rotation.
### RKE2 Installation
- As root user, set environment variable to use during RKE2 script installation execution via command:
