Comments (1)
Reproduced using v1.30.0+k3s1
Validated using COMMIT=1661f1024a68245bf768925a326ca558f2ea527e
$ sudo mkdir -p /var/lib/rancher/k3s/server/tls;
$ sudo mkdir -p /var/lib/rancher/k3s/server/tls/etcd;
$ sudo openssl genrsa -out /var/lib/rancher/k3s/server/tls/root-ca.key 4096;
$ sudo openssl req -x509 -new -nodes -sha256 -days 360 -subj "/CN=k3s-root-ca@test" -key /var/lib/rancher/k3s/server/tls/root-ca.key -out /var/lib/rancher/k3s/server/tls/root-ca.pem;
$ curl -sL https://github.com/k3s-io/k3s/raw/master/contrib/util/generate-custom-ca-certs.sh | sudo bash -;
$ sudo INSTALL_K3S_VERSION=v1.30.0+k3s1 INSTALL_K3S_EXEC=server ./install-k3s.sh
//attention to 90 days expiry despite the certificate being created for 365 days
$ kg events --field-selector involvedObject.kind==Node
LAST SEEN TYPE REASON OBJECT MESSAGE
2m29s Normal NodePasswordValidationComplete node/ip-ip Deferred node password secret validation complete
2m29s Warning CACertificateExpirationWarning node/ip-ip Certificate authority certificates require attention - check k3s documentation and begin planning rotation: certificate-authority/server-ca.crt: certificate CN=k3s-root-ca@test will expire within 90 days at 2025-05-30T18:33:31Z, certificate-authority/client-ca.crt: certificate CN=k3s-root-ca@test will expire within 90 days at 2025-05-30T18:33:31Z, certificate-authority/request-header-ca.crt: certificate CN=k3s-root-ca@test will expire within 90 days at 2025-05-30T18:33:31Z, certificate-authority/peer-ca.crt: certificate CN=k3s-root-ca@test will expire within 90 days at 2025-05-30T18:33:31Z, certificate-authority/server-ca.crt: certificate CN=k3s-root-ca@test will expire within 90 days at 2025-05-30T18:33:31Z
2m29s Normal Starting node/ip-ip Starting kubelet.
2m29s Normal NodeHasSufficientMemory node/ip-ip Node ip-ip status is now: NodeHasSufficientMemory
2m29s Normal NodeHasNoDiskPressure node/ip-ip Node ip-ip status is now: NodeHasNoDiskPressure
2m29s Normal NodeHasSufficientPID node/ip-ip Node ip-ip status is now: NodeHasSufficientPID
2m28s Normal Starting node/ip-ip
2m29s Normal NodeAllocatableEnforced node/ip-ip Updated Node Allocatable limit across pods
2m28s Normal NodeReady node/ip-ip Node ip-ip status is now: NodeReady
2m25s Normal Synced node/ip-ip Node synced successfully
2m18s Normal RegisteredNode node/ip-ip Node ip-ip event: Registered Node ip-ip in Controller
$ sudo mkdir -p /var/lib/rancher/k3s/server/tls;
$ sudo mkdir -p /var/lib/rancher/k3s/server/tls/etcd;
$ sudo openssl genrsa -out /var/lib/rancher/k3s/server/tls/root-ca.key 4096;
$ sudo openssl req -x509 -new -nodes -sha256 -days 360 -subj "/CN=k3s-root-ca@test" -key /var/lib/rancher/k3s/server/tls/root-ca.key -out /var/lib/rancher/k3s/server/tls/root-ca.pem;
$ curl -sL https://github.com/k3s-io/k3s/raw/master/contrib/util/generate-custom-ca-certs.sh | sudo bash -;
$ COMMIT=1661f1024a68245bf768925a326ca558f2ea527e
$ sudo INSTALL_K3S_COMMIT=$COMMIT INSTALL_K3S_EXEC=server ./install-k3s.sh
//attention to 365 days
$ kg events --field-selector involvedObject.kind==Node
LAST SEEN TYPE REASON OBJECT MESSAGE
11s Normal NodePasswordValidationComplete node/ip-ip Deferred node password secret validation complete
11s Warning CACertificateExpirationWarning node/ip-ip Certificate authority certificates require attention - check k3s documentation and begin planning rotation: certificate-authority/server-ca.crt: certificate CN=k3s-root-ca@test will expire within 365 days at 2025-05-30T18:40:12Z, certificate-authority/client-ca.crt: certificate CN=k3s-root-ca@test will expire within 365 days at 2025-05-30T18:40:12Z, certificate-authority/request-header-ca.crt: certificate CN=k3s-root-ca@test will expire within 365 days at 2025-05-30T18:40:12Z, certificate-authority/peer-ca.crt: certificate CN=k3s-root-ca@test will expire within 365 days at 2025-05-30T18:40:12Z, certificate-authority/server-ca.crt: certificate CN=k3s-root-ca@test will expire within 365 days at 2025-05-30T18:40:12Z
11s Normal Starting node/ip-ip Starting kubelet.
11s Warning InvalidDiskCapacity node/ip-ip invalid capacity 0 on image filesystem
11s Normal NodeHasSufficientMemory node/ip-ip Node ip-ip status is now: NodeHasSufficientMemory
11s Normal NodeHasNoDiskPressure node/ip-ip Node ip-ip status is now: NodeHasNoDiskPressure
11s Normal NodeHasSufficientPID node/ip-ip Node ip-ip status is now: NodeHasSufficientPID
11s Normal NodeAllocatableEnforced node/ip-ip Updated Node Allocatable limit across pods
10s Normal NodeReady node/ip-ip Node ip-ip status is now: NodeReady
10s Normal Starting node/ip-ip
8s Normal Synced node/ip-ip Node synced successfully
from k3s.
Related Issues (20)
- Missing log information in Windows HOT 1
- [Release-1.29] - Agent certificate generation retry causes agents to bypass local loadbalancer HOT 1
- [Release-1.28] - Agent certificate generation retry causes agents to bypass local loadbalancer HOT 1
- [Release-1.27] - Agent certificate generation retry causes agents to bypass local loadbalancer HOT 1
- Etcd s3 config secret support
- Snapshot retention does not work with etcd-s3-folder HOT 8
- K3S server doesn't start on RHEL9 HOT 1
- Flannel-external-ip is ignored in cloud environments? HOT 11
- RBAC Authentication for embedded etcd HOT 1
- Remove `DisableCCM` from `CriticalControlArgs` HOT 1
- High CPU and disk read/write, very large (2GB) state.db on k3s 1.22.9 HOT 1
- [Release-1.29] - Snapshot retention does not work with etcd-s3-folder
- [Release-1.28] - Snapshot retention does not work with etcd-s3-folder HOT 1
- [Release-1.27] - Snapshot retention does not work with etcd-s3-folder HOT 1
- Loadbalancer may panic due to race condition when selecting a new server HOT 1
- [Release-1.29] - Loadbalancer may panic due to race condition when selecting a new server HOT 1
- [Release-1.28] - Loadbalancer may panic due to race condition when selecting a new server HOT 1
- [Release-1.27] - Loadbalancer may panic due to race condition when selecting a new server HOT 1
- containerd-shim creates many inotify instances on AlmaLinux VM HOT 1
- [Release-1.30] - Executables from k3s get flagged as malware by Azure Defender for Linux HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from k3s.