./extract-cluster-data-from-secret.sh <secret-name>
- Decode the data.cluster field from the specified secret that stores the cluster's rke state. Write it to a filecluster-state-<secret-name>.json
. Script:vim cluster-state-<secret-name>.json
- Edit cluster-state-.json. Change the value of monitor-delay and monitor-timeout from numbers to strings. We will only do this in the metadata.fullState field./update-secret.sh <secret-name>
- Update the secret based on the contents ofcluster-state-<secret-name>.json
- Retrigger a cluster update so that rancher attempts to reprovision. I am not 100% if this will work if we will need to perform an explicit cert rotation
Note: this actually didnt work because the updated secret value was too long. Kept getting this error:
./update-secret.sh: line 18: /usr/bin/kubectl: Argument list too long
Could proably fix by switching from patching to doing a full update, but at this point we determined we could easily update the secret via the Rancher UI for the local cluster.