SUSE Support

Here When You Need Us

How to specify arguments multiple times with different values in RKE

This document (000021231) is provided subject to the disclaimer at the end of this document.

Environment

Rancher > v2.6.7 and RKE > v1.3.13 

Situation

It may be required to specify extra arguments multiple times with different values for RKE components. This can be accomplished using the field extra_args_array  within the cluster YAML configuration.

Note:
The example below covers adding the service-account-key-file flag[1][2] to the kube-apiserver of a downstream RKE cluster.  The specified file can contain multiple keys, and the flag can be specified multiple times with different files.

 

Resolution

  • Before you begin, ensure you have a recent healthy cluster snapshot[3] and add the certificate files to all the ControlPlane nodes in the cluster. 
cp /etc/kubernetes/ssl/kube-apiserver-key.pem /etc/kubernetes/ssl/kube-apiserver-key2.pem
cp /etc/kubernetes/ssl/kube-apiserver-key.pem /etc/kubernetes/ssl/kube-apiserver-key3.pem
  • From the Rancher UI navigate to the Clusters Management page and locate the cluster you wish to make the change. 
  • Click the three dots to the right of the UI for the cluster entry and then click Edit Config.
  • On the config page click the Edit as YAML option and add the arguments to the kube-apiserver similar below to the configuration.
   kube-api:
      extra_args_array:
        service-account-key-file:
          - /etc/kubernetes/ssl/kube-apiserver-key.pem
          - /etc/kubernetes/ssl/kube-apiserver-key2.pem
          - /etc/kubernetes/ssl/kube-apiserver-key3.pem
  • Save the configuration and allow the cluster to update. If the certificate files are not present on all the ControlPlane nodes the node the update will fail.
Note:
For clusters provisioned with the RKE binary, the extra_args_array  configuration can be added to the cluster.yaml  file for the required components. 
 

Additional Information

References:
  • [1] https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/
  • [2] https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#serviceaccount-token-volume-projection
  • [3] https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/restore-rancher-launched-kubernetes-clusters-from-backup#viewing-available-snapshots

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:000021231
  • Creation Date: 09-Oct-2023
  • Modified Date:25-Oct-2023

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com

tick icon

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

tick icon

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.

tick icon

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.