Today, I found myself needing to change the master/leader node on my k3s cluster. Or rather, I found myself needing to enable full-disk encryption on the hard disk attached to the master node. After trying and failing to add luks encryption to one of the worker nodes (it wouldn’t finish booting up after) I ended up starting from scratch with a fresh OS installation on all the workers. I didn’t want to do this on the master since that would have (maybe?) forced me to start my cluster from scratch.

If you’re running an HA cluster, you can create a new node, add it to the control plane, and then remove the old master node. I’m running a single-master cluster, so that option was out. The way I ended up achieving this result was by following this sequence of steps:

1. Attach a new hard disk to the master node
2. Boot from a live cd and install a fresh copy of the OS to the new hard disk, this time with full-disk encryption
3. Boot into the new OS
4. Mount the old hard disk
5. Copy over the following files and folders from the old disk to the new one:
   1. The k3s binary, usually at /usr/local/bin/k3s
   2. /etc/rancher
   3. /var/lib/rancher
   4. /etc/systemd/system/k3s.service
6. Once all of the above are copied over, enable and start the service with:

   sudo systemctl enable k3s
   sudo systemctl start k3s
   

7. Shutdown and remove the old hard disk
8. Boot up the master node

With this, your cluster should be up and running once more. While I followed these steps for changing the hard disk, if you want to additionally change the node too, just make sure that the new master node has the same hostname and IP address as the old master node.