Hi ,
The certificates (ca certificate) which comes along with K8 will going to expire ?
Thanks,
Niranjan
Hi ,
The certificates (ca certificate) which comes along with K8 will going to expire ?
Thanks,
Niranjan
if the certificates have an expiry date, to watch the expiry run this command
kubeadm alpha certs check-expiration
Alternatively to the command above, run this other command
openssl x509 -in /etc/kubernetes/pki/nameofthecertificate.crt -text -noout ## see the session “Validity” of the output
to generate the expired certificate again, give the following example commands:
see if apiserver or etcd have problems
ps -a docker | grep api ## docker ps -a | grep etcd
re-generate the certificate (of course this is an example of certificate expired)
openssl x509 -req -in /etc/kubernetes/pki/apiserver-etcd-client.csr -CA /etc/kubernetes/pki/etcd/ca.crt -CAkey /etc/kubernetes/pki/etcd/ca.key -CAcreateserial -out /etc/kubernetes/pki/apiserver-etcd-client.crt
wait a few minutes and see if the processes are back on
ps -a docker | grep api
docker ps -a | grep etcd