Kubernetes internal certificates expires?

Hi ,

The certificates (ca certificate) which comes along with K8 will going to expire ?


if the certificates have an expiry date, to watch the expiry run this command

kubeadm alpha certs check-expiration

Alternatively to the command above, run this other command

openssl x509 -in /etc/kubernetes/pki/nameofthecertificate.crt -text -noout ## see the session “Validity” of the output

to generate the expired certificate again, give the following example commands:

see if apiserver or etcd have problems

ps -a docker | grep api ## docker ps -a | grep etcd

re-generate the certificate (of course this is an example of certificate expired)

openssl x509 -req -in /etc/kubernetes/pki/apiserver-etcd-client.csr -CA /etc/kubernetes/pki/etcd/ca.crt -CAkey /etc/kubernetes/pki/etcd/ca.key -CAcreateserial -out /etc/kubernetes/pki/apiserver-etcd-client.crt

wait a few minutes and see if the processes are back on

ps -a docker | grep api

docker ps -a | grep etcd