Question about certificate rotation and renewal

Hello There,

I have some questions about cert rotation. Even when searching through the documentation, info about the use and expiration of certificates is still quite vague to me.

  • Certficiate rotation is enabled by default right?
  • What certs are rotated?
  • At what time before expiration are certificates rotated?
  • Any way to test if it’s working?
  • Does anyone have any past experiences?

Ik know about the fact that certs can be manually renewed with kubadm but with larger clusters this could get tedious.

Many thanks.

Cluster information:

Kubernetes version: 1.16.2
Cloud being used: bare-metal
Installation method: kubeadm
Host OS: Centos 7.7
CNI and version: Weave 2.5.2
CRI and version: Docker 19.03.4

You can format your yaml by highlighting it and pressing Ctrl-Shift-C, it will make your output easier to read.

Hey I could answer all but let me direct you to an excellent episode by Duffie @mauilion

TGI Kubernetes 077: All your certificates have expired

Excellent video tutorial for you to get all the answers.
1 Like