I have some questions about cert rotation. Even when searching through the documentation, info about the use and expiration of certificates is still quite vague to me.
- Certficiate rotation is enabled by default right?
- What certs are rotated?
- At what time before expiration are certificates rotated?
- Any way to test if it’s working?
- Does anyone have any past experiences?
Ik know about the fact that certs can be manually renewed with kubadm but with larger clusters this could get tedious.
Kubernetes version: 1.16.2
Cloud being used: bare-metal
Installation method: kubeadm
Host OS: Centos 7.7
CNI and version: Weave 2.5.2
CRI and version: Docker 19.03.4
You can format your yaml by highlighting it and pressing Ctrl-Shift-C, it will make your output easier to read.