Question about certificate rotation and renewal

tholsbee · December 12, 2019, 9:15am

Hello There,

I have some questions about cert rotation. Even when searching through the documentation, info about the use and expiration of certificates is still quite vague to me.

Certficiate rotation is enabled by default right?
What certs are rotated?
At what time before expiration are certificates rotated?
Any way to test if it’s working?
Does anyone have any past experiences?

Ik know about the fact that certs can be manually renewed with kubadm but with larger clusters this could get tedious.

Many thanks.

Cluster information:

Kubernetes version: 1.16.2
Cloud being used: bare-metal
Installation method: kubeadm
Host OS: Centos 7.7
CNI and version: Weave 2.5.2
CRI and version: Docker 19.03.4

You can format your yaml by highlighting it and pressing Ctrl-Shift-C, it will make your output easier to read.

larrydevops · December 15, 2019, 6:10pm

Hey I could answer all but let me direct you to an excellent episode by Duffie @mauilion

TGI Kubernetes 077: All your certificates have expired

Excellent video tutorial for you to get all the answers.

Topic		Replies	Views
Unable to connect to the server: x509: certificate has expired or is not yet valid General Discussions	4	39397	June 28, 2021
Renewing Kubernetes cluster certificates General Discussions	0	1991	August 8, 2019
K8s cluster certificate renew for 30 years General Discussions	1	362	September 13, 2023
Kubernetes Certificate renewal V1.12 General Discussions	0	685	February 28, 2020
Renew Certificate in MicroK8S Cluster microk8s microk8s	3	14982	August 2, 2022

Question about certificate rotation and renewal

Cluster information:

TGI Kubernetes 077: All your certificates have expired

Related topics