Manage Kubernetes certificates
Kubernetes clusters have the following certificates. To ensure correct operation of the clusters, manually renew a certificate if it has expired.
|
Certificate |
Validity period |
|
CA certificate |
10 years |
|
apiserver certificate |
10 years |
|
kubelet-client certificate |
10 years |
|
front-proxy certificate |
10 years |
|
front-proxy client certificate |
10 years |
Access the path for saving Kubernetes certificates
To access the path for saving Kubernetes certificates, execute the /etc/kubernetes/pki command.
View the validity period of a Kubernetes certificate
Execute the openssl x509 -in certificate name -noout –dates command and examine the notAfter information.
Renew a Kubernetes certificate
Execute the kubeadm alpha certs renew certificate name command to reset the validity period of a certificate to 10 years.
