Manage certificates
A Kubernetes cluster provides multiple built-in certificates. When a corticated expires, you must renew it for the cluster to operate correctly.
Certificate | Validity |
CA | 10 years |
apiserver | 10 years |
kubelet-client | 10 years |
front-proxy | 10 years |
front-proxy | 10 years |
View the path where a certificate is saved
Execute the /etc/kubernetes/pki command.
View the validity of a certificate
Execute the openssl x509 -in certificate -noout –dates command to check the notBefore and notAfter fields for the validity period. For example, the validity period of the ca.crt certificate is 10 years.
Renew a certificate
Execute the kubeadm alpha certs renew command.
