microk8s certs ( kubelet cert)
I have found about renewing kubelet.crt
check if kubelet.crt is expired
check if kubelet.crt is expired
echo -n | openssl s_client -connect localhost:10250 2>&1 | sed -ne ‘/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p’ | openssl x509 -text -noout | grep -A 2 Validity
Auto-rotate Setting about kubele.crt
Auto-rotate Setting about kubele.crt
vi /var/snap/microk8s/current/args/kubelet
Adding below 3 lines
Adding below 3 lines
–rotate-certificates=true
–rotate-server-certificates=true
–tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
micok8s stop;microk8s start
microk8s kubectl get csr
microk8s kubectl certificate approve
check if kubelet.crt is renewed
check if kubelet.crt is renewed
echo -n | openssl s_client -connect localhost:10250 2>&1 | sed -ne ‘/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p’ | openssl x509 -text -noout | grep -A 2 Validity
cd /var/snap/microk8s/current/certs
ls
kubelet-client-current.pem
kubelet-server-current.pem