gothub
commented
3 years ago Now that the version of kubeadm on both production and development k8s clusters is current (v1.21.1), the API certificates are automatically updated with k8s upgrades, see https://kubernetes.io/docs/tasks/administer-cluster/kubeadm/kubeadm-certs/#automatic-certificate-renewal.
With older versions of kubeadm, this process had to be done manually.
The API certificates have been updated and I believe expire in a year. This is not a problem as new versions of k8s are released every quarter.
The NCEAS k8s installation uses 'kubeadm' to manage installations and updates to the k8s software. k8s uses a self-signed certificate internally to authenticate/authorize operations within the cluster. These certificates are valid for a year, and are renewed via the command
kubeadm certs renweas detailed hereThe current certificates will expire on
Feb 19 18:16:40 2022 GMT.Note that kubeadm has to be upgraded to the current version to support the command mentioned above. Also, certificates are automatically updated when k8s is upgraded with kubeadm.